grocescan – Privacy Policy

Last updated: 29 November 2025

This Privacy Policy explains how grocescan – Smart Grocery AI Assistant (“we”, “our”, “the app”) processes your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Finnish data protection laws.

1. Data Controller

MEHErix Oy
Orvokkitie 3, 01300 Vantaa, Finland
Business ID: 000000
Email: [email protected]

2. What Data We Collect

2.1 Perishable Product Images

When you use the camera to scan fruits, vegetables, meat, fish or other perishable goods, the app processes the image to:

• identify the product,
• estimate freshness, remaining days, or spoilage risk,
• generate storage recommendations,
• analyze quality indicators (color, texture, ageing).

We do not store raw images permanently.
Images are processed temporarily by AI models and then automatically deleted.

2.2 Barcode Scan Data (Packaged Food / Cosmetics)

When scanning barcodes, we collect:

• Barcode number (EAN/UPC)
• Product metadata (brand, ingredients, allergens, nutrition, expiry)
• Health and safety classification data

No personal identity is linked to barcode scans.

2.3 Device Data

We may collect technical information such as:

• Device model, OS version
• App version
• Crash logs and diagnostics

2.4 Optional Account Data (If You Create an Account)

• Email address
• Password (securely hashed)
• Saved preferences
• Purchase and usage history

3. How We Use Your Data

• To analyze perishable goods and estimate shelf life
• To provide health and safety insights for packaged items
• To send personalized suggestions (optional)
• To improve AI accuracy
• To detect harmful or unsafe cosmetics ingredients

4. Legal Basis (GDPR Article 6)

• Legitimate interest – running and improving the app
• Consent – camera access, AI processing
• Contract – delivering requested features

5. Data Sharing

We do NOT sell your data.

We may share data only with:

• Google Cloud (AI processing, hosting)
• Analytics platforms (anonymous data only)
• Technical service providers

6. International Transfers

Data may be processed within the EU or in Google Cloud regions under Standard Contractual Clauses (SCCs).

7. Data Retention

• Perishable product images: deleted immediately after processing
• Barcode history: 12 months (optional)
• Log data: 12–24 months

8. Your Rights

• Right to access your data
• Right to delete your account
• Right to withdraw consent
• Right to correct inaccurate data
• Right to restrict processing
• Right to data portability

9. Contact for Data Rights

Email: [email protected]

10. Changes to This Policy

We may update this Privacy Policy. Changes will be posted here with an updated “Last updated” date.

This policy is designed for GDPR compliance for Finland and the EU.