Privacy Policy

Last Updated: March 7, 2026

1. Introduction

SpoonScan LLC ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we handle your information when you use our subscription-based mobile application and services.

Important: SpoonScan is a privacy-focused subscription service. By default, your content is processed locally on your device and through third-party AI services solely to provide you with recipe recommendations. If you choose to create an account (optional), your recipes, preferences, and other app data may be stored in our cloud service (Google Cloud Firestore) to sync across your devices. You may also use the app as a guest without creating an account. We do store minimal anonymous server-side data (such as rate-limiting counters and safety event logs) for security purposes, as described in Section 7 below.

By using SpoonScan, you agree to the data handling practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Our Privacy-First Approach

As a paid subscription service, we have designed SpoonScan to minimize data collection and maximize your privacy:

• Optional Accounts: You may optionally create an account using Apple Sign-In or Google Sign-In to sync your data across devices. You may also continue as a guest — guest mode stores all data locally on your device only, with zero cloud storage
• Minimal Server Data: We store anonymous rate-limiting counters and safety event logs on our servers for security purposes (see Section 7)
• No Tracking: We do not track your usage patterns or build profiles about you
• Temporary Processing Only: Your data is sent to third-party AI services only when you request recipes and is not retained by us

3. Information We Process

3.1 Information Processed Locally on Your Device

The following information is processed and stored locally on your device only:

• Photos of receipts and pantry items you upload
• Dietary preferences and restrictions you select
• Allergy filters you configure
• Age preferences for recipes
• Saved recipes and collections
• App settings and preferences

3.2 Information Sent to Third-Party Services

When you use SpoonScan features, the following data is temporarily sent to third-party services for processing:

• Photos (sent to Google Cloud Vision API for text extraction)
• Voice recordings (sent to Google Cloud Speech-to-Text for transcription)
• Ingredient lists and preferences (sent to Google Gemini AI for recipe generation)
• Shopping list items (sent to Instacart® Developer Platform API when you export to Instacart)
• Recipe URLs (sent to RapidAPI when you import recipes from social media links such as Instagram or TikTok)

We do not store copies of the raw data you send (receipt/pantry photos, voice recordings, ingredient lists). It is processed by third-party services and the results are returned to your device. If you have an account, saved recipes and preferences are stored in Firestore, and recipe images are stored in Firebase Storage for cross-device sync (see Section 3.4).

3.3 Subscription and Payment Information

Subscription payments are handled by the Apple App Store. We use RevenueCat to manage subscription status and entitlements. RevenueCat receives subscription identifiers from the app stores to verify your subscription status, but does not receive your payment details or personal information. If you create an account, your subscription is linked to your account identifier in RevenueCat so your subscription can follow you across devices. We do not collect, process, or store your payment information directly. Please refer to Apple's and RevenueCat's privacy policies for how they handle subscription data.

3.4 Account Information (Optional)

If you choose to create an account, we collect and store the following through Firebase Authentication:

• Your name and email address (as provided by Apple Sign-In or Google Sign-In)
• A unique account identifier

If you sign in, your app data (saved recipes, recipe history, pantry ingredients, shopping cart, meal prep plans, dietary preferences, and custom filters) is stored in Google Cloud Firestore linked to your account. Recipe images you save are stored in Firebase Storage (Google Cloud Storage). This enables syncing your data, including images, across multiple devices. Guest users' data remains on-device only.

4. How We Process Your Information

When you use SpoonScan, your data is processed in the following ways:

• Photos are sent to Google Cloud Vision API for optical character recognition (OCR) to extract ingredient text
• Voice recordings are sent to Google Cloud Speech-to-Text to transcribe spoken ingredients
• Ingredient lists, dietary preferences, allergy filters, and age preferences are sent to Google Gemini AI to generate personalized recipes
• Shopping list items are sent to Instacart Developer Platform API when you use the "Export to Instacart" feature
• Recipe URLs from social media platforms (Instagram, TikTok) are sent to RapidAPI for content extraction when you import recipes via shared links
• Generated recipes are returned to your device and saved locally. For signed-in users, recipe data is also stored in Firestore and recipe images are stored in Firebase Storage for cross-device sync

All processing happens in real-time. We do not retain your personal content after processing. For guest users, your preferences, recipes, and photos remain on your device only. For signed-in users, your app data is also stored in Google Cloud Firestore for cross-device sync (see Section 3.4). See Section 7 for details on server-side data we maintain.

