Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how FoodKnower ("we", "us", or "our") collects, uses, and protects your information when you use our mobile application and website.

Data Controller

The data controller responsible for your personal data is:

Brian Lui
Sydney, Australia
Email: contact@foodknower.com

Data Sent to Our Server

When you perform a food scan, the following data is sent to our server:

• Food photo — JPEG-compressed, scaled to max 1024px. Used solely to identify the food via AI analysis.
• Google ID token — used to authenticate the user and enforce rate limits.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance — processing your food photo and account data is necessary to provide the FoodKnower service you signed up for.
• Legitimate interest — we log user ID and timestamp to enforce rate limits, prevent abuse, and maintain service stability.

Data Stored on Our Server

We store the following data on our server:

• Google account identifier (subject ID) — a stable account identifier, not your email displayed publicly.
• Email address — for account identification.
• Account creation timestamp.
• Per-scan usage log — user ID + timestamp only, used exclusively for rate limiting.
• Billing and subscription audit records — only if applicable, to maintain billing history and transfer audit integrity.

We do not store your food photos or scan results on our server.

Data Stored on Your Device Only

The following data is stored locally on your device and is never transmitted to our servers:

• Scan history (food name, brand, scores, nutrition data, thumbnail).
• All scan results and nutrition data stay on your phone.

Data Retention

We retain your data for the following periods:

• Live account data (Google ID, email, creation timestamp) — retained for as long as your account exists. Deleted when you delete your account.
• Usage logs (user ID + timestamp) — retained for 90 days, then automatically deleted.
• Minimal retained deletion ledger — when you delete your account, we retain a one-way restore key derived from your Google subject ID together with your lifetime free-scan usage count. This is used to prevent resetting lifetime free quota by deleting and recreating an account.
• Billing and subscription audit history — if you have subscription-related history, billing event records and subscription transfer audit records may be retained after account deletion. These records may include purchase tokens and pseudonymous restore keys so billing history remains auditable.
• Food photos — not retained. Photos are processed in memory for AI analysis and discarded immediately after the scan result is returned.

International Data Transfers

FoodKnower is operated from Australia. Your data may also be transferred to and processed in the United States, because our AI providers operate there. All transfers are protected by HTTPS, and our third-party providers maintain appropriate data protection safeguards. For users in the European Economic Area, these safeguards include the EU–US Data Privacy Framework and Standard Contractual Clauses.

Third-Party Services

FoodKnower uses the following third-party services:

• Google Sign-In — authentication. Google's privacy policy applies.
• AI language-model providers — food photo identification. Each provider's respective privacy policy applies. A current list of providers is available at foodknower.com/ai-providers.
• Open Food Facts — packaged food database, bundled locally within the app. No network calls are made to Open Food Facts.

Cookies and Tracking

Our website does not use cookies, analytics, or any tracking technologies. No data is collected when you browse foodknower.com.

Security

• All network communication uses HTTPS.
• All AI API keys are stored server-side only — never on your device.
• Google ID tokens are verified server-side via Google's official libraries.
• Photo EXIF metadata (including GPS location) is stripped before transmission to our server.

Automated Decision-Making

FoodKnower uses AI to identify food from photos and generate nutrition scores. This processing is automated but is purely informational — no legal or similarly significant decisions are made based on the results. Scores are illustrative and not a substitute for professional dietary advice.

Children's Privacy

FoodKnower is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at contact@foodknower.com and we will delete it promptly.

Your Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Restriction — request that we restrict processing of your data in certain circumstances.
• Data portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at contact@foodknower.com. We will respond within 30 days.

To delete your account, see our account deletion instructions. Deletion removes your live account and local app history, but minimal retained records described above may remain for quota restoration and billing/audit integrity.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at contact@foodknower.com.