Skip to main content
safeforme

Privacy Policy

Last updated: 22 May 2026

safeforme is a personal allergen checker. We never claim a product is safe or unsafe — we only show whether detected ingredients match your personal allergen profile. Always read product labels and consult a healthcare professional for medical advice.

Who we are

safeforme ("we", "us", "our") is a personal-project allergen scanner. The mobile app and this website are operated by an individual based in the Slovak Republic. We are the data controller for the personal data described below.

For privacy questions or data requests, email us at privacy@safeforme.app.

What data we collect

We try to collect as little as possible. Here is everything:

  • Photos of product labels. When you scan a product, the photo is sent to our backend for text extraction (OCR). It is not stored long-term — see Retention below.
  • Your personal allergen profile. The list of ingredients you mark as relevant to you. Stored on our backend so it syncs across your devices.
  • Account email (optional). Only if you choose to create an account or contact us through the form on /contact. We never require an account to use the app's core scanning features.
  • Basic technical logs. Anonymous request metadata (timestamp, status code) used for debugging and abuse prevention. No advertising trackers, no third-party analytics SDKs.

We do not collect: location, contacts, device identifiers for advertising, social-graph data, payment information, or anything from other apps on your device.

Legal basis for processing (GDPR Art. 6)

  • Consent — when you submit a photo for scanning or save items to your allergen profile, you actively initiate the processing.
  • Legitimate interest — keeping the service running, preventing abuse, debugging errors, and responding to support requests.
  • Contract — if you create an account, providing the service you signed up for.

Who processes your data on our behalf

We use a small number of trusted sub-processors:

  • Supabase (database + edge functions, EU region) — stores your allergen profile, the optional account email, and runs the OCR Edge Function that handles label scans. Supabase acts as our data processor.
  • OpenAI — used as an OCR sub-processor. Photos you scan are forwarded to OpenAI's API for text extraction. Per OpenAI's API terms, this data is not used to train their models. We send only the image needed for the scan, never your allergen profile or email.
  • Vercel — hosts this website. Standard request logs only.

We do not sell your data, and we do not share it with advertisers, data brokers, or any other third parties.

Retention

  • Scanned photos: deleted within minutes of OCR completion. They are not archived.
  • Allergen profile: kept until you delete it from the app, or until you delete your account.
  • Account email: kept until you delete your account.
  • Contact form messages: kept for up to 12 months so we can follow up on conversations, then deleted.
  • Technical logs: kept for up to 30 days, then rotated out.

Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Rectification — ask us to correct anything that's wrong.
  • Erasure ("right to be forgotten") — ask us to delete your account, your allergen profile, and any contact-form history.
  • Portability — receive your data in a structured, machine-readable format (JSON).
  • Restriction — ask us to pause processing while a question is resolved.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time, without affecting the lawfulness of past processing.
  • Lodge a complaint with your local supervisory authority. In Slovakia, that is the Úrad na ochranu osobných údajov SR.

To exercise any of these rights, email privacy@safeforme.app. We respond within 30 days.

Security

Data in transit is encrypted with TLS. Data at rest in Supabase is encrypted by the provider. We use the principle of least privilege for backend access and rotate credentials regularly. No service is perfectly secure — if you suspect a problem, please tell us at privacy@safeforme.app.

Children's privacy

safeforme is not directed at children under 13 (or under 16 in some EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@safeforme.app and we will delete it.

International transfers

Our infrastructure runs primarily in the EU. When data is forwarded to OpenAI for OCR, it may be processed in the United States. We rely on the EU–US Data Privacy Framework and standard contractual clauses where applicable.

Changes to this policy

We will update this page when we change how we handle data. The "Last updated" date at the top of this page will reflect the most recent revision. Material changes will be announced in the app and, where you have an account, by email.

Contact