Privacy Policy
Last updated: May 13, 2026
Yavo ("we", "the app") helps you understand what's in packaged food. This policy describes what data the app collects, why, and what you can do about it.
TL;DR
- No ads, no affiliate links, no data sales — ever.
- Your account keeps your scans and preferences in sync across your devices.
- You can delete your account from inside the app in 2 taps.
- All data is encrypted at rest and in transit.
- AI ingredient analysis is opt-in, only fires when you tap it.
What we collect
Yavo requires an account — you sign in with Apple, Google, or email. We collect:
- Email address (from your sign-in provider, or one you enter).
- Display name (if your provider supplies one).
- Scan history (the barcodes you've scanned and the timestamps).
- Subscription entitlement state (active / expired) from our payments processor.
- Crash reports via Firebase Crashlytics (stack traces, OS version, device model — no email, no scan content).
- Aggregated request rate (to operate the API).
What we do not collect
- We do not collect your real name, phone number, address, or precise location.
- We do not collect photos or contents of items you don't explicitly submit.
- We do not collect contacts, calendar, or any other on-device app data.
- We do not collect your IDFA / advertising identifier (`AD_ID` is blocked on Android).
- We do not track you across other apps or websites.
Why we collect it
- Account (email + sign-in): so your scans and preferences sync across your devices.
- Crash reports: so we can fix bugs before they hurt more users.
- Email + scan history: so you can sync across devices and so we can show you your history.
- Entitlement state: so paid features unlock when you're subscribed.
Who we share it with
Limited and specific:
- Firebase (Google) — authentication, crash reports, and account-deletion API.
- Anthropic — when you use the "Ask AI" feature, your question + product context is sent through our proxy to Claude. Personally-identifying patterns (emails, phone numbers, card numbers) are scrubbed before sending.
- RevenueCat — subscription receipt validation.
- Open Food Facts — when you scan a barcode, the barcode is sent to this open database to look up the product. The barcode itself isn't personally identifying.
We never share your data with advertisers, data brokers, or anyone outside the integrations above. We do not sell data.
Photo contributions
If you submit a photo of an unknown product (the "Help us add this one" flow), we upload the photo to our object storage. Photos are retained for 90 days while we add the product to our catalog, then deleted. The photo is never tagged with your account in any public surface.
AI ingredient analysis
When a barcode misses every database we check (our curated catalog, Open Food Facts, Open Beauty Facts), you can tap "Analyze ingredients with AI" on the Unknown screen and photograph the ingredients panel. The photo is uploaded to our server, then forwarded to Anthropic's Claude (a vision model) which returns a structured estimate of the ingredient list, allergens, and a tentative score.
- The feature is opt-in — it never fires automatically. You have to tap to start it.
- Photos taken in the analyzer are stored under `uploads/analyses/` on our server and retained for 90 days, the same window as photo contributions, then deleted.
- Anthropic is a sub-processor for this call. See their privacy policy.
- Our audit log records only metadata for each AI call (model, token counts, latency, cost). We never log the prompt content or the response text.
- AI output is labeled "AI-analyzed" in the app with a confidence indicator (low / medium / high). Always verify ingredients on the actual product packaging.
Data retention
- Account data: kept while your account is active.
- Signed-in account: until you delete your account (in-app, 2 taps — see "Your rights" below).
- Soft-delete window: after you delete your account, your data is kept for 30 days so support can restore if requested. After 30 days it is hard-deleted from our database (cascades to all related rows: scan history, contributions, AI audit logs).
- AI audit logs: 90 days. Logs metadata only (model, token counts, latency) — never the prompt content.
- Crash reports: 90 days, Firebase-default.
Encryption
- In transit: all network traffic uses HTTPS / TLS 1.2+.
- At rest: our database disks use AES-256 encryption. Firebase services use Google's platform encryption by default.
Your rights
You can, at any time:
- Delete your account in 2 taps: open the You tab → Delete Account. The destructive confirmation removes your data from our database (with the 30-day soft-delete window above) and immediately deletes your Firebase account.
- Export your data: email us at the address below; we'll send your full record within 30 days.
- Correct your data: email us at the address below.
- Withdraw consent: uninstall the app + delete the account.
Residents of the EU / UK have additional rights under GDPR (access, rectification, erasure, restriction, portability, objection). Residents of California have rights under CCPA. Email the address below to exercise any of these.
Children
Yavo is rated 12+ on the App Store. We do not knowingly collect data from children under 13. If we learn we've collected data from a child under 13, we will delete it.
Changes to this policy
We will update the "Last updated" date when this changes. Material changes will be surfaced in-app on next launch. Continued use of the app after a policy change means you accept the new policy.
Contact
Questions or requests: email support@yavoscanner.com .
This policy is one of two: see also the Terms of Service.