Privacy Policy

Last Updated: June 9, 2026

Menu Detective (the "App") is built with a privacy-first architecture. This policy explains what data we collect, how we process it, and what rights you have.

1. What We Collect (and What We Don't)

Data that stays on your device — never sent to our servers:

• Your allergen profile — the list of allergens you select is stored locally via flutter_secure_storage and never transmitted. Only anonymized allergen IDs for the current scan are sent with each request.
• Menu photos — photos are processed by on-device OCR (ML Kit). Only the extracted text is sent to our AI proxy for analysis.
• Scan history — past scan results are cached locally on your device.

Data sent to our VPS proxy → OpenAI (ephemeral, not stored):

• Extracted menu text — OCR output from your menu photo, sent for AI structuring and allergen analysis.
• Target allergen IDs — anonymized identifiers for your active allergens (e.g., "1,3,7"), not your full profile.
• An optional locale hint — a coarse language hint to improve menu translation accuracy. Not GPS data.

Data we do NOT collect or store:

• Your name, email address, or phone number — no account system exists in v1
• Your precise location
• Device identifiers (IMEI, advertising ID)
• Your full allergen profile (never leaves your device)
• Browsing history or usage analytics tied to your identity

2. How We Process Your Data

Our VPS proxy server (hosted at api.menudetective.benbere.space) is a stateless relay:

• In-memory only — no database, no file cache of OCR text or requests.
• Silent logs — production logs contain no request bodies, allergen lists, or OCR text.
• Header hygiene — your IP address and User-Agent are stripped. OpenAI sees only the VPS egress IP.
• Ephemeral processing — OCR text is forwarded to OpenAI for analysis and discarded immediately after the response is returned.

3. Third-Party Services

OpenAI (AI Processing)

We use OpenAI's API (gpt-4o-mini) to structure and analyze menu text. OpenAI receives extracted menu text and allergen IDs. OpenAI processes data under its API Data Usage Policy — data sent via the API is not used for training. No personally identifiable information is included in API requests.

RevenueCat (Subscriptions)

In-app purchases and subscription management are handled by RevenueCat. RevenueCat processes purchase receipts from the App Store and Google Play. We do not send RevenueCat any user health data, allergen profiles, or menu content. See RevenueCat's Privacy Policy.

Cloudflare (DNS & Hosting)

Our website is hosted on Cloudflare Pages. Cloudflare processes standard HTTP request metadata (IP address, browser user agent, request timing) for security and performance. See Cloudflare's Privacy Policy.

Analytics

The App itself does not include analytics SDKs. The website (menudetective.app) may use privacy-preserving analytics (e.g., Plausible or Google Analytics with IP anonymization) to understand general traffic patterns. No personal data is collected through analytics.

4. Data Retention

• On-device data: Retained until you uninstall the App or clear app data. You can delete your allergen profile and scan history at any time through the App settings.
• VPS proxy data: Not retained. No database is written. Request data exists in memory only during processing and is discarded after the response.
• Purchase records: Retained by RevenueCat and applicable app stores as per their respective policies.

5. Your Rights

Under applicable privacy laws (including PIPEDA, GDPR, and CCPA), you have the right to:

• Access — request information about what data we hold (note: we hold no personal data on our servers).
• Deletion — uninstall the App to remove all on-device data. Email us to confirm server-side deletion (there will be nothing to delete).
• Opt-out — you control what data is sent with each scan (you choose which allergens are active).

To exercise these rights, contact us at privacy@menudetective.app.

6. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us to have it removed.

7. Changes to This Policy

We may update this policy as our App evolves. Material changes will be communicated through the App or website. Continued use after changes take effect constitutes acceptance of the updated policy.

8. Contact

For privacy-related inquiries:

• Email: privacy@menudetective.app
• Support: support@menudetective.app

---

This privacy policy is designed to be transparent about our privacy-first architecture. We do not sell your data, we do not profile you, and we built the technical infrastructure to ensure your allergen information stays yours.