Privacy Policy

Account Information: When you create an account via Google Sign-In, Sign in with Apple, or email and password, we receive:

• Your name (as provided by your identity provider)
• Your email address
• Your profile picture (if provided)
• A unique user identifier

Scan Data: When you use the App to scan food products or restaurant menus, we process:

• Photos of ingredient labels, barcodes, restaurant menus, or text you submit
• Text extracted from these images via optical character recognition (OCR)
• Barcode numbers for product identification

Important: Scan images are stored locally on your device only. They are sent to our AI processing service (Google Gemini) for analysis and are not permanently stored on our servers. Only metadata about your scan (verdict, ingredients detected, timestamp) is saved to your account.

Subscription Information: If you subscribe to Halal Check Premium:

• Subscription status and plan type
• Transaction history (managed by Apple App Store or Google Play)
• We do NOT collect or store your payment card information

Usage Data:

• Features you use (scan types, meal plans, shopping lists)
• App interaction patterns (anonymous, aggregated)
• Language preference
• Madhab preference (if you set one)

Technical Data:

• Device type, operating system version, app version
• Crash reports (anonymized, via Firebase Crashlytics)
• IP address (used only for rate limiting and security)

We use your information for the following purposes:

• Provide the Service: Authenticate you, process scans, generate meal plans, manage your subscription
• AI Analysis: Send scanned content to Google Gemini to determine halal status
• Personalization: Remember your preferences (language, madhab, dietary restrictions)
• Improve the Service: Understand how users interact with the App to improve features
• Communicate: Send you important updates about the Service (we do not send marketing emails unless you opt in)
• Security: Detect and prevent fraud, abuse, or security threats
• Legal compliance: Comply with applicable laws and respond to legal requests

We use the following third-party services to operate the Service. Each has its own privacy policy:

• Firebase Authentication (Google): Authentication and user identity management, including sending account verification and password-reset emails for email/password sign-in. Firebase Privacy
• Google Gemini (Google): AI-powered image analysis and meal planning. Google Privacy
• RevenueCat: Subscription management and receipt validation. RevenueCat Privacy
• Firebase Crashlytics (Google): Anonymous crash reporting. Firebase Privacy
• Render: Backend hosting for our API at https://eat-halal-api.onrender.com. Railway Privacy
• Apple App Store and Google Play Store: App distribution and payment processing
• Vercel Analytics: Website analytics (anonymous, no cookies)

Backend Storage: Your account information, scan history metadata, meal plans, and shopping lists are stored on our backend infrastructure hosted by Render at https://eat-halal-api.onrender.com. Data is encrypted in transit using HTTPS/TLS.

Local Device Storage: Scan images (photos) are stored on your device only in the app's private sandbox. They are never uploaded to our permanent storage. This is a deliberate privacy choice.

Third-Party Infrastructure: Authentication tokens are managed by Firebase. Subscription receipts are validated and stored by RevenueCat. These services have their own security measures.

We do not sell, rent, or trade your personal information. We share information only in the following cases:

• Service providers: Third parties listed above who help us operate the Service, subject to confidentiality obligations
• AI processing: Scanned images and text are sent to Google Gemini for analysis. Google does not use this data to train their models when used via our API
• Legal requirements: If required by law, subpoena, or legal process
• Safety: To protect the rights, property, or safety of our users, us, or others
• Business transfers: In connection with a merger, acquisition, or sale of assets

Depending on your location, you have the following rights regarding your personal information:

• Right to access: Request a copy of your data (via Settings → Export Data in the App)
• Right to rectification: Correct inaccurate data by contacting us
• Right to erasure: Delete your account permanently (via Settings → Delete Account in the App). All data associated with your account is purged immediately; backups are removed within 90 days.
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to certain types of processing
• Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, email us at khalidelattar9@gmail.com. We will respond within 30 days.

Active accounts: We retain your data for as long as your account is active.

Deleted accounts: When you delete your account, we permanently remove all associated personal data from our servers immediately. Backups containing deleted data are purged within 90 days.

Anonymized data: We may retain aggregated, anonymized data (that cannot identify you) for analytical purposes indefinitely.

Legal obligations: Some data (such as transaction records) may be retained longer to comply with tax, accounting, or other legal obligations.

Halal Check is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at khalidelattar9@gmail.com and we will take steps to remove that information and terminate the child's account.

Halal Check operates globally. Your data may be processed in countries outside your country of residence, including the United States (where our third-party service providers are based). These transfers are protected by appropriate safeguards, including standard contractual clauses and the privacy frameworks maintained by our service providers.

We implement appropriate technical and organizational measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit
• Secure authentication via industry-standard OAuth providers
• Limited access to personal data by our team
• Regular security reviews and updates

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Our website uses minimal tracking. We use Vercel Analytics for basic page view analytics. This does not use cookies or track you across websites. We do not use advertising trackers, Facebook Pixel, or similar technologies.

The mobile App does not use third-party advertising identifiers. Apple's App Tracking Transparency framework applies: we do not track you across other apps or websites.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we will notify you via email or in-app notification.

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

• Email: khalidelattar9@gmail.com
• Based in: Morocco