Buy'r Privacy Policy

Effective Date: 10/13/2025

Last Updated: 10/13/2025

Introduction

Buy'r ("we," "us," or "our") is committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices for the Buy'r mobile application ("App").

Our Privacy Philosophy:

• We collect only what's necessary for App functionality

• We do NOT sell your data to third parties

• We do NOT use invasive tracking or behavioral advertising

• We maintain editorial independence and don't compromise user privacy for profit

• You have control over your data

By using Buy'r, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Email address (for account creation and authentication)

• Password (encrypted and securely stored)

• Username (required)

• Date of birth (for age verification - we only verify you are 13+ and do not store your exact age)

User-Generated Content:

• Product reviews and ratings

• Shopping lists and list items

• Pantry inventory

• Product scan history

• Quiz responses and scores

• Beta survey feedback (if you choose to participate)

Support Communications:

• Messages sent to customer support

• Bug reports and feedback submissions

• Appeal requests for content moderation decisions

1.2 Information Collected Automatically

Usage Data:

• Products scanned (barcode numbers)

• Features used within the App

• Time and date of App usage

• Session duration

• Navigation patterns within the App

• Search queries (products, brands, companies)

Device Information:

• Device type and model

• Operating system and version (iOS/Android)

• App version

• Device identifiers (for crash reporting and analytics only)

• Screen resolution and display settings

Location Information:

• We do NOT collect precise geolocation data

• General location (country/region) may be inferred from your IP address for analytics purposes only

Camera Data:

• The App uses your device camera exclusively for barcode scanning

• Camera images are processed locally on your device

• We do NOT store, transmit, or analyze camera images

• Barcode numbers are transmitted to our servers for product lookup only

Profile Image

• The App uses a reference to your local device image and does not store any images on our servers

• Buy’r is not responsible for moderating anything used in the users Profile Image as it’s not hosted on our servers

1.3 Information from Third-Party Sources

Product Data:

• We retrieve product information from OpenFoodFacts (open database) and Go-UPC API

• Product images, ingredients, nutritional data, and brand information come from these third-party databases

• We do not control the accuracy or completeness of third-party product data

Authentication:

• If you choose to sign in with Apple or Google (future feature), we receive basic profile information (name, email) as permitted by those services

2. How We Use Your Information

We use your information for the following purposes:

2.1 Core App Functionality

• Authenticate your account and manage login sessions

• Display your scan history, pantry items, and shopping lists

• Provide product information, ownership data, and brand spotlights

• Enable product reviews and ratings features

• Deliver quiz content and track your scores

• Sync your data across devices (when logged in)

2.2 Service Improvement

• Analyze usage patterns to improve App features and performance

• Identify and fix bugs and technical issues

• Conduct beta testing and surveys to gather user feedback

• Develop new features based on user needs

2.3 Content Moderation

• Monitor user-generated content for Terms of Service violations

• Use AI moderation systems to detect prohibited content

• Respond to user reports of inappropriate content

• Prevent spam, abuse, and fraudulent activity

2.4 Communications

• Send important updates about the App, Terms of Service, or Privacy Policy changes

• Respond to your support requests and inquiries

• Notify you about content moderation actions on your account

• Send optional newsletters or feature announcements (you can opt out)

2.5 Legal and Safety

• Comply with legal obligations and law enforcement requests

• Enforce our Terms of Service and Community Guidelines

• Protect against fraud, security threats, and illegal activity

• Defend our legal rights and interests

2.6 Subscription Management

• Process payments through Apple App Store or Google Play Store

• Manage subscription tiers and access to premium features

• Handle billing inquiries

What We Do NOT Do:

• We do NOT sell your personal information to advertisers or data brokers

• We do NOT use your data for targeted advertising (we have no ads)

• We do NOT share your data with third parties for their marketing purposes

• We do NOT track you across other websites or apps

3. How We Share Your Information

We share your information only in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the App:

Firebase (Google):

• Purpose: User authentication, database hosting, cloud storage

• Data Shared: Email, user ID, account metadata, user-generated content

• Location: United States (Google Cloud servers)

• Privacy Policy: https://firebase.google.com/support/privacy

Supabase:

