Privacy Policy

Effective Date: April 20, 2026

TaliScan ("Tali," "we," "us," or "our") is a product health scanning app that helps you understand what's in the food, personal-care, and household products you buy. This policy explains what data we collect, why we collect it, and how we protect it.

We believe privacy policies should be readable. No walls of legalese here.

1. What We Collect and Why

Account Information

When you create a TaliScan account, we collect:

  • Name, email, and password — to create and secure your account.
  • Household type (e.g., single, family with kids) — to tailor health scoring to your situation.
  • Dietary preferences (e.g., vegan, keto) — so scores reflect what matters to you.
  • Allergens (e.g., peanuts, gluten) — to flag ingredients that affect your health.
  • Health goals (e.g., reduce sugar, increase fiber) — to personalize recommendations.

We collect this during onboarding because it directly shapes the experience. TaliScan without personalization is just a barcode reader.

Scan Data

When you scan a product barcode, we send the barcode to our servers to retrieve product information and calculate a health score. We log each scan event (barcode, result type, and your user ID) on our servers for two reasons: to show you your scan history across devices, and to prioritize which unknown products we research and add to our database first. Your on-device scan history is also stored locally for fast access.

Product Label Photos

When a scanned barcode isn't in our database (a "scan miss"), you can photograph the product label to help us add it. These photos are sent to our backend for processing and stored for product verification. We use the photos solely to extract ingredient and nutrition data for our product database.

Subscription Information

We use Apple StoreKit to manage subscriptions. Apple handles all payment processing. We receive confirmation of your subscription status but never see your payment card details.

Analytics Events

We log usage events (screen views, scan counts, feature usage, paywall interactions) through two third-party analytics services: Google Firebase Analytics and Superwall. These events include your device's Identifier for Vendor (IDFV) — an Apple-provided identifier that is unique to TaliScan on your device and cannot be used to track you across other companies' apps. Events are linked to your TaliScan user ID so we can understand the full user journey (not just aggregate counts) and spot bugs. We do not use IDFA (the advertising identifier) and we do not show the App Tracking Transparency prompt because we do not track you across other companies' apps or websites.

Communications

We use your email address for three purposes:

  • Transactional messages — account verification, password resets, subscription receipts, and important service announcements. These are required for the app to function.
  • Product updates and tips — occasional emails about new features, interesting additives we've added to our database, and scan tips. You can opt out at any time via the unsubscribe link in every message or by emailing support@taliscan.com.
  • Feedback requests — we may occasionally ask you to share feedback on the app. Optional; you can ignore or opt out.

If you sign in with Apple and choose "Hide My Email," we receive a forwarding address (@privaterelay.appleid.com) and treat it exactly like a real email. You can disable forwarding at any time from your Apple ID settings.

2. How We Use Your Data

We use your data to:

  • Deliver the core product. Calculate personalized health scores, flag allergens, and analyze ingredients based on your profile.
  • Expand our product database. Label photos from scan misses help us cover more products for all users.
  • Improve the app. Aggregated analytics tell us what to build next and what to fix.
  • Communicate with you. Send optional push notifications (feature updates, scan insights) and respond to support requests.
  • Maintain security. Detect and prevent abuse, fraud, or unauthorized access.

We do not use your data to serve advertisements. We do not sell your personal data to anyone. We do not build advertising profiles.

3. Data Storage and Security

Your data lives in two places:

  • On your device. Scan history is stored locally using your device's secure storage.
  • On our servers. Account data, dietary profiles, and label photos are stored in a PostgreSQL database hosted by Supabase, with our API running on Railway.

We protect your data with:

  • Encryption in transit (TLS/HTTPS for all API communication).
  • Encryption at rest for database storage.
  • Hashed passwords (we cannot read your password).
  • Row-level security policies in our database.
  • Access restricted to essential personnel only.

No system is perfectly secure. We implement industry-standard protections and continuously evaluate our security posture, but we cannot guarantee absolute security.

