Privacy Policy

v$kCurrentTosVersion · effective 2026-05-11

DRAFT — pending legal review. This text is a first-pass template generated from a standard product-safety scanner posture. It has not yet been reviewed by counsel. Triselle plans to commission a qualified lawyer (EU + US) before public launch.

1. Who we are Triselle ("we", "our") is the data controller for personal data processed via the Triselle mobile application. Contact: [email protected].

2. Data we collect Account: email address, authentication provider (email / Google), and a Supabase-managed user id.

Profile: the categories you said you wanted to scan, your consent timestamp + accepted Terms version, and the personalized modes you toggle on (pregnancy, baby, asthma, eczema, MCAS, autoimmune, pet dog / cat / bird).

Scans: the barcode, product name, brand, and ingredient list we read from your scan, plus the computed score and any flags the scoring engine produced.

Photos (OCR fallback only): the label image you choose to send to our OCR pipeline. We encrypt the image in transit and at rest. We do not retain images beyond what is needed to extract the ingredients and write the scan row.

Device: a randomly-generated install id for crash reporting (Firebase Crashlytics) and analytics (PostHog). No advertising identifier is collected.

3. How we use it Strictly to deliver the service: read scans, compute scores, show you history + trend, surface flagged ingredients with citations. We also use anonymized analytics to fix bugs and understand which features get used. We never sell your data. We never train AI models on your photos or scans.

4. Where it lives Account + profile + scans: Supabase, EU region (Frankfurt). Photos: Cloudflare R2, EU region. AI calls (Gemini Vision OCR + ingredient classification): routed through Google Gemini API; Google does not retain payloads when called via a paid tier with no-data-retention setting.

5. Sub-processors • Supabase (Postgres, Auth, Edge Functions) — data hosting • Cloudflare (R2 storage, DNS) — photo storage + edge • Google Gemini (Generative AI) — OCR + classification • RevenueCat — subscription state • OneSignal — push notifications (when enabled) • PostHog — analytics • Firebase Crashlytics — crash reports

6. Your rights (GDPR / CCPA / LGPD) You have the right to access, correct, delete, port, and restrict processing of your data. The "Delete all my data" button on the Profile screen runs the deletion immediately. A full DSR JSON export will land in a future release. To exercise any other right, email [email protected] and we will respond within 30 days.

7. Retention Account + scans: kept while your account is active. After soft-deletion (Delete all my data) scans are removed immediately and your profile resets to a fresh state. The auth.users row is removed in a follow-up Edge Function (full GDPR right-to-be-forgotten lands in a later release).

8. Children Triselle is for adults (18+). We do not knowingly collect data from children. Parents scanning baby products do so under their own account.

9. International transfers When you sign in via Google or use Gemini-backed OCR, your request may be processed by Google in another region. We use Standard Contractual Clauses where applicable.