Privacy Policy

Last updated: June 20, 2026 · Effective: June 20, 2026

This Privacy Policy explains how GreenCheck handles your information — including the health-related information you provide about your children. Please read it alongside our Terms of Service and Medical Disclaimer.

The short version. You (a parent or guardian) create child profiles with allergies, conditions, and diet preferences so GreenCheck can grade foods for each child. That information is private to your account, used only to provide the service, never sold, never used for advertising, and deletable at any time in the app (Settings → Delete account).

Contents
1. Who we are 2. Information we collect 3. How & why we use it 4. Children’s information 5. Automated grading 6. How we share it 7. International transfers 8. Retention 9. Security 10. Marketing & cookies 11. Your rights 12. U.S. state rights 13. Consumer health data 14. Changes 15. Contact

1. Who we are

GreenCheck (the “Service”) is operated by Gunning Ventures [confirm full legal entity name and form], located at [registered business address] (“GreenCheck”, “we”, “us”). For privacy questions, contact privacy@greencheck.app. We are the “controller” of personal data described here. Account holders must be adults (18+); GreenCheck is intended for use by a parent or guardian on behalf of their household.

2. Information we collect

Information you provide

Account — your email address (we use passwordless email “magic link” sign-in).
Child profiles — for each child you add: a first name or nickname, an optional photo, an approximate age (birth month/year), and their allergies, medical conditions, and dietary preferences. Allergy and condition information is treated as sensitive health-related data (see §4 and §13).
Scans & history — the products you scan, the ingredient analysis, and the per-child results.
Community posts — content you choose to share in the parent community.
Support & communications — messages you send us.

Information collected automatically

Device & diagnostics — app version, device type/OS, crash and error logs.
Usage analytics — privacy-scrubbed events (e.g., that a scan occurred) to improve the app. We do not use this for advertising.

Information from others

Product data — ingredient and allergen data for scanned products comes from OpenFoodFacts and similar public databases. This is product information, not your personal information.
Purchases — your subscription is processed by Apple. We never receive your full payment-card details. We receive a validated entitlement/receipt confirming your subscription status.

3. How & why we use it (and our legal bases)

We use your information to:

Provide the core service — grade scanned products for each child (legal basis: performance of our contract with you; for the health data specifically, your explicit consent under GDPR Art. 9(2)(a)).
Maintain your account, history, and subscription (contract).
Keep the Service safe, debug, and prevent abuse, including community moderation (legitimate interests; and consent where required).
Send service emails such as sign-in links and subscription notices (contract).
Improve the Service through privacy-scrubbed or de-identified analytics (legitimate interests; consent where required by law).

You can withdraw consent at any time by deleting the relevant data or your account; this does not affect processing already carried out.

4. Children’s information

GreenCheck is designed to be used by a parent or guardian. Children do not have their own accounts and are not the intended users of the app. The health-related information in a child profile is provided by you, the adult account holder, and you confirm you have authority to provide it.

We do not knowingly collect personal information directly from children under 13 (or the applicable age in your region). Consistent with the U.S. Children’s Online Privacy Protection Act (COPPA) and its rules, the parent provides and controls the child’s information and may review, correct, or delete it at any time, and may refuse further collection by deleting the profile or account.
If we learn that a person under the applicable age has created an account or provided us personal information directly, we will delete it promptly. If you believe a child has done so, contact privacy@greencheck.app.
Under the EU/UK GDPR, a child’s allergy and medical-condition data is “special category” (health) data. We process it only with your explicit consent and apply heightened protections. We make reasonable efforts to confirm the consenting person holds parental responsibility.
We use child information solely to provide the grading service to you — never for advertising or sale.

5. Automated grading & profiling

GreenCheck produces each BEST / GOOD / CAUTION / AVOID verdict automatically, by comparing a product’s ingredients and allergens against the profile you set for each child. We disclose this automated processing for transparency (GDPR Art. 13(2)(f)). The verdict is informational guidance, not a final or solely-automated decision with legal effect: you remain in control, you can review the ingredient breakdown and the reasons behind every grade, and you decide what to give your child. A grade is never a substitute for reading the product label. Where required, we rely on your explicit consent for this processing, and you may contact us to obtain human review of, or to contest, a result.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with service providers (“sub-processors”) that help us run GreenCheck, under contracts that require them to protect it and use it only on our instructions:

Provider	Purpose	Region
Supabase	Database, authentication, file storage	United States
OpenAI	Ingredient analysis (no advertising use; not used to train models on your data)	United States
Vercel	Application hosting / API	United States
Resend	Transactional email (sign-in links, receipts)	United States
OpenFoodFacts	Public product/ingredient data (we send a barcode, not your personal data)	EU/global
Apple	Subscription billing & receipt validation	United States
Sentry	Crash & error monitoring (PII-scrubbed)	United States
PostHog	Product analytics (PII-scrubbed)	United States/EU

We may also disclose information to comply with law, enforce our Terms, or protect rights and safety, and in connection with a merger or acquisition (with notice where required). We may create and use de-identified or aggregated information (which cannot reasonably be used to identify you or a child) for analytics and to improve the Service; we maintain and use such information in de-identified form and do not attempt to re-identify it.

