1. Who we are

Labelz ("Labelz", "we", "us") provides the Labelz mobile application and the labelzai.app website. Labelz is based in Australia. For any privacy question, contact us at contact@labelzai.app.

2. Scope of this policy

This Privacy Policy describes how we collect, use, share, store and protect personal information when you use the Labelz mobile application, the labelzai.app website, and any related services. It should be read together with our Terms of Service.

3. What we collect

We keep data collection to what is needed to operate the Service. Categories of personal information we collect are set out below.

3.1 Account information (you give us)

3.2 Profile information (you give us)

3.3 Scan and usage information (generated as you use the app)

3.4 Subscription and billing information (from Apple and Google)

We do not receive or store your credit card, bank card, or full payment details. All payments are processed by Apple (iOS) or Google (Android).

3.5 Device and technical information (collected automatically)

3.6 Referral and affiliate information

4. How we use it

We use personal information to:

We do not sell your personal information. We do not use your data for cross-app advertising or share it with advertising networks.

Where the General Data Protection Regulation (GDPR), the UK GDPR, or similar laws apply, we rely on the following legal bases:

Where Australian law applies, we handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

6. Third-party processors

We use a small number of vetted third-party providers to operate the Service. Each processor is bound by a contract and handles data only on our instructions. Current processors:

Provider Purpose Data handled Region
Apple App distribution, Sign in with Apple, in-app purchases Account, purchase, device Global
Google App distribution, Sign in with Google, in-app purchases Account, purchase, device Global
Supabase Database, authentication, file storage, serverless functions Account, profile, scan, usage Sydney, Australia (ap-southeast-2)
Google Cloud Vision OCR text extraction from scan photos Scan photo, extracted text United States
OpenAI AI-assisted ingredient normalisation and classification OCR ingredient text United States
Anthropic AI fallback for ambiguous ingredient classification Ingredient text United States
RevenueCat Subscription management, entitlement checks, receipt validation App-user ID, subscription status, device ID United States
Expo Push notification delivery, over-the-air updates Device push token United States
PayPal Affiliate payouts (for affiliates only) PayPal email Global
Vercel Website hosting for labelzai.app Website request logs only Global edge network

The list of processors may change over time as we refine the stack. Where a change materially affects how your data is handled, we will update this policy and, where required, seek fresh consent.

7. Where your data is stored

Your account, profile, scans and usage data are stored in Supabase infrastructure hosted in Sydney, Australia (ap-southeast-2). OCR processing and AI classification may be carried out by providers based in the United States — we send only the text (and for a scan, the image) necessary to return a result. We do not send your email, account identifier, or preferences to the OCR or AI providers.

8. How long we keep it

When you delete your account, we delete personally identifying information as described in section 14. Aggregated and anonymised data may be retained under Recital 26 of the GDPR (which treats truly anonymised data as outside the scope of the GDPR) and equivalent Australian guidance.

9. Who we share it with

We share personal information only with:

We do not sell your personal information. We do not rent or trade it. We do not share it with advertisers or data brokers.

10. Tracking and advertising

Labelz does not track you across other apps or websites. The Labelz app contains no advertising SDKs and no cross-app tracking pixels. Our iOS privacy manifest declares NSPrivacyTracking = false and an empty tracking-domains list.

11. Cookies and the website

The labelzai.app website uses essential, first-party cookies only — for example, to remember whether you have dismissed a banner or to route you through a referral link. We do not use third-party advertising cookies and we do not run Google Analytics or Meta Pixel on the website. Server access logs retained by our hosting provider may contain IP addresses for a short period to detect abuse.

12. Children and age 13+

Labelz is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact contact@labelzai.app and we will take prompt steps to delete it. Users between 13 and 17 must have parent or guardian permission to use the Service.

13. Your rights

Depending on where you live, you may have the following rights:

To exercise any of these rights, contact contact@labelzai.app. We aim to respond within 30 days. We may need to verify your identity before we act on your request.

14. Account deletion

You can delete your account at any time from inside the app: Settings → Danger Zone → Delete Account. When you delete your account we:

After deletion, the remaining data cannot reasonably be re-associated with you and is treated as anonymised under applicable privacy law. You may also request deletion by email at contact@labelzai.app.

15. International data transfers

Some of our processors (including OCR, AI classification, subscription management and push notifications) are based in the United States. When we send your data to them, it leaves Australia. Where required, we rely on standard contractual clauses and similar safeguards to protect the data during transfer and processing. By using the Service you acknowledge that your data may be processed in jurisdictions with privacy laws different from your home country.

16. Security

We take reasonable steps to protect personal information:

No system is 100% secure. If we ever become aware of a breach that poses a real risk to your rights, we will notify you and the relevant authority in line with applicable law.

17. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change we update the "Last updated" date at the top, and where appropriate we also notify you in the app or by email. Your continued use of the Service after the updated policy takes effect constitutes acceptance of the change.

18. Contact us

For any privacy question, rights request, or complaint, contact contact@labelzai.app. If you are not happy with our response, you can also contact your local data protection authority, for example the Office of the Australian Information Commissioner at oaic.gov.au.