Privacy Policy

Effective date: June 12, 2026

Last updated: June 12, 2026

Applies to: BeeRoot Android app (com.beeroot.beerootandroid) and beeroot.xyz

This Privacy Policy explains how BeeRoot ("BeeRoot," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the BeeRoot mobile application and our website (collectively, the "Service").

BeeRoot helps you photograph food products and receive AI-assisted ingredient analysis personalized to safety profiles you create. Because the Service may involve health-related preferences, food images, and automated analysis, we describe our practices clearly below.

By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Service.

1. Scope and data controller

BeeRoot is the controller of personal information processed through the Service, except where we act as a processor on behalf of another party (which is not the case for standard consumer use of BeeRoot today).

This policy applies to information collected through:

The BeeRoot Android application
Our website at beeroot.xyz (including privacy, terms, and support pages)
Support communications you send to us

It does not apply to third-party websites, app stores, or services that we do not control (such as Google Play or Google Sign-In), except as described regarding service providers we use to operate BeeRoot.

2. Information we collect

We collect information you provide, information generated when you use the Service, and limited technical information from your device.

2.1 Account and authentication information

Email address
Firebase authentication user ID
Display name and profile photo URL (if provided or obtained via Google Sign-In)
Sign-in method (email/password or Google)
Authentication tokens used to verify requests to our backend
Basic account activity timestamps (for example, last active time)

2.2 Safety profiles and sensitive preference data

You may provide information relevant to food safety personalization. Depending on your settings, this may include:

Profile type (pregnant, kids, senior, or general)
Profile name and display emoji
Pregnancy trimester, if applicable
Allergies (from our reference lists and/or custom entries)
Dietary restrictions (catalog items and/or custom entries), including severity (Avoid or Caution) and enabled/disabled status

We treat allergy, restriction, and related profile data as sensitive in how we store and protect it, although you choose what to enter. When you scan food, we store a snapshot of the profile settings used for that scan.

2.3 Camera and image data

With your permission, BeeRoot accesses your device camera to photograph food labels, packaging, or prepared food. When you scan:

The photo is transmitted securely to our servers for analysis
We extract product and ingredient information from the image using automated and AI-based processing
A copy of the scan image may be stored in private cloud storage linked to your account

BeeRoot currently uses camera-based scanning, not barcode scanning. If camera permission is denied, scanning features will not function.

2.4 Scan results and usage data

Product names, ingredients, label warnings, and analysis output (Safe, Caution, or Avoid)
Per-ingredient reasons, matched allergens, and matched restrictions
Scan history, timestamps, and profile statistics (such as scan counts)
Technical analysis metadata (for example, model version and confidence indicators) used for quality, debugging, and improvement

2.5 Device, diagnostic, and local data

Crash and diagnostic data: via Firebase Crashlytics (crash reports and limited logs to improve stability)
Local device storage: cached reference data and onboarding preferences stored on your device (Room database and Android DataStore)
Network and security data: IP address, request metadata, and app/API interaction data processed by our infrastructure providers

We do not currently use Firebase Analytics in the BeeRoot Android app.

2.6 Information we do not collect

Based on the current BeeRoot app, we do not intentionally collect:

Precise geolocation
Contacts or address book contents
Microphone recordings
Payment card details directly (future purchases, if offered, are processed by Google Play)

3. How we use information

We use personal information to:

Create and manage your account and authenticate you
Provide scanning, ingredient analysis, and personalized safety results
Store and display scan history
Maintain and improve reference data, matching logic, and Service reliability
Monitor, prevent, and address fraud, abuse, security issues, and technical problems
Respond to support requests and legal obligations
Develop new features and improve user experience

Allergies and restrictions used during scanning are resolved on our servers at scan time. Client requests cannot override or weaken those server-side checks.