7. International data transfers

We operate primarily from the United States, and our sub-processors are mainly U.S.-based. If you are in the EEA, the UK, or Switzerland, your information may be transferred to the U.S. We rely on an appropriate transfer safeguard for each recipient — the EU-U.S. Data Privacy Framework (and UK Extension) where the recipient is certified, or the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA) otherwise — together with supplementary measures. You can request a copy of the relevant safeguards from privacy@greencheck.app.

8. Data retention

We keep your information for as long as your account is active and as needed to provide the Service. When you delete a child profile, its data is removed; when you delete your account, your profile, children, scans, and results are permanently deleted, typically within 30 days, except where we must retain limited records to comply with law, resolve disputes, or enforce agreements (for example, basic subscription/transaction records). De-identified and aggregated data may be retained.

9. How we protect your information

We use industry-standard safeguards: encryption in transit and at rest, row-level security so each account can access only its own data, server-side enforcement of permissions, scoped access for staff, and secure storage of credentials. No method of transmission or storage is 100% secure, but we work to protect your information and will notify affected users and regulators of a data breach where and as the law requires.

10. Marketing, cookies & tracking

We send only service-related messages (such as sign-in links and subscription notices) by default. We will not send you promotional email without your consent where consent is required, and any marketing email will include an unsubscribe link. Our app uses minimal first-party analytics and does not use third-party advertising trackers; our website uses only essential and privacy-scrubbed analytics. We do not respond to browser “Do Not Track” signals because there is no common standard, but we honor recognized opt-out preference signals (such as Global Privacy Control) where the law requires.

11. Your privacy rights

Depending on where you live, you may have the right to:

access the personal information we hold about you and your children;
correct inaccurate information;
delete your information (also available in-app: Settings → Delete account);
receive a portable copy of information you provided;
object to or restrict certain processing, and withdraw consent;
opt out of any “sale” or “sharing” of personal information (note: we do not sell or share);
obtain human review of automated decisions (see §5);
not be discriminated against for exercising your rights.

To exercise these rights, use the in-app controls or email privacy@greencheck.app. We will verify your request and respond within the time the law requires. You may use an authorized agent. If we decline, you may appeal by replying to our response. EEA/UK users may also lodge a complaint with their data protection authority (for example, the UK Information Commissioner’s Office or your EU member-state authority); we would appreciate the chance to address it first.

12. U.S. state privacy disclosures

This section supplements the above for residents of California (CCPA/CPRA) and other states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Texas, Oregon, Montana). In the past 12 months we collected the categories of personal information described in §2 — identifiers (such as email); your children’s health-related information, which is “sensitive personal information”; commercial/subscription information; internet/usage activity; and user-generated content — from the sources in §2, for the purposes in §3, and disclosed it only to the service providers in §6.

We do not sell personal information and do not share it for cross-context behavioral advertising, and we do not knowingly process the data of consumers under 16 for sale/sharing.
We use sensitive personal information only to provide the Service you requested — not to infer characteristics — so the “Limit the Use of My Sensitive Personal Information” right does not change our practices, but you may still contact us.
California minors: if you are a California resident under 18 and a registered user, you may request removal of content you posted (Cal. Bus. & Prof. Code § 22581); contact us to do so.
California residents may also request information under the “Shine the Light” law. Nevada residents may submit a verified request not to sell covered information (though we do not sell).
You have the rights to know, access, correct, delete, and appeal as described in §11. We will not discriminate against you for exercising them.

13. Consumer Health Data Privacy

This section applies to “consumer health data” regulated by laws such as Washington’s My Health My Data Act, the Nevada consumer-health-data law, and similar measures, and serves as our consumer health data privacy policy. The allergy and medical-condition information you enter may qualify as consumer health data.

What we collect & why: the categories in §2 (children’s allergies, conditions, and related diet preferences), collected directly from you to provide the per-child grading service in §3.
Consent: we collect this data only with your consent and use it solely for the purposes you authorize. You may withdraw consent and delete the data at any time in the app or by contacting us.
No sale: we do not sell consumer health data and would never do so without your separate, valid written authorization. We have no current practice of seeking such authorization.
Sharing: we share consumer health data only with the service providers in §6 to operate the app, under contracts restricting their use.
Access & deletion: you may access or delete your consumer health data; deletions are passed to our service providers. Contact privacy@greencheck.app.
Who can access it internally is limited to personnel who need it to operate, support, or secure the Service.

14. Changes to this policy

We may update this policy. If we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the app or by email. Your continued use after an update means you accept the revised policy.

15. Contact us

Privacy questions or requests: privacy@greencheck.app. General support: support@greencheck.app. Mailing address: [registered business address]. EEA/UK users: if we appoint an Article 27 representative or a Data Protection Officer, their contact details will appear here.