• Purpose: Product database, ratings/reviews storage, brand ownership data

• Data Shared: User ID, product ratings/reviews, scan history

• Location: United States (AWS servers)

• Privacy Policy: https://supabase.com/privacy

OpenFoodFacts:

• Purpose: Product information retrieval (open database)

• Data Shared: Barcode numbers only (no personal information)

• Location: France (open-source project)

• Privacy Policy: https://world.openfoodfacts.org/privacy

Go-UPC API:

• Purpose: Product information retrieval for non-food items

• Data Shared: Barcode numbers only (no personal information)

• Location: United States

• Privacy Policy: https://go-upc.com/privacy

Apple App Store / Google Play Store:

• Purpose: Payment processing and subscription management

• Data Shared: Purchase information, subscription status

• Privacy Policies: Apple | Google

Expo / React Native:

• Purpose: App development framework and over-the-air updates

• Data Shared: Crash reports, basic device information

• Location: United States

• Privacy Policy: https://expo.dev/privacy

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Public Information

Some information you provide is public by design:

• Product reviews and ratings: Visible to all App users (associated with your user ID, not your email)

• Shopping list names: Visible only if you choose to share lists with others (future feature)

• Reputation badges: Earned badges (e.g., "Super Reviewer") are visible on your reviews

You can control what you make public by choosing what content to submit.

3.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests

• Protect and defend our rights or property

• Prevent fraud or security threats

• Protect the safety of users or the public

• Respond to emergencies (e.g., child safety issues)

3.4 Business Transfers

If Buy'r is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App before your information is transferred and becomes subject to a different privacy policy. 

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your personal information for as long as necessary to provide the App services and fulfill the purposes described in this Privacy Policy.

Account Data:

• Retained for the duration of your account unless you request deletion

• After account deletion, most personal data is removed within 30 days

• Some data may be retained longer for legal compliance or dispute resolution

User-Generated Content:

• Reviews and ratings: Retained indefinitely (may be anonymized after account deletion)

• Shopping lists and pantry: Deleted when you delete items or close your account

• Scan history: Retained for 90 days by default; you can manually clear anytime

Usage Data:

• Analytics data: Aggregated and anonymized after 24 months

• Crash reports: Retained for 12 months for debugging purposes

Legal Holds:

• If your account is subject to a legal investigation or dispute, data may be retained until the matter is resolved

5. Your Privacy Rights

You have the following rights regarding your personal information:

5.1 Access and Portability

• Right to Access: You can request a copy of the personal information we hold about you

• Right to Portability: You can request your data in a machine-readable format (JSON/CSV)

• How to Exercise: Email privacy@buyrapp.com with subject "Data Access Request"

• Response Time: Within 30 days

5.2 Correction

• Right to Correct: You can update inaccurate or incomplete information

• How to Exercise: Update directly in the App (Profile settings) or email privacy@buyrapp.com

• Response Time: Immediately in-app; within 15 days via email

5.3 Deletion

• Right to Delete: You can request deletion of your personal information

• How to Exercise: Email privacy@buyrapp.com

• Response Time: Within 30 days

• Exceptions: We may retain certain data for legal compliance, fraud prevention, or dispute resolution

5.4 Objection and Restriction

• Right to Object: You can object to certain data processing activities

• Right to Restrict: You can request we limit how we use your data

• How to Exercise: Email privacy@buyrapp.com

• Response Time: Within 30 days

5.5 Withdraw Consent

• You can withdraw consent for data processing at any time (where consent is the legal basis)

• Note: Withdrawing consent may limit your ability to use certain App features

5.6 Opt-Out of Communications

• You can opt out of marketing emails by clicking "Unsubscribe" in any email

• You cannot opt out of essential service communications (e.g., security alerts, ToS updates)

5.7 Do Not Sell My Personal Information (CCPA/CPRA)

• Buy'r does NOT sell personal information

• We have not sold personal information in the past 12 months

• We will not sell personal information in the future without providing opt-out mechanisms

5.8 Rights for California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold

• Right to delete personal information

• Right to opt out of the sale of personal information (we don't sell data)

• Right to non-discrimination for exercising privacy rights

To exercise CCPA rights, email privacy@buyrapp.com or call [toll-free number if required].

