This Privacy Policy explains how Ingredily Technologies Ltd ("Ingredily", "we", "us") collects, uses, stores, shares and protects personal data about visitors to www.ingredily.com and users of our personalized ingredient scanning and verdict service (the "Service"). We are the data controller for the personal data described below.
Ingredily is committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are & how to contact us
- Data controller: Ingredily Technologies Ltd, registered in England & Wales, with its principal place of business in London, United Kingdom.
- Data Protection contact: hello@ingredily.com
- Supervisory authority: Information Commissioner's Office (ICO), ico.org.uk. You have the right to lodge a complaint with the ICO at any time.
2. What personal data we collect and why
We collect personal data in the following categories:
2.1 Account and authentication data
- What: Email address, display name, authentication tokens, and sign-in method (email/password or Google OAuth).
- Why: To create and secure your account, authenticate your identity, and provide access to cloud-synced features.
- Lawful basis: Performance of a contract (Art. 6(1)(b) UK GDPR).
2.2 Health profile — special category data
- What: Medical conditions you choose to disclose (e.g. type 2 diabetes, hypertension, chronic kidney disease, pregnancy trimester, food allergies), medications you take, and your current life stage (e.g. pregnant, breastfeeding, not applicable).
- Why: This is the core of the Service. We use this information to generate personalized verdicts about whether a food or drink product is safe or suitable for you specifically. Without this data, we can only provide generic, non-personalized information.
- Lawful basis: Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) UK GDPR). You voluntarily enter this data, and you may delete it or your entire account at any time. By entering health data, you are explicitly consenting to its processing for personalization purposes.
- Important: This data is classified as "special category" or "sensitive" personal data under UK law. We treat it with the highest level of protection.
2.3 Scan data — ingredient lists and verdicts
- What: Product names, ingredient lists (from photos, camera scans, PDF uploads, or typed input), the personalized verdict we generated for you, and the date/time of each scan.
- Why: To display your scan history, let you revisit past verdicts, export PDF reports, and improve our AI models.
- Lawful basis: Performance of a contract (Art. 6(1)(b)) for providing the Service; legitimate interests (Art. 6(1)(f)) for improving product quality, balanced against your rights.
2.4 Marketing and communication preferences
- What: Whether you have opted in to receive product updates, newsletters, or promotional emails from us.
- Why: To send you relevant communications about new features, research, or improvements to the Service — but only if you have explicitly agreed.
- Lawful basis: Consent (Art. 6(1)(a) and PECR regulation 22). You can withdraw this consent at any time via your account settings or by clicking "unsubscribe" in any email.
2.5 Cookies and analytics data
- What: Cookie identifiers, device and browser information, anonymized usage analytics (e.g. which features are used, how long sessions last), and error/diagnostic logs.
- Why: Strictly necessary cookies enable authentication and core functionality. Analytics cookies help us understand how the Service is used so we can improve it. Marketing cookies allow us to measure campaign effectiveness.
- Lawful basis: Strictly necessary cookies — legitimate interests (Art. 6(1)(f)) and PECR regulation 6 (implied consent for essential cookies). Analytics and marketing cookies — consent (Art. 6(1)(a) and PECR regulation 6), obtained via our cookie banner before any non-essential cookies are placed.
2.6 Consent records
- What: Records of which cookie categories you accepted or rejected, the date and time of your decision, the version of our privacy policy in force at that time, and your browser user agent string.
- Why: To demonstrate compliance with UK GDPR and PECR if challenged, and to respect your preferences across sessions.
- Lawful basis: Legal obligation (Art. 6(1)(c)) to maintain evidence of consent.
2.7 Technical and security data
- What: IP address (transiently, for rate limiting and security), timestamps, request logs, and error telemetry.
- Why: To protect the Service from abuse, detect and prevent security incidents, and troubleshoot technical issues.
- Lawful basis: Legitimate interests (Art. 6(1)(f)) in maintaining service security, balanced against your privacy rights. IP addresses are not retained longer than necessary for security purposes.
3. How we generate verdicts — AI and data minimisation
When you scan or upload an ingredient list, our Service sends the ingredient text and the minimum necessary health profile flags (e.g. "pregnant: true", "diabetes: true") to third-party artificial intelligence providers — currently OpenAI and Google (Gemini) — to generate a personalized verdict.
- We do not send your name, email address, user ID, or any other identifier to AI providers.
- We only send the specific health flags relevant to the verdict being generated. For example, if you have both diabetes and hypertension but the ingredient in question only relates to diabetes, we may only send the diabetes flag.
- AI providers process this data under their own terms and privacy policies. We use Standard Contractual Clauses (SCCs) with the UK International Data Transfer Addendum (IDTA) for any transfers outside the UK/EEA.
- We do not use your scan data to train AI models without your explicit consent.
