This Privacy Policy explains how dtoxy (“we”, “us”) collects, uses, and protects your information when you use the dtoxy mobile app. We built dtoxy to be private by default: we analyze the photos you scan and then discard them.
1. Information we collect
- Account information. When you sign in, we collect your email address. Authentication is handled by Supabase using a one-time email code — we never see or store a password.
- Scan records. For each scan we store the results — product name, the ingredients/materials identified, their toxicity scores, the scan type, and a timestamp — linked to your account.
- Subscription records. If you subscribe to dtoxy Pro, we store the Apple transaction identifiers, product id, status, and expiry date needed to grant and verify your subscription.
- Advertising identifiers. On the free plan we show ads via Google AdMob, which may use your device’s advertising identifier (subject to your App Tracking Transparency choice).
- Diagnostics. Basic, non-identifying logs and error reports that help us keep the service reliable.
2. What we don’t store
- Your photos. Images you scan are sent securely to our AI provider for analysis and are not retained by dtoxy after the result is produced.
- We never sell your data.
3. How we use your information
- To analyze the products you scan and return toxicity results.
- To keep your scan history available across sessions.
- To grant and verify your dtoxy Pro subscription.
- To show ads to users on the free plan.
- To operate, secure, and improve the service.
4. Camera and photos
dtoxy uses your camera and photo library only to capture the product you want to scan. The image is processed to produce a toxicity result and then discarded — it is not added to any profile and is not used to train models.
5. Advertising (free plan)
Free users see ads served by Google AdMob. On iOS, ad personalization depends on your App Tracking Transparency choice — you can decline tracking at any time in your device settings. dtoxy Pro subscribers see no ads.
6. Subscriptions and in-app purchases
dtoxy Pro is an auto-renewing subscription billed through your Apple account. Payments are processed entirely by Apple; we receive only the transaction metadata required to confirm your entitlement. We do not receive your payment-card details.
7. Third-party sub-processors
We rely on a small set of trusted providers:
- Supabase — authentication (email sign-in).
- OpenRouter & Google (Gemini) — AI analysis of the images and ingredients you scan.
- Open Food Facts — public product-database lookups.
- Apple — App Store payments and subscriptions.
- Google AdMob — advertising for free-plan users.
- Our hosting provider — runs the dtoxy backend and database.
8. Data storage and security
Data is transmitted over encrypted connections (TLS) and stored on access-controlled infrastructure. Access to your account is protected by your email sign-in.
9. International data transfers
Your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.
10. Data retention
We keep your account and scan history until you delete your account. Apple transaction records are retained as long as required for tax and audit purposes. See Delete account to remove your data.
11. Your rights
Depending on where you live (e.g. under GDPR, CCPA, or LGPD), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these rights, contact us at privacy@dtoxy.app.
12. Children’s privacy
dtoxy is not directed to children under 13 (or the minimum age in your region) and we do not knowingly collect their personal information.
13. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the “Effective” date above.
14. Contact us
Questions about this policy or your data? Email privacy@dtoxy.app.