4. Third-Party Services

We work with a small number of third-party services, each with a specific purpose:

Service Purpose Data Shared
Apple (StoreKit, Sign in with Apple) Subscription billing, account authentication Subscription status, transaction receipts, Apple identity token at sign-in
Supabase Database hosting (PostgreSQL) Account data, dietary profiles, label photos
Railway API server hosting All data processed through our API
Google Firebase Analytics Usage analytics IDFV, event data, app session info
Superwall Paywall A/B testing and conversion analytics IDFV, paywall interaction events, subscription state
OpenAI OCR fallback for label text extraction Label photo content (for text extraction only)
Anthropic LLM fallback for ingredient parsing and product research Label photo content, ingredient text (for extraction and normalization only)

When label photos are sent to OpenAI or Anthropic for text extraction or ingredient parsing, they are processed under each provider's API data usage policy. Neither provider uses our API inputs for model training under their enterprise API terms. We use these as fallbacks when our primary extraction methods are insufficient.

We do not integrate with any third-party advertising networks, data brokers, or social media platforms.

5. Camera and Photo Permissions

TaliScan requests camera access for two reasons:

  1. Barcode scanning. The camera reads barcodes in real time. No photos are taken or stored during barcode scanning.
  2. Label photography. When you choose to photograph a product label for a scan miss, the photo is captured, sent to our servers, and stored for product verification.

Camera access is required for the app to function. Photo library access is only requested if you choose to select an existing photo instead of taking a new one. You can revoke camera permissions at any time in your device settings, though this will prevent scanning.

6. Children's Privacy

TaliScan is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, contact us at support@taliscan.com and we will delete it promptly.

If a household profile includes children, the dietary and allergen preferences entered are associated with the parent's account, not with a child's account.

7. Data Retention

  • Account data is retained for as long as your account is active.
  • Label photos are retained indefinitely as part of our product database, since they serve all users. Photos are stripped of metadata (EXIF data, location tags) before long-term storage.
  • Analytics events are retained in aggregated form. Individual event logs are purged after 90 days.
  • Deleted accounts are purged from our systems within 30 days of a deletion request, except where we are legally required to retain certain records.

8. Your Rights

Regardless of where you live, you can:

  • Access your data. Request a copy of the personal data we hold about you.
  • Delete your account. Request full deletion of your account and associated personal data. Use the in-app account deletion option or email us.
  • Export your data. Request a machine-readable export of your profile and preferences.
  • Opt out of push notifications. Disable notifications in your device settings or in-app preferences at any time.
  • Correct your data. Update your dietary preferences, allergens, health goals, and profile information directly in the app.

To exercise any of these rights, email support@taliscan.com. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete your personal information, subject to certain exceptions.
  • Right to non-discrimination for exercising your privacy rights.
  • Right to opt out of sale. We do not sell your personal information, so there is nothing to opt out of.

Categories of personal information we collect: Identifiers (name, email, user ID, device IDFV), dietary and health-related preferences, commercial information (subscription status), user content (label photos you submit), and internet activity (scan events, app usage analytics).

Categories of personal information we sell: None. We do not sell personal information.

To make a CCPA request, email support@taliscan.com with the subject line "CCPA Request."

10. International Users

Our servers are located in the United States. If you use TaliScan from outside the US, your data will be transferred to and processed in the US. By using the app, you consent to this transfer. We apply the same protections to all user data regardless of origin.

If you are in the European Economic Area and believe we need a lawful basis for processing your data: we process account data based on contract performance (delivering the service you signed up for), analytics based on legitimate interest (improving our product), and marketing communications based on consent.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you through the app or by email before the changes take effect. Minor clarifications or formatting changes won't trigger a notification.

The "Effective Date" at the top always reflects the latest version.

12. Contact Us

Questions, concerns, or requests about your privacy:

Email: support@taliscan.com

We aim to respond to all inquiries within 30 days.

← Back to home Last updated: April 20, 2026