LoMangio
Privacy Policy
This Privacy Policy describes how LoMangio collects, uses and protects the personal data of users of the website lomangio.com and of the LoMangio mobile application (hereinafter, jointly, the "Service"). This document is drawn up in compliance with Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended (the "Privacy Code").
In short. LoMangio compares a food's ingredients with your profile (allergens, additives, nutritional thresholds) and gives you a verdict. We collect the bare minimum, we do not sell your data, ingredient photos are read on your device, and your profile is visible only to you. The profile contains health-related data: we process it only with your explicit consent and solely to give you the verdict.
1. Data Controller
The Data Controller is Davide Negri, as the natural person who owns the LoMangio project (not yet incorporated as a company).
Contact: [email protected]
2. Data we collect
We collect the following categories of personal data:
2.1 Data you provide directly
- Email address — when you create an account in the app.
- Login data — authentication credentials (encrypted password; or OAuth token in the case of login via Google).
- Food profile — the allergens, the additives (E-numbers) you want to avoid, the nutritional thresholds and other preferences you set. See §3: this is health-related data.
2.2 Data generated by use of the Service
- Barcodes (EAN) — when you scan a product, the EAN code is sent to our lookup services to retrieve the product's ingredients. The EAN code is not personal data and is not associated with a public profile.
- Scan history — the list of products you have scanned and the verdict obtained, saved to your account so we can show it again. Visible only to you.
- Ingredient photos (OCR) — when a product is not in the catalogue, you can photograph its ingredient list. The image is processed exclusively on your device (on-device text recognition via Google ML Kit): the photo never leaves the phone and is neither sent to nor stored on our servers. Any submission of photos to enrich the shared catalogue will be a future feature, opt-in and subject to dedicated consent.
2.3 Data collected automatically
- Technical data — operating system version, device model, language, time zone. Used for the operation and diagnostics of the Service.
- Payment data — for the Premium subscription (when available), payments are handled exclusively through Google Play Billing. We never come into possession of card details; from Google Play we receive only an anonymous purchase identifier and the subscription status.
2.4 Data we do NOT collect
- First and last name (not required)
- Phone number
- Home address
- Geolocation
- Data from the contacts in your address book
- Advertising or cross-app tracking identifiers
3. Health-related data (special categories, Art. 9 GDPR)
The food profile you set (declared allergens, intolerances, additives to avoid, nutritional thresholds, any family profiles) may reveal information falling within the "special categories" of Art. 9 GDPR, in particular health-related data. For this reason:
- we process it only on the basis of your explicit consent (Art. 9(2)(a) GDPR), given at the time you fill in your profile in the app;
- we use it exclusively to calculate the personalised verdict (🟢 I eat it · 🔴 I bin it · ⚪ I don't know it) and show it to you;
- it is visible and editable only by you: the database applies row-level security rules (RLS owner-only), so each user accesses only their own data;
- you can withdraw your consent at any time by deleting the profile or the entire account (see §9). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We do not use your profile data for advertising profiling, insurance or credit scoring, or for any purpose other than generating the verdict. We do not disclose it to third parties.
4. Purposes and legal bases
| Purpose | Legal basis | Data processed |
|---|---|---|
| Account creation, login and basic app functionality | Performance of the contract (Art. 6(1)(b)) | Email, login data |
| Personalised verdict on allergens, additives and nutritional thresholds | Explicit consent (Art. 6(1)(a) and, for Art. 9 data, Art. 9(2)(a) GDPR) | Food profile (health-related data) |
| Product lookup from the barcode | Performance of the contract | EAN code |
| Reading ingredients from photos (on-device OCR) | Performance of the contract — processing on the device only, no transmission | Image (never transmitted), extracted text |
| History of your scans | Performance of the contract | EAN, verdict, date |
| Premium subscription management | Performance of the contract | Email, subscription identifier |
| Service security and diagnostics | Legitimate interest (Art. 6(1)(f)) | Technical data |
| Legal compliance (tax matters, requests from the Authority) | Legal obligation (Art. 6(1)(c)) | All, if required |
5. Recipients and third parties
To provide the Service we rely on selected providers, all under Data Processor agreements (Art. 28 GDPR) and with GDPR-compliant safeguards:
- Supabase, Inc. (infrastructure in the EU region) — database of accounts and user profiles, authentication (email/password and OAuth). Privacy Policy.