5. Third-Party Services and AI Processing

We use the following third-party services to provide our core functionality:

• Google Gemini AI: We use Google's Gemini 2.0 Flash model to generate custom recipes based on your ingredients and preferences. Your ingredient lists, dietary preferences, allergy information, and age preferences are sent to Google's servers to generate personalized recipe recommendations.
• Google Cloud Vision API: We use Google Cloud services to process images you upload (receipts and pantry photos) using optical character recognition (OCR) to extract ingredient text.
• Google Cloud Speech-to-Text: We use Google Cloud services to process voice recordings when you use voice input to identify ingredients.
• Instacart® Developer Platform API: When you use the "Export to Instacart" feature, your shopping list items (ingredient names, quantities, and units) are sent to Instacart's servers to create a shopping list in your Instacart account. This feature is only available in the United States and Canada. SpoonScan participates in the Instacart affiliate program and may earn a commission when you place an order through the Instacart integration. This does not affect the prices you pay.
• Firebase Authentication: If you choose to create an account, we use Google Firebase Authentication to manage sign-in via Apple or Google. Firebase receives your name, email, and authentication credentials.
• Google Cloud Firestore: If you are signed in, your app data (recipes, preferences, pantry, etc.) is stored in Google Cloud Firestore to enable cross-device sync. Data is secured by per-user access rules — only you can read or write your own data.
• Firebase Storage (Google Cloud Storage): If you are signed in and save recipes, recipe images are uploaded to Firebase Storage for cross-device sync. Images are stored in your private folder and are automatically deleted when you unsave a recipe or delete your account.
• RevenueCat: We use RevenueCat to manage subscription status and entitlements. RevenueCat receives subscription identifiers to verify your subscription status but does not receive your payment details or personal information. If you have an account, your subscription is linked to your account identifier for cross-device access.
• RapidAPI: When you import recipes by sharing links from social media platforms (such as Instagram or TikTok), the URL is sent to RapidAPI to extract the recipe content from the page. Only the shared URL is transmitted; no personal data is sent.
• Content Safety: We employ automated content moderation to filter dangerous ingredients (such as toxic substances and unsafe food preparations) and inappropriate content from recipe generation.

Important: When you use our app, your data (ingredients, preferences, photos, and voice recordings) is processed by these third-party services. These services have their own privacy policies and data handling practices. We encourage you to review them:

• Google Cloud Privacy Policy: cloud.google.com/privacy
• Firebase Privacy Policy: firebase.google.com/support/privacy
• Instacart Privacy Policy: instacart.com/privacy
• RevenueCat Privacy Policy: revenuecat.com/privacy
• RapidAPI Privacy Policy: rapidapi.com/privacy

6. Data Security

Your information remains under your control. When data is transmitted to third-party services for processing:

• All data is encrypted in transit using industry-standard TLS/SSL protocols
• Third-party services (Google Cloud, Google Gemini, Firebase, Instacart, RapidAPI, RevenueCat) maintain their own security measures and certifications
• Your device's local storage is protected by your device's security settings and encryption
• If you have an account, your cloud data in Firestore and Firebase Storage is protected by per-user security rules — only authenticated requests with your credentials can access your data

No method of transmission over the internet is 100% secure. While we use industry-standard encryption, we cannot guarantee absolute security of data in transit to third-party services.

7. Data Retention

SpoonScan is designed as a privacy-first service:

• Our Servers: We maintain the following anonymous server-side data for security and service quality:
  • Rate-limiting counters: Anonymous IP-based counters to prevent abuse. These auto-expire after 7 days and are not linked to your identity.
  • Safety event logs: Anonymous logs of content safety events (e.g., blocked dangerous ingredient requests) for child safety monitoring. These contain no personal information.
  • Recipe cache: When you import a recipe from a URL, the extracted recipe data may be cached by URL for up to 7 days to improve performance. This cache contains only recipe content, not personal data.
• Cloud Data (Signed-In Users): If you have an account, your app data is stored in Google Cloud Firestore and recipe images are stored in Firebase Storage for as long as your account exists. You can delete all cloud data at any time using "Delete All My Data" in Settings, which removes both local and cloud data (including all uploaded images). You may also delete your account from the Settings screen.
• Your Device: All your personal data (recipes, preferences, scan history) is also stored locally on your device. You can delete this data at any time using the "Delete All My Data" option in Settings, or by clearing the app's data or uninstalling the app
• Guest Users: If you use the app as a guest, no data is stored in the cloud — all data remains on your device only
• Third-Party Services: Google Cloud, Google Gemini, Firebase, Instacart, RapidAPI, and RevenueCat may retain data according to their own privacy policies. When you delete your account, your subscription history may be retained by RevenueCat in anonymized form per their data retention policy. Please review their policies for details on data retention
• Server-Side Data Deletion: Anonymous server-side data (rate limits, safety logs, recipe cache) auto-expires within 7 days. If you wish to request immediate deletion of any server-side data associated with your IP address, contact us at support@spoonscan.com

8. Children's Privacy

SpoonScan is intended for users aged 13 and over. Children under 13 should not operate this app.

While SpoonScan offers a "Kids Mode" for creating recipes suitable for children, this feature is designed for parents and caregivers to create recipes FOR their children—not for children to use directly. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has used SpoonScan, please contact us at support@spoonscan.com and we will promptly delete any associated account and cloud data.

8.1 Voice Data and Children

Voice recordings are processed by Google Cloud Speech-to-Text solely for the purpose of transcribing spoken ingredients. Voice recordings are not stored by SpoonScan after processing. Google may retain voice data according to their own privacy policy (cloud.google.com/privacy). Users must be 13 years or older (or the minimum digital age of consent in their country, if higher) to use the voice input feature.

