BestBefore — Privacy Policy

1. Introduction

SquaredEm ("we", "us", or "our"), operated by Matteo Miceli, develops and maintains the BestBefore mobile application ("App"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our App.

By creating an account and using BestBefore, you acknowledge that you have read and understood this Privacy Policy.

If you have questions or concerns, please contact us at:

Email: squaredem.app@gmail.com
Data Controller: Matteo Miceli / SquaredEm

2. Who We Are (Data Controller)

Under the EU General Data Protection Regulation (GDPR) and applicable international privacy laws, the data controller responsible for your personal data is:

Matteo Miceli

Operating as: SquaredEm

Contact: squaredem.app@gmail.com

3. Scope of This Policy

This Privacy Policy applies to:

The BestBefore mobile application for Android
Any related services, features, or content accessed through the App

It does not apply to third-party websites or services that may be linked from our App.

4. Minimum Age and Children's Privacy

BestBefore is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13.

If you are under 16 and located in the European Union, you may need parental or guardian consent to create an account, in accordance with GDPR Article 8. By registering, you confirm you are at least 13 years old and, where required by applicable law, have obtained parental consent.

If we become aware that we have collected data from a child under 13 without appropriate consent, we will delete it promptly. Please contact us at squaredem.app@gmail.com if you believe this has occurred.

5. Data We Collect

5.1 Account and Identity Data

When you register for an account, we collect:

Email address
Display name (chosen by you)
Profile picture (optional, uploaded by you)
Authentication credentials (managed securely via Supabase Auth)

5.2 App Content Data

Data you actively enter into the App, including:

Food item names, quantities, and expiration dates
Storage spaces and household names
Space cover images (optional, uploaded by you)
Any notes or labels you add to items

5.3 Usage Data

We may collect basic analytics and usage data to improve the App, such as:

Feature interactions and app navigation patterns
Crash reports and error logs
Device type and operating system version

This data is collected in aggregated or anonymised form where possible and is not used to identify you individually.

5.4 Data From Third-Party Sources

When you scan a product barcode, we query the Open Food Facts database (openfoodfacts.org) to retrieve product information (name, category). This query is made without sending any personally identifiable information. Open Food Facts is an open-source, nonprofit food product database.

5.5 Data You Do Not Need to Provide

We do not collect payment information. We do not require your real name, phone number, address, or any government-issued identifier.

6. How We Use Your Data

We use your data only for the following purposes:

To create and manage your account
To provide core app functionality: tracking food items, expiration dates, and storage spaces
To sync your data across your devices
To send you expiration notifications (push notifications via Firebase Cloud Messaging)
To generate AI-powered recipe suggestions using the Gemini API (using your item data; no personal identifiers are sent)
To diagnose bugs, crashes, and technical issues
To improve and develop new features of the App

We do not use your data for targeted advertising. We do not sell your data to third parties. We do not use your data for automated individual decision-making or profiling that produces legal or similarly significant effects.

7. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases as defined in GDPR Article 6:

Performance of a contract (Art. 6(1)(b)): Processing necessary to provide you with the App and its core features, such as account management and data sync.
Legitimate interests (Art. 6(1)(f)): Processing for the purpose of improving the App, diagnosing technical issues, and ensuring security, where our interests are not overridden by your rights.
Consent (Art. 6(1)(a)): Where we request your consent (e.g., for push notifications), you may withdraw it at any time without affecting prior processing.

8. Data Storage and Security

8.1 Where Your Data Is Stored

Your account and app data is stored on servers provided by Supabase, a third-party cloud database provider. We use a Supabase instance hosted within the European Union (EU). This means your data remains within the EU and is not transferred to third countries.

8.2 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

Encrypted data transmission (HTTPS/TLS)
Supabase's built-in authentication and row-level security
Access controls limiting who can access production data

While we take security seriously, no system is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.

9. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data with the following third-party service providers solely for the purpose of operating the App:

Supabase (EU): Database hosting and authentication. Data remains in the EU.
Google Firebase Cloud Messaging (FCM): Delivery of push notifications. Only a device token is transmitted; no personal content is shared.
Google Gemini API: AI-powered recipe suggestions. We send food item names and expiration data; no personally identifiable information is included in these requests.
Open Food Facts: Barcode product lookup. Queries contain only the barcode number; no personal data is transmitted.