5.9 Rights for EU/UK Residents (GDPR/UK GDPR)

EU and UK residents have additional rights under data protection law:

• Right to lodge a complaint with a supervisory authority

• Right to object to processing based on legitimate interests

• Right to restriction of processing

• Right to data portability

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner's Office: https://ico.org.uk/

To exercise GDPR rights, email privacy@buyrapp.com.

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit (TLS/SSL) for all data transmission

• Encryption at rest for sensitive data in databases

• Secure authentication via Firebase Authentication

• Regular security audits and vulnerability assessments

• Automated backups with encryption

Organizational Safeguards:

• Access controls limiting employee access to personal data

• Training for staff on data protection and privacy

• Incident response procedures for data breaches

• Secure development practices and code reviews

Third-Party Security:

• We use reputable service providers (Firebase, Supabase) with strong security practices

• Service providers undergo regular security assessments

Your Responsibility:

• Use a strong, unique password

• Keep your login credentials confidential

• Log out on shared devices

• Report suspicious activity to support@buyrapp.com

No Guarantee: While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Children's Privacy

Buy'r is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

Age Verification:

• We require users to confirm they are at least 13 years old during account creation

• We do not verify exact age beyond confirming 13+ status

COPPA Compliance:

• Buy'r complies with the Children's Online Privacy Protection Act (COPPA)

• If we learn we have collected information from a child under 13, we will delete it immediately

Parental Rights:

• If you believe your child under 13 has created an account, contact us immediately at privacy@buyrapp.com

• Parents can request deletion of their child's account and data

8. International Data Transfers

Buy'r is based in [Your Country] and our servers are located primarily in the United States.

Data Transfers:

• If you access the App from outside the United States, your data may be transferred to and stored in the U.S.

• U.S. data protection laws may differ from laws in your country

• By using Buy'r, you consent to the transfer of your information to the U.S.

Safeguards for EU/UK Users:

• We implement appropriate safeguards for international transfers (e.g., Standard Contractual Clauses)

• Our service providers comply with applicable data protection frameworks

9. Cookies and Tracking Technologies

We Do NOT Use Cookies for Advertising or Tracking:

• Buy'r does not use cookies for targeted advertising

• We do not use third-party tracking pixels or advertising networks

• We do not engage in cross-site tracking or behavioral profiling

Limited Technical Cookies:

• Session Cookies: Used to keep you logged in (essential for functionality)

• Preference Cookies: Remember your App settings (e.g., theme, language)

• Analytics Cookies: Firebase Analytics for basic usage statistics (anonymized)

Mobile App Identifiers:

• We use device identifiers for crash reporting and analytics only

• These identifiers are NOT used for advertising or sold to third parties

Your Control:

• You can manage cookie preferences in your device settings

• Disabling certain cookies may impact App functionality

10. Third-Party Links and Services

The App may contain links to third-party websites, services, or content:

External Links:

• Buy'r brand spotlights may link to company websites, news articles, or social media

• We are not responsible for the privacy practices of these third-party sites

• We encourage you to review their privacy policies before providing information

Third-Party Product Data:

• Product information comes from OpenFoodFacts and Go-UPC

• These services have their own privacy policies and terms of use

• We are not responsible for the accuracy or security of third-party data

Social Sharing (Future Feature):

• If we add social sharing features, we will update this policy and obtain your consent

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App features.

Notification of Changes:

• We will notify you of material changes via email (to your registered email address)

• We will also post a notice in the App and update the "Last Updated" date above

• Continued use of the App after changes constitute acceptance of the updated policy

Your Rights:

• If you disagree with changes, you may delete your account before the changes take effect

• We will provide at least 30 days' notice for material changes

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Inquiries:
Email: privacy@buyrapp.com
Subject Line: "Privacy Inquiry"

Data Rights Requests:
Email: privacy@buyrapp.com
Subject Line: "Data Rights Request - [Access/Delete/Correct]"

Mailing Address:
[Legal Entity Name]
[Street Address]
[City, State, ZIP]
[Country]

Response Time:

• General inquiries: Within 5 business days

• Data rights requests: Within 30 days (may extend to 60 days for complex requests)

