Privacy Policy

1. Who we are

Fino is operated by Fino Labs ("Fino", "we", "us"). For privacy-related correspondence, write to [email protected] or to our postal address [Fino Labs, postal address — to be added before launch].

Our EU representative under GDPR Article 27 will be appointed before our EU launch and listed at the bottom of this page. For users in the United Kingdom, the same address serves as our UK GDPR representative.

2. What we collect

We collect only what we need to deliver the service. Categories below correspond to the lawful bases listed in section 3.

Account data

• Email address (required for sign-in and recovery)
• Optional display name (used inside the app only)
• Date of birth — used solely for age-gating (we never share it)

Health data (special category under GDPR Article 9)

• The allergens and intolerances you choose to track
• The severity you assign to each (mild, moderate, severe)
• Family profiles you create, if you subscribe to Fino Pro

Health data is only collected after you give explicit, informed consent via the in-app onboarding screen. You can withdraw consent at any time in Settings → Data & privacy.

Usage data

• Scan history and saved items — stored locally on your device by default
• Aggregate counts (scans per day, feature usage) used to size infrastructure

Technical data

• Device model, OS version, app version
• Anonymised crash logs (no contents of scans)
• IP address (truncated; used only to route requests and prevent abuse)

Scan input

When you scan a label or paste ingredient text, the text is sent to our AI provider for analysis (see section 4). We do not store the original photo on our servers. The OCR text is processed in-memory and discarded after the result is returned, except where we retain a non-identifying excerpt for up to 30 days for abuse detection.

3. Why we collect it (lawful basis)

Category	Purpose	Lawful basis
Account	Provide the service, recover access	Performance of a contract — Art. 6(1)(b)
Health data	Compare labels against your profile	Explicit consent — Art. 9(2)(a)
Scan input	Generate the result you requested	Performance of a contract — Art. 6(1)(b)
Technical / crash	Keep the app stable and secure	Legitimate interests — Art. 6(1)(f)
Analytics (opt-in outside US)	Understand product use	Consent — Art. 6(1)(a)

4. Who we share it with

We use a small set of trusted sub-processors, listed in detail at /sub-processors. Summary:

• Supabase, Inc. — authentication and database (EU-hosted, Frankfurt). Data Processing Agreement on file.
• Cloudflare, Inc. — CDN, edge proxy, and email forwarding. EU Data Privacy Framework and Standard Contractual Clauses in place.
• OpenAI, LLC — analyses the ingredient text you submit. Per OpenAI's API terms, API data is not used to train their models. DPF + SCCs.
• Apple Inc. — App Store payments and push notifications.
• RevenueCat, Inc. — manages subscription state from Apple receipts.

We do not sell personal data and we do not share it for cross-context behavioural advertising. We have not sold or shared personal data in the past 12 months.

5. How long we keep it

• Account data — until you delete your account, or after 24 months of inactivity
• Health data — same retention as account; deleted immediately when you withdraw consent
• Scan input excerpts (abuse detection) — up to 30 days
• Crash logs — up to 90 days
• Billing records — retained as required by tax law (typically 7 years)

6. Your rights

Wherever you live, you have the following rights with respect to your personal data:

• Access — request a copy of the data we hold about you
• Rectification — correct anything inaccurate
• Deletion — request that we erase your account and health data
• Portability — receive your data in a machine-readable format
• Withdraw consent — without affecting prior processing
• Object to processing based on legitimate interests, and to automated decisions with legal effect
• Lodge a complaint with your supervisory authority (in the EU, your national DPA)

California, Colorado, Connecticut, Virginia, and Utah residents have substantially the same rights under their state privacy laws. Washington residents enjoy the additional protections of the My Health My Data Act, including a right to limit processing of consumer health data.

7. How to exercise your rights

The fastest way is in the app: Settings → Data & privacy → Export my data or Delete my account. If you can't open the app, you can also:

• Email [email protected]
• Use the form at /delete-account

We respond within 30 days. We may ask you to verify your identity to prevent unauthorised disclosure.

8. Children

Fino is not directed at children. Our minimum age is 16 in the European Economic Area and the United Kingdom, and 13 elsewhere, in line with applicable law. We do not knowingly collect data from anyone under these ages — if we learn that we have, we delete the account.

9. International transfers

Some of our sub-processors are located in the United States. We rely on the EU–U.S. Data Privacy Framework (and the UK and Swiss extensions) and on the Standard Contractual Clauses approved by the European Commission. Supplementary measures including encryption in transit and at rest are in place.

10. Security

We use TLS 1.2+ for all network traffic, AES-256 for data at rest, and access controls scoped to least privilege. No system is perfectly secure — if you become aware of a vulnerability, please email [email protected].

11. Changes to this policy

We update this policy when our practices change. We post the new version here, update the "Last updated" date at the top, and — for material changes — show an in-app banner at least 30 days before the change takes effect.

12. Contact

Privacy questions: [email protected]
General support: [email protected]
Postal address: [Fino Labs, postal address — to be added before launch]
EU representative: [to be appointed before EU launch]

Always read the original label. Fino is informational only and not a substitute for medical advice.