Legal

Privacy Policy

Effective date:

Verdik (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use the Verdik mobile app and website (the “Service”).

By using Verdik, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address and display name when you register
  • Social sign-in data: name and email from Apple or Google if you use social sign-in
  • Payment information: handled entirely by Apple App Store or Google Play — we never see or store payment card details
  • User-submitted content: images you take with the label scanner, AI Concierge queries

1.2 Information Collected Automatically

  • Usage data: features used, screens visited, tap events — used to improve product experience
  • Device information: device type, operating system version, app version, locale
  • Crash reports and performance data: collected via Sentry to identify and fix bugs
  • IP address: logged transiently for security and rate-limiting purposes

1.3 Camera and Photo Access

The label scanning feature requires camera access. Images are sent to our AI provider to extract nutritional data and are not stored on our servers after processing. You can grant or revoke camera permissions at any time in your device settings.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate your account and manage subscriptions
  • To personalize your in-app experience and recommendations
  • To process AI Concierge queries and label scan results
  • To send transactional emails (account confirmation, password reset)
  • To monitor and improve app performance and reliability
  • To detect and prevent fraud or unauthorized activity
  • To comply with legal obligations

We do not use your data to train AI models, sell advertising, or build third-party marketing profiles.

3. Data Sharing

We share your data only with the following categories of recipients:

  • Supabase: our database and authentication provider. Your account data is stored in Supabase's EU data centers.
  • AI Providers (Anthropic / OpenAI): label scan images and AI Concierge queries are processed by AI providers under their privacy terms. Queries are not associated with your account when sent.
  • Sentry: crash reports and anonymized performance metrics for debugging.
  • Stripe: payment processing for web checkout flows. Card data never touches our servers.
  • Legal requirements: we may disclose information if required by law, court order, or to protect the rights, property, or safety of Verdik, our users, or the public.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes, which we retain for 7 years).

Anonymized, aggregated usage data may be retained indefinitely for product analytics. Crash reports are retained for 90 days.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and personal data
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain processing activities
  • Restriction: request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@verdik.co. You can also delete your account directly from the Profile screen in the app, which triggers immediate deletion of your account and associated data.

6. Children's Privacy

Verdik is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly. If you are a parent and believe your child has provided us with personal information, contact us at privacy@verdik.co.

7. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, row-level security policies in our database, and regular security reviews. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. International Transfers

Verdik is operated from the United States. If you are located outside the US, your information may be transferred to and processed in the US or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

9. Cookies and Tracking

The Verdik mobile app does not use cookies. Our website may use essential cookies for functionality (e.g., session management) and analytics. We do not use third-party advertising cookies or behavioral tracking pixels.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of your personal information. We do not sell personal information. To exercise your CCPA rights, contact privacy@verdik.co.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the effective date at the top of this page and, where appropriate, via an in-app notification. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Verdik

Email: privacy@verdik.co

Support: support@verdik.co