13. Specific Disclosures for California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we provide the following disclosures:

13.1 Categories of Personal Information Collected (Last 12 Months)

Identifiers:

• Examples: Email, user ID, device ID

• Collected: Yes

• Business Purpose: Account management, authentication

Personal Information:

• Examples: Name (optional), date of birth (age verification only)

• Collected: Yes

• Business Purpose: Age verification, personalization

Commercial Information:

• Examples: Scan history, shopping lists, purchase history

• Collected: Yes

• Business Purpose: App functionality, recommendations

Internet Activity:

• Examples: Usage data, search queries, navigation patterns

• Collected: Yes

• Business Purpose: Analytics, improvement

Geolocation:

• Examples: Country/region (inferred from IP)

• Collected: Limited

• Business Purpose: Analytics only

Audio/Visual:

• Examples: None (camera used locally only)

• Collected: No

• Business Purpose: N/A

Professional/Employment:

• Examples: None

• Collected: No

• Business Purpose: N/A

Education:

• Examples: None

• Collected: No

• Business Purpose: N/A

Inferences:

• Examples: User preferences, product interests

• Collected: Yes

• Business Purpose: Personalization, recommendations

13.2 Sources of Personal Information

• Directly from you (account creation, reviews, lists)

• Automatically from your device (usage data, device info)

• Third-party databases (product information only, no personal data)

13.3 Business Purposes for Collection

• Providing App services and functionality

• Security, fraud prevention, and debugging

• Service improvement and analytics

• Legal compliance and enforcement

13.4 Categories of Third Parties We Share With

• Service providers (Firebase, Supabase) for operational purposes

• Product databases (OpenFoodFacts, Go-UPC) for product lookup (barcodes only)

• Payment processors (Apple, Google) for subscription management

• Law enforcement or legal entities when required by law

13.5 Sale of Personal Information

• We do NOT sell personal information

• We have not sold personal information in the past 12 months

• We do not have actual knowledge of selling information of minors under 16

13.6 Sensitive Personal Information

We do NOT collect or process sensitive personal information as defined by CPRA (e.g., precise geolocation, health data, biometric data, financial account information).

13.7 Retention Periods

See Section 4 (Data Retention) for details on how long we keep different types of data.

14. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data based on the following legal grounds:

Contract Performance:

• Processing necessary to provide the App services you requested (account management, scan history, reviews)

Legitimate Interests:

• Analytics and service improvement (we have a legitimate interest in improving the App)

• Security and fraud prevention (we have a legitimate interest in protecting users)

• Content moderation (we have a legitimate interest in maintaining a safe community)

Consent:

• Optional features like newsletters or beta surveys (you can withdraw consent anytime)

Legal Obligation:

• Compliance with laws, regulations, or legal requests

You have the right to object to processing based on legitimate interests. Contact privacy@buyrapp.com to exercise this right.

15. Additional Transparency

Data We Do NOT Collect:

• Precise geolocation (GPS coordinates)

• Health or medical information

• Financial account details (handled by Apple/Google)

• Biometric data (fingerprint, face ID - only used locally by your device)

• Social Security numbers or government IDs

• Race, ethnicity, religion, sexual orientation (unless you choose to mention in reviews)

Automated Decision-Making:

• We use AI for content moderation, but humans review all significant decisions

• You have the right to appeal automated moderation decisions (see Terms of Service)

• We do not use automated decision-making for profiling or other purposes that significantly affect you

Data Minimization:

• We collect only what's necessary for App functionality

• We regularly review data practices to minimize collection

Privacy by Design:

• Privacy considerations are built into our product development process

• We conduct privacy impact assessments for new features

Summary: Your Privacy at a Glance

✅ What We Collect: Email, scan history, reviews, pantry/lists, basic usage data
✅ Why: To provide App services, improve features, ensure safety
✅ Who We Share With: Service providers (Firebase, Supabase), product databases (OpenFoodFacts, Go-UPC)
❌ What We DON'T Do: Sell your data, use invasive tracking, serve ads, share for marketing
🔒 Your Control: Access, correct, delete your data anytime
📧 Questions: privacy@buyrapp.com

Last Updated: [Date]
Version: 1.0