- Cloudflare, Inc. (USA / Ireland) — website hosting, CDN, anti-DDoS and a read-only proxy for product lookup (no personally identifying user data passes through this proxy: only the EAN code travels). Privacy Policy.
- Google LLC (USA) — authentication via Google account (OAuth), Google Play Billing for the Premium subscription and Google ML Kit for text recognition from photos, which takes place entirely on the device. Privacy Policy.
- Open Food Facts — collaborative open-data database of food products (ingredients, additives, images), distributed under the ODbL licence. Product images are served from their CDNs. It receives no personal data of our users. Privacy.
We do not sell or license your personal data to third parties for marketing purposes.
6. Transfers outside the EU
Some providers are based outside the European Union (mainly the USA). In such cases, the transfer takes place solely with the safeguards provided for by the GDPR:
- Adequacy under Art. 45 GDPR (EU-US Data Privacy Framework, where applicable)
- Standard Contractual Clauses (SCC) approved by the European Commission
- Supplementary technical measures (encryption in transit and at rest)
7. Retention period
- Account and food profile: for the entire duration of the relationship; deleted within 30 days of the account deletion request (save for short periods for legal compliance).
- Scan history: as long as you keep the account; deleted together with it.
- Ingredient photos: never stored (processed only on the device).
- Payment data: not processed directly by the Controller; the retention of tax data is the responsibility of Google Play under its own policies.
8. Your rights
As a data subject, you may exercise the following rights at any time, free of charge:
- Access (Art. 15) — obtain a copy of your data
- Rectification (Art. 16) — correct inaccurate data (you can edit the profile directly in the app)
- Erasure / "right to be forgotten" (Art. 17) — delete the data and the account (see §9)
- Restriction (Art. 18) — suspend the processing
- Portability (Art. 20) — receive the data in a structured format
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdrawal of consent — at any time, without affecting the lawfulness of prior processing
- Complaint to the Garante — www.garanteprivacy.it — or to your local data protection authority
To exercise these rights, write to [email protected]. We will respond within 30 days.
9. How to delete your account and data
You can delete your account at any time, directly from the app: Profile → Delete account. Deletion removes your authentication account and, on a cascading basis, the food profile and the scan history.
Alternatively, you can request deletion by email by writing to [email protected] from the address associated with the account. You can find the full procedure and timing on the dedicated page: Account deletion.
10. Minors
LoMangio is not intended for children under 14 years of age, in accordance with Art. 2-quinquies of the Privacy Code. We do not knowingly collect data of children under 14. If you become aware that a child under 14 has provided us with data without parental consent, contact us at [email protected] and we will promptly delete it.
11. Security
We apply appropriate technical and organisational measures, including:
- TLS encryption for all communications
- Encryption at rest of the database and of the session on the device (Android Keystore)
- Row-level access rules (RLS owner-only): each user sees only their own data
- No secret key included in the distributed app
- Data access limited to the minimum necessary staff
No system is 100% secure; in the event of a data breach, we will inform you within 72 hours as required by Art. 33 GDPR.
12. Cookies and similar technologies
The website lomangio.com uses exclusively strictly necessary technical cookies, which do not require prior consent. The site does not use profiling, advertising or cross-site tracking cookies. The Cloudflare infrastructure may use technical security cookies (anti-DDoS) for purely defensive purposes. The mobile application does not use cookies.
13. Changes to this policy
We may update this Privacy Policy to reflect changes in the Service or in the applicable law. The current version is always available at this address. Substantial changes will be communicated to registered users with reasonable notice.
14. Contact
- Email: [email protected]
- Website: lomangio.com