4. Legal bases for processing (EEA, UK, and similar jurisdictions)

If you are in the European Economic Area, United Kingdom, or a jurisdiction with similar requirements, we rely on the following legal bases:

Contract: to provide the Service you request (account, scanning, profiles, history)
Legitimate interests: to secure and improve the Service, prevent abuse, and support users (balanced against your rights)
Consent: where required (for example, camera permission on your device, or optional communications where applicable)
Legal obligation: where we must comply with applicable law

Where we process sensitive-related profile data you choose to provide, our legal basis is typically performance of the Service you request and, where required, your consent.

5. AI and automated analysis

BeeRoot uses automated processing, including Google Gemini AI models, to analyze food images and ingredient text. Outputs may influence Safe, Caution, or Avoid results shown to you.

Your image and profile-derived safety context may be sent to Google's AI services for processing
We apply additional automated keyword/synonym checks after AI analysis; these checks can escalate results to be more cautious, not less
Automated outputs may be inaccurate or incomplete; they are informational only and not medical advice

We do not use automated processing to make decisions with legal or similarly significant effects without human involvement. You should independently verify product labels and consult qualified professionals for health decisions.

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.

We share information only in these circumstances:

Service providers / processors that help us operate BeeRoot, including Google Firebase, Google Cloud, and Google Gemini, under contractual confidentiality and security obligations
Legal and safety reasons, if required by law or necessary to protect rights, safety, and security
Business transfers, such as a merger, acquisition, or asset sale (with notice where required by law)
With your direction or consent

For more information about Google's practices, see Google Privacy Policy and applicable Firebase/Google Cloud terms.

7. Retention and deletion

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Account and profile data is kept while your account is active
Deleting a profile removes associated scans and related scan images from our systems
Deleting an individual scan removes its associated stored image
Crash logs and operational logs are retained for limited periods according to provider settings and operational needs

You may request account deletion by emailing beer.root.broot@gmail.com. We may ask you to verify your identity before processing deletion requests.

8. Security

We implement reasonable administrative, technical, and organizational safeguards, including encrypted transport (HTTPS/TLS), authenticated API access, and access controls on cloud databases and storage.

No system is completely secure. You are responsible for maintaining the security of your device and account credentials.

9. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or port certain personal information, and to withdraw consent where processing is consent-based.

9.1 All users

Update profile/allergy/restriction data in the app
Revoke camera permission in Android settings
Request account/data deletion via beer.root.broot@gmail.com

9.2 EEA/UK users (GDPR)

You may have the right to lodge a complaint with your local data protection authority. You may also request access, rectification, erasure, restriction, portability, or objection by contacting us. We will respond within applicable legal timeframes.

9.3 California users (CCPA/CPRA)

California residents may have the right to know categories of personal information collected, request deletion, request correction, and opt out of sale/sharing (we do not sell or share personal information for cross-context behavioral advertising as defined by California law).

To exercise rights, email beer.root.broot@gmail.com with "Privacy Request" in the subject line. We will not discriminate against you for exercising privacy rights.

10. Children's privacy

BeeRoot is intended for use by adults and parents/guardians managing family food safety. The Service is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 without verifiable parental consent.

Parents or guardians may create profiles related to children within their account. If you believe we collected information from a child in violation of this policy, contact us and we will take appropriate steps.

11. International data transfers

BeeRoot is operated from the United States. If you access the Service from other countries, your information may be transferred to, stored in, and processed in the U.S. and other countries where we or our service providers operate, which may have different data protection laws than your jurisdiction.

Where required, we rely on appropriate safeguards for international transfers (such as standard contractual clauses or equivalent mechanisms offered by service providers).

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the "Last updated" date. Where required by law, we will provide additional notice (such as in-app notice or email). Continued use after the effective date of changes constitutes acceptance unless applicable law requires otherwise.

13. Contact us

For privacy questions or requests:

Email: beer.root.broot@gmail.com
Support page: beeroot.xyz/support

Health and AI disclaimer: BeeRoot is not a medical device and does not diagnose, treat, cure, or prevent disease. Information provided by the Service is for general informational purposes only and may be inaccurate or incomplete. Always read product labels and consult qualified healthcare professionals for medical advice, especially for allergies and severe dietary restrictions.