4. How we share your data — sub-processors
We do not sell, rent, or trade your personal data. We only share data with trusted sub-processors who help us deliver the Service, and who are contractually bound to process data only on our instructions and in compliance with UK GDPR:
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| Lovable Cloud (Supabase) | Managed database, authentication, file storage, and backups | EU (Ireland) | UK GDPR-aligned, row-level security, encryption at rest and in transit |
| Cloudflare, Inc. | Edge hosting, CDN, DDoS protection, and security | Global edge network | UK IDTA + SCCs; data processed at edge, minimal retention |
| OpenAI, L.L.C. | AI model powering ingredient verdict generation | USA | UK IDTA + SCCs; only anonymized ingredient text and relevant health flags sent; no identifiers |
| Google LLC (Gemini API) | AI model powering ingredient verdict generation | USA | UK IDTA + SCCs; only anonymized ingredient text and relevant health flags sent; no identifiers |
| SparkPost (MessageBird) | Transactional email delivery (account verification, password reset) | USA / EU | UK IDTA + SCCs for US processing; emails contain no health data |
We may also disclose your personal data where required by law, to enforce our Terms of Service, to protect our rights, privacy, safety, or property, or to respond to lawful requests from public authorities.
5. International data transfers
Some of our sub-processors operate outside the United Kingdom and European Economic Area (EEA), particularly in the United States. Where we transfer personal data outside the UK/EEA, we ensure adequate protection through:
- The UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses (SCCs).
- Supplementary technical measures, including encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Data minimisation — we only transfer the minimum data necessary for the specific purpose.
- Contractual controls — sub-processors are contractually prohibited from using data for their own purposes or for training AI models on our users' data.
6. How long we keep your data
| Data category | Retention period | Rationale |
|---|---|---|
| Account & health profile | Until you delete your account | Required to provide personalized verdicts |
| Scan history (cloud) | Until you delete your account or individual scans | Required to display history and enable exports |
| Scan history (local device) | Until you clear app data or uninstall | You control local storage on your device |
| Consent records | 24 months from date of consent | UK GDPR and PECR require evidence of consent |
| Server logs (security) | 30 days | Sufficient for security monitoring and incident response |
| Deleted account data | Permanently removed within 30 days of deletion | Some data may persist in backups for up to 7 days after deletion before being fully purged |
7. Your rights under UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data:
7.1 Right of access (Art. 15)
You have the right to request a copy of the personal data we hold about you. You can exercise this right at any time by using the "Download my data" button in your Account settings. We provide this as a machine-readable JSON file containing your profile, scan history, and consent records.
7.2 Right to rectification (Art. 16)
You have the right to correct any inaccurate or incomplete personal data. You can update your health profile, display name, and other account details at any time in your Account settings.
7.3 Right to erasure / "right to be forgotten" (Art. 17)
You have the right to request deletion of your personal data. You can delete your entire account — including your profile, scan history, consent records, and authentication credentials — using the "Delete my account permanently" button in your Account settings. We will process deletion requests within 30 days.
7.4 Right to restrict processing (Art. 18)
You have the right to request that we restrict processing of your personal data in certain circumstances, for example if you contest the accuracy of the data or if you have objected to processing and we are considering whether our legitimate grounds override yours.
7.5 Right to object (Art. 21)
You have the right to object to processing based on legitimate interests (e.g. analytics). You can exercise this by adjusting your cookie preferences via the Cookie settings page or by contacting us.
7.6 Right to data portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. The "Download my data" feature in your Account settings provides your data in JSON format.
7.7 Right to withdraw consent (Art. 7(3))
Where we rely on your consent (e.g. for marketing emails, analytics cookies, or health data processing), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before you withdrew your consent. You can:
- Withdraw marketing consent by toggling the preference in your Account settings or clicking "unsubscribe" in any email.
- Withdraw cookie consent by visiting the Cookie settings page.
- Withdraw health data processing consent by deleting your health profile or account.
7.8 Right to lodge a complaint
If you believe we have not handled your personal data in accordance with UK data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security measures
We take the security of your personal data seriously, particularly your health data. We have implemented the following technical and organisational measures:
- Encryption: All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256.
- Row-Level Security (RLS): Our database uses RLS policies to ensure you can only access your own data. Even our administrators cannot view your health profile or scan history without specific technical overrides.
- Server-side processing: Sensitive operations (data export, account deletion, admin queries) run in scoped server functions with least-privilege access keys.
- Authentication: We use industry-standard password hashing (bcrypt) for email/password accounts, and OAuth 2.0 for Google sign-in.
- Session management: Authentication tokens are stored securely and rotated regularly.
- Backups: Automated daily backups with 7-day point-in-time recovery, stored encrypted.
- Vulnerability management: Regular dependency scanning and security audits.
- Breach response: In the event of a personal data breach, we will notify the ICO within 72 hours where required by law, and notify affected users without undue delay.
9. Children's privacy
The Service is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@ingredily.com and we will delete such information promptly.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. Material changes will be communicated by:
- Updating the "Last updated" date at the top of this page.
- Displaying a prominent notice within the Service.
- Sending an email to the address associated with your account (where applicable).
- Re-prompting for consent where the changes affect the lawful basis for processing your data.
Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
11. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Ingredily Technologies Ltd
Email: hello@ingredily.com
Website: www.ingredily.com
We aim to respond to all enquiries within 30 days.