Privacy Policy

Last Updated: February 3, 2025

Contents

1. Introduction

Welcome to Cherry. We are committed to protecting your privacy and ensuring you understand how your personal information is collected, used, and safeguarded when you use our services.

This Privacy Policy applies to all Cherry services, including:

  • Web Dashboard — accessible at scorecherry.com
  • Mobile Application — available on iOS and Android
  • Browser Extension — available for Chrome and Chromium-based browsers

By using Cherry, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Email address — required for account creation and communication
  • Password — securely hashed; we never store passwords in plain text
  • Display name — optional, used for personalization
  • Account timestamps — when your account was created and last accessed

2.2 Product Scanning Data

  • Product information — names, URLs, images, and barcodes of products you scan
  • Product categories — food, cleaning products, hygiene products, or alcohol
  • Scoring history — your complete history of scanned products and their scores

2.3 Health Personalization Data

To provide personalized health insights, you may optionally provide:

  • Flagged ingredients — ingredients you want to avoid
  • Allergies — with severity levels (mild, moderate, or severe)
  • Dietary restrictions — vegan, keto, halal, gluten-free, etc.
  • Health conditions — diabetes, high blood pressure, etc.

2.4 User Preferences

  • Anonymous telemetry — opt-in only (default: OFF)
  • Cross-device sync — opt-in only (default: OFF)
  • Ingredient sensitivity level — how strictly to flag ingredients

3. How We Use Your Information

  • Providing product health scores — analyzing products based on nutritional data, ingredients, and safety information
  • Personalizing your experience — showing allergen warnings and recommendations based on your health profile
  • Improving our algorithms — using aggregated, anonymized data
  • Communicating with you — sending service updates and security alerts

We do NOT:

  • Sell your personal information to third parties
  • Use your data for targeted advertising
  • Share your health information with insurance companies or employers
  • Allow brands to influence product scores

4. Third-Party Services

We use the following third-party services to provide Cherry:

ServicePurposeData Shared
SupabaseAuthentication & DatabaseAccount data, preferences
OpenFoodFactsProduct data lookupProduct identifiers
USDA FoodDataNutrition verificationProduct identifiers
Claude VisionFood photo recognitionProduct images
RailwayCloud hostingApplication data

5. Data Storage & Security

  • Database Security — PostgreSQL with Row-Level Security (RLS)
  • Authentication — JWT with secure token handling
  • Encryption — HTTPS enforced for all communications
  • Rate Limiting — Protection against brute-force attacks

Local Storage:

  • Browser Extension — Chrome.storage.local (local only)
  • Mobile App — Encrypted AsyncStorage (local only)

We don't use: Tracking cookies, browser fingerprinting, or third-party advertising trackers.

6. Your Rights

All users have the right to:

  • Access — View all personal information we've collected
  • Correct — Update any inaccurate information
  • Delete — Permanently delete your account and data
  • Export — Download your data in a portable format

GDPR (EU/EEA): Right to object, restrict processing, withdraw consent, and lodge complaints.

CCPA (California): Right to know what data is collected. We do NOT sell personal information.

7. Data Retention

  • Account data — Retained until you delete your account
  • Scanning history — Retained until you clear it or delete your account
  • Backups — Deleted within 30 days of account deletion

8. Children's Privacy

Cherry is not intended for users under 13 (or 16 in EU/EEA). We do not knowingly collect data from children. Contact us if you believe we have inadvertently collected such information.

9. International Data Transfers

Cherry is operated from the United States. For EU/EEA users, we rely on Standard Contractual Clauses to ensure adequate protection for international data transfers.

10. Changes to This Policy

We may update this policy periodically. For material changes, we will notify you via email and/or in-app notification. Continued use after changes constitutes acceptance.

11. Contact Us

For questions about this Privacy Policy:

Email: support@scorecherry.com

Include "Privacy" in the subject line for privacy inquiries.