Effective date: 5 July 2026 Controller: BerryMill LLC, 1712 Pioneer Ave, Ste 500, Cheyenne, WY 82001, USA ("Company", "we", "us") Contact: privacy@berrymill.app · Data Protection Officer: Not applicable (US-based; no DPO appointed)
This Privacy Policy explains how we collect, use, share and protect personal data when you use the Coreberry app, the website https://coreberryapp.com, and related services (the "Service").
1. Data we collect
a) Data you provide
- Account data: email address and authentication data (we manage authentication ourselves; sign-in providers such as Apple / Google may be used at sign-up).
- Allergen & health profile: the allergens you declare (food and cosmetic/fragrance sensitivities), severity settings, and any custom allergens you add.
- Scans & diary: the products, dishes and cosmetics you scan; scan history; reactions and symptoms you log; manual food-diary entries; and family/child profiles you create.
- Content you submit: photos of food labels, products, dishes and cosmetics; barcodes; and any text or notes you enter.
- Support & diagnostics communications, including an on-device log you may choose to send us for troubleshooting.
b) Data collected automatically
- Usage & analytics: feature usage and events, via Umami, a privacy-friendly, self-hosted analytics tool (no advertising cookies).
- Approximate location: when you scan, coarse location may be used to detect the venue/restaurant you are in and match its menu. You control the location permission.
- Device data: device model, OS version, app version, language, and a push-notification token (via Firebase Cloud Messaging).
- Diagnostics / crash data to keep the Service working.
- Apple Health (optional): if you connect Apple Health, sleep/activity signals are read on your device to time reminders; we do not upload your Health data.
c) Subscription data
- Subscription status and entitlements from our payments partner (RevenueCat) and the app stores. We do not receive or store full payment-card numbers — payment is handled by Apple, Google, or the payment processor.
We do not intentionally collect special-category data beyond the allergy/sensitivity information you choose to provide to make the Service work. You may delete this at any time.
2. How we use data
- To provide and operate the Service (accounts, allergen matching, scan history, reminders, subscriptions, family profiles).
- To power AI features — your inputs (label/dish photos, text) are sent to third-party AI providers to read labels and extract ingredients (see §4 and
AI_DISCLAIMER.md). - To detect venues and match menus using coarse location and public menu data.
- To send notifications you have enabled.
- To improve the Service, debug, and analyze usage.
- To provide customer support.
- To ensure security, prevent fraud/abuse, and comply with law.
3. Legal bases (GDPR / UK GDPR)
Where GDPR/UK GDPR applies, we rely on: performance of a contract (to provide the Service), your consent (e.g. push notifications, location, Apple Health, certain analytics — you can withdraw it), legitimate interests (to secure and improve the Service), and legal obligation. Your allergy/sensitivity data is processed on the basis of your explicit consent and to provide the Service you request.
4. Third parties we share data with (processors)
We share the minimum data needed with providers who process it on our behalf under contract:
| Provider | Purpose | Data |
|---|---|---|
| Hetzner (Germany, EU) | Hosting, database, object storage (self-managed Postgres + MinIO) | Account, allergen/scan/diary data, photos |
| Google (Gemini) | AI label/dish reading (primary) | Photos and text you submit for a scan |
| OpenAI | AI label/dish reading (fallback) | Photos and text you submit for a scan |
| RevenueCat + Apple App Store / Google Play | Subscriptions & billing | Subscription status, purchase tokens |
| Firebase Cloud Messaging (Google) | Delivering push notifications | Device push token |
| Umami (self-hosted) | Privacy-friendly product analytics | Usage events (no advertising identifiers) |
We also use public open datasets — Open Food Facts / Open Beauty Facts (product facts) and official EU/scientific reference lists — which do not contain your personal data.
We do not sell your personal data. We may disclose data if required by law, to protect rights and safety, or in a merger/acquisition (with notice where required).
5. International transfers
Our core hosting is in the EU (Germany). Some processors (e.g. Google, OpenAI, RevenueCat) may process data in the USA or other countries. Where required, we use appropriate safeguards (e.g. EU Standard Contractual Clauses) for such transfers.
6. Data retention
We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymize it within a reasonable period, unless a longer retention is required by law. You can request deletion at any time (see §8).
7. Security
We use technical and organizational measures to protect data (e.g. encryption in transit, access controls, credentials stored in the device keychain). No method is 100% secure, and we cannot guarantee absolute security. See the limitation of liability in DISCLAIMERS_AND_LIABILITY.md.
8. Your rights
Depending on your location (e.g. GDPR/UK GDPR, CCPA/CPRA), you may have the right to: access, correct, delete, port, restrict, or object to processing of your data, and to withdraw consent. California residents may have rights to know, delete, correct, and opt out of "sale/sharing" (we do not sell). To exercise your rights, contact privacy@berrymill.app. You may also delete your account in-app, which removes your profile, allergens, scans, diary and reactions. You can complain to your local data-protection authority.
9. Children
The Service is not directed to children under 13, and we do not knowingly collect their data. A parent/guardian may create child family profiles to manage a child's allergens; that data is controlled by the parent's account. If you believe a child provided data directly, contact privacy@berrymill.app and we will delete it.
10. Your choices
- Push notifications: enable/disable in app or device settings.
- Location: controlled by the OS permission; used only around scanning for venue detection.
- Apple Health: optional connection you can revoke in Settings.
- Analytics: privacy-friendly and cookieless in the app.
- Photos/camera: you control the OS permission.
11. Changes to this policy
We may update this policy; material changes will be notified in-app or by email and reflected by a new effective date. Continued use after the effective date constitutes acceptance.
12. Contact
Privacy questions or requests: privacy@berrymill.app — BerryMill LLC, 1712 Pioneer Ave, Ste 500, Cheyenne, WY 82001, USA.