9. Your Privacy Rights

You have complete control over your data:

• Local Data Control: All your personal data is stored on your device. You can delete it anytime using the "Delete All My Data" option in the app's Settings, or by clearing app data or uninstalling
• Cloud Data Control: If you have an account, "Delete All My Data" in Settings also permanently deletes all your cloud-stored data from Firestore and all uploaded images from Firebase Storage
• Server-Side Data: Anonymous server-side data (rate limits, safety logs) auto-expires within 7 days. You may request immediate deletion by contacting us at support@spoonscan.com
• Third-Party Rights: You have rights regarding data processed by Google Cloud services and Firebase per their privacy policies
• Contact Us: If you have questions or concerns about how your data is processed, contact us at support@spoonscan.com

10. International Data Transfers

When you use SpoonScan, your data may be processed by third-party services (Google Cloud, Google Gemini, Firebase, Instacart, RevenueCat) located in various countries, primarily the United States. These services may transfer and process your data in countries other than your country of residence, which may have different data protection laws.

These third-party services maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) and other mechanisms approved by relevant data protection authorities. Please review the privacy policies of these services for information on their international data handling practices:

• Google Cloud Data Processing Terms: cloud.google.com/terms/data-processing-addendum
• Firebase Privacy Policy: firebase.google.com/support/privacy
• Instacart Privacy Policy: instacart.com/privacy
• RevenueCat Privacy Policy: revenuecat.com/privacy

11. Do Not Track

We do not track users or collect behavioral data, so Do Not Track (DNT) signals do not apply to SpoonScan. Your usage data is not tracked or stored by us.

12. Changes to This Privacy Policy and Business Model

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Important: If we introduce a free tier or change our business model in the future, we may need to update our data collection practices. Any such changes would be clearly communicated, and we would provide advance notice before implementing data collection features. You will always have the option to continue using the paid subscription service with our current privacy-first approach.

Changes to this policy are effective when posted on this page. Continued use of the service after changes constitutes acceptance of the updated policy.

13. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights:

• We do not sell your personal information
• We do not share your personal information for cross-context behavioral advertising
• Right to Know: If you have an account, you may request a copy of the personal data we store (name, email, app data in Firestore). Contact support@spoonscan.com
• Right to Delete: You can delete all your data using "Delete All My Data" in Settings, or contact us at support@spoonscan.com
• Guest users: No personal information is stored on our systems

Do Not Sell or Share My Personal Information: We do not sell or share personal information. California residents may contact us at support@spoonscan.com with any questions about their privacy rights.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with specific rights:

• Data Minimization: We collect only the data necessary for account functionality and cross-device sync. Guest users have no data stored on our systems
• Legal Basis: Account creation and cloud sync are based on your explicit consent (you choose to sign in). AI processing is based on our legitimate interest in providing the service
• Right to Erasure: Use "Delete All My Data" in Settings to delete all local and cloud data, including your account. You may also contact support@spoonscan.com
• Right to Portability: Contact support@spoonscan.com to request a copy of your stored data
• Third-Party Processing: Data processed by Google Cloud services and Firebase is subject to their GDPR compliance
• Your Rights: You control your data on your device and in the cloud. For data processed by third parties, contact them directly

15. Medical and Safety Disclaimer

SpoonScan is not a substitute for professional medical, nutritional, or dietary advice. The recipes and suggestions provided by our AI are for entertainment and inspiration purposes only.

• AI-generated recipes may contain errors, including food safety issues such as improper cooking temperatures or unsafe ingredient combinations
• Allergy filters are provided as a convenience but cannot guarantee allergen-free recipes due to cross-contamination and hidden ingredients
• Recipes for babies and toddlers are general suggestions only and should be reviewed by a pediatrician
• Always verify recipe safety and suitability for your specific dietary needs

16. Data Breach Notification

In the unlikely event that a security incident affects our systems (including Firebase/Firestore) or any third-party service we rely on in a way that compromises your data, we will:

• Notify affected users within 72 hours of becoming aware of the breach, as required by applicable law (including GDPR and state breach notification laws)
• Provide details about the nature of the breach and the types of data potentially affected
• Describe the measures taken to address the breach and mitigate potential harm
• Report to relevant supervisory authorities as required by law

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: support@spoonscan.com

Phone: +1 (702) 337-3072

Address: 2831 St. Rose Parkway, #200, Henderson, NV 89052, USA

Summary: SpoonScan is a privacy-focused subscription service intended for users 13 and older (or the minimum age required in your jurisdiction, whichever is greater). You may optionally create an account (Apple or Google Sign-In) to sync your data across devices — or continue as a guest with all data stored locally. If you sign in, your app data is stored in Google Cloud Firestore and recipe images are stored in Firebase Storage. All cloud data can be deleted at any time via "Delete All My Data" in Settings. We maintain minimal anonymous server-side data (rate limits, safety logs, recipe cache) that auto-expires within 7 days. Third-party services (Google Cloud, Google Gemini, Firebase, Instacart, RevenueCat) process your data to generate recipes and provide features, subject to their own privacy policies. This app is not medical advice.