All third-party providers are bound by their own privacy policies and applicable data protection laws. Where relevant, we rely on standard contractual clauses or adequacy decisions for any data transfers.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data.

10.1 Rights Under GDPR (EU/EEA Users)

Right of access (Art. 15): Request a copy of your personal data.
Right to rectification (Art. 16): Request correction of inaccurate data.
Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
Right to restriction of processing (Art. 18): Request that we limit how we process your data.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

10.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us at squaredem.app@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.

10.3 Right to Lodge a Complaint

If you are located in the EU/EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your national data protection authority. In Austria, this is:

Österreichische Datenschutzbehörde

Barichgasse 40–42, 1030 Vienna, Austria

www.dsb.gv.at

11. Data Retention

We retain your personal data for as long as your account remains active or as necessary to provide our services. Specifically:

Account data is retained until you delete your account.
App content data (food items, spaces) is deleted upon account deletion.
Anonymised usage and diagnostic data may be retained for up to 12 months for analytical purposes.

To delete your account and all associated data, you may do so within the App settings or by contacting us at squaredem.app@gmail.com.

12. Push Notifications

BestBefore sends push notifications to remind you of upcoming food expirations. Notifications are delivered using Firebase Cloud Messaging (FCM). Your device token is used solely for this purpose and is not shared with third parties for marketing.

You can disable push notifications at any time through your device's system settings.

13. User-Generated Content

BestBefore allows you to upload profile pictures and space cover images. You are solely responsible for the content you upload. Do not upload images that include personal data of others, copyrighted material, or any unlawful content.

We do not moderate or review user-uploaded images unless a violation is reported. Uploaded images are stored on our Supabase infrastructure (EU) and are accessible only within your account.

14. Cookies and Similar Technologies

The BestBefore mobile application does not use browser cookies. We may use session tokens and local device storage solely for authentication and app state management. These are strictly necessary for the App to function and are not used for advertising or tracking purposes.

15. International Users

BestBefore is operated from within the EU. If you access the App from outside the EU/EEA, your data will be processed and stored in the EU as described in this policy. By using the App, you consent to this processing.

We do not knowingly direct our services to jurisdictions where doing so would be restricted by local law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this document. For significant changes, we will notify you within the App or via email.

Your continued use of the App after changes become effective constitutes acceptance of the revised policy.

17. Food Safety Disclaimer

IMPORTANT — PLEASE READ CAREFULLY.

BestBefore is a food inventory and expiration tracking tool designed to help you organise and monitor food items in your household. IT IS NOT A FOOD SAFETY AUTHORITY, A CERTIFIED FOOD SAFETY TOOL, OR A SUBSTITUTE FOR PROFESSIONAL FOOD SAFETY ADVICE.

Expiration dates displayed in the App are based solely on information you enter manually or data retrieved from third-party sources (such as Open Food Facts). We do not independently verify the accuracy of any expiration date, product name, or food safety information.

YOU ACKNOWLEDGE AND AGREE THAT:

BestBefore does not guarantee that food tracked in the App is safe to consume.
Expiration date notifications are reminders only. They do not constitute a guarantee that food is safe or unsafe to eat.
The safety of food depends on many factors beyond expiration dates, including storage conditions, handling, and temperature — none of which the App monitors.
AI-generated recipe suggestions are provided for convenience only and are not reviewed by nutritionists, food safety experts, or any qualified professional.
You are solely responsible for all decisions regarding food consumption. Always use your own judgement and, where in doubt, consult a qualified professional.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, SQUAREDEM AND MATTEO MICELI EXPRESSLY DISCLAIM ANY LIABILITY FOR ILLNESS, INJURY, HARM, OR LOSS OF ANY KIND ARISING FROM OR IN CONNECTION WITH FOOD CONSUMPTION DECISIONS MADE WITH OR WITHOUT REFERENCE TO INFORMATION PROVIDED BY THE APP.

By using BestBefore, you confirm that you have read, understood, and agreed to this Food Safety Disclaimer.

18. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:

Matteo Miceli / SquaredEm

Email: squaredem.app@gmail.com