Privacy Policy

Last Updated: March 18, 2026

SweetSpot ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

1. Information We Collect

Account information (email address via Sign in with Apple or email magic link)
Sweetener preferences and dietary restrictions
Product scan data and barcode information
Favorite sweeteners and scan history
Device information (model, OS version) for crash reporting
Camera access (for barcode scanning only — images are processed locally on your device and are not uploaded to our servers)

2. How We Use Your Information

Provide and personalize the sweetener tracking service
Process barcode scans and identify sweeteners
Sync your data across devices
Send push notifications (if you opt in)
Improve app performance and fix crashes
Process subscription purchases

3. Data Storage & Security

Your data is stored securely using Supabase (PostgreSQL) with Row-Level Security (RLS) ensuring users can only access their own data. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Authentication tokens are stored in the iOS Keychain.

4. Third-Party Services

Supabase — Authentication and database hosting
RevenueCat — Subscription management
Sentry — Crash reporting and performance monitoring
Open Food Facts — Product barcode lookups
Apple — App Store purchases and Sign in with Apple

We do not sell your personal information.

5. Your Rights

You can access, export, correct, or delete your data at any time through the app's Settings. Specifically:

Export: Settings → Export My Data
Delete: Settings → Delete Account (permanently removes all data within 30 days)

EU/EEA residents have additional rights under GDPR including the right to access, rectification, erasure, restriction of processing, data portability, and objection. California residents have rights under the CCPA.

6. Children's Privacy

SweetSpot is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or by email.

9. Contact

For privacy questions or data requests: privacy@getsweetspot.app

SPR Labs, Milan, Italy