Privacy Policy — Processed

Privacy Policy

Processed (the "App") · Operated by Reev Tech Inc. ("Reev", "we", "us", or "our")
Effective date: June 5, 2026  ·  Last updated: June 5, 2026

1. Introduction & Scope

Reev Tech Inc. develops and operates Processed, a mobile application that helps you understand the processing level of foods (using the NOVA classification system) by scanning product barcodes, analyzing photos of meals and ingredients, and keeping a food diary.

This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the rights and choices you have. It applies to:

  • the Processed mobile app for iOS and Android;
  • our backend services that power the App; and
  • our website at processedapp.com.

By creating an account or using the App, you acknowledge the practices described in this Policy. Where required by law, we rely on your consent, which you may withdraw at any time (see Section 10).

Definitions. In this Policy, "personal information" / "personal data" means information that identifies, relates to, or can reasonably be linked to an identifiable individual. "Processing" means any operation performed on personal data. "Special-category data" / "sensitive personal information" means data that requires heightened protection under applicable law (for us, this includes health- and diet-related information you provide). "Controller" means the entity that determines how and why data is processed (that is Reev Tech Inc.). "Sub-processor" means a third party that processes personal data on our behalf.

2. Who We Are — Data Controller & Contact

The controller responsible for your personal information is:

Reev Tech Inc.
3080 Yonge Street, Suite 6060
Toronto, Ontario M4N 3N1
Canada

Privacy contact: [email protected]

For any privacy question, request, or complaint, contact us at the email above. We aim to respond within the timeframes required by applicable law (see Section 10).

EU/UK Representatives. Processed is available globally, including to users in the European Economic Area (EEA) and the United Kingdom. We are in the process of designating an EU Representative and a UK Representative as required under Article 27 of the EU and UK GDPR. Until those representatives are designated and published here, EEA and UK users may contact us directly at [email protected] for all data-protection matters.

3. Information We Collect

We collect the following categories of personal information.

3.1 Account & identity data

  • A unique account identifier (Firebase UID).
  • Your email address and display name, obtained when you sign in with Google or Apple.
  • If you choose anonymous sign-in, a temporary anonymous identifier (no email or name).

3.2 Dietary & health-related data (sensitive)

During onboarding and use, you may provide information that relates to your health and diet, including:

  • how you feel after eating;
  • how often you know what is in your meals;
  • your eating-habit goals (for example: having more energy, eating less processed food, managing weight, or improving digestion);
  • your acceptance of our disclaimer and any opt-in to our community/movement.

We treat this as sensitive / special-category data and process it only on the legal bases described in Section 5.

3.3 Meal data

  • Photos of your meals.
  • Meal descriptions and text you enter.
  • Answers to AI follow-up questions, portion sizes, identified ingredients, and the date/time you logged each meal.

3.4 Product & barcode scan data

  • Barcode numbers of products you scan.
  • Photos of product ingredient lists you submit.
  • Scan timestamps and the resulting product information (title, nutrition facts, allergens, additives, category, and processing-level classification).
  • Your scan history.

3.5 Images

Meal photos and ingredient photos you capture are uploaded to our backend (encoded as data) for analysis. See Section 6 for how AI processes these images.

3.6 Feedback data

  • Star ratings, improvement suggestions, and optional comments you submit, linked to the relevant product or meal.

3.7 Subscription & purchase data

  • Your subscription/entitlement status and purchase history, managed through RevenueCat and the Apple App Store / Google Play billing systems.
  • We do not collect or store your payment-card details. Card and payment processing are handled directly by Apple and Google.

3.8 Device, technical & diagnostic data

  • Crash reports and diagnostic data (via Firebase Crashlytics), which may include device model, operating-system version, app version, and technical context about an error. We redact long values before they are logged.
  • App version information, IP address, and authentication tokens used to secure your requests.

3.9 Data stored locally on your device

  • App preferences and onboarding status (in local storage).
  • A local cache of products, scans, and articles to make the App faster and available offline. This data stays on your device until cleared.

3.10 Information we do not collect

  • We do not collect precise (GPS) location.
  • We do not use advertising identifiers (such as IDFA or GAID) and we do not serve third-party advertising.
  • We do not access your contacts.

4. How We Use Your Information

We use personal information to:

  1. Provide core features — barcode scanning, meal and ingredient analysis, the food diary, and NOVA processing-level classification.
  2. Perform AI analysis of your meal and ingredient images and text (see Section 6).
  3. Create and secure your account and authenticate you.
  4. Personalize your experience based on your onboarding answers and goals.
  5. Process and manage subscriptions and premium entitlements.
  6. Maintain reliability and improve the App through crash diagnostics and aggregated, de-identified analysis.
  7. Provide customer support and respond to your feedback.
  8. Communicate with you — including service/transactional messages and, where you have not opted out, marketing emails; and, if and when we introduce them, push notifications (see Section 15).
  9. Comply with legal obligations and enforce our Terms.

5. Legal Bases for Processing (EEA / UK)

Where the EU or UK GDPR applies, we rely on the following legal bases:

PurposeLegal basis
Creating and operating your account; providing core features; processing subscriptionsPerformance of a contract with you
Processing your dietary/health-related (sensitive) dataYour explicit consent (Art. 9(2)(a))
Crash diagnostics; security; service improvement using de-identified dataOur legitimate interests in keeping the App safe, reliable, and improving it
Marketing emails and (future) push notificationsYour consent, where required, or our legitimate interest, subject to your right to opt out
Meeting legal, tax, and regulatory obligationsCompliance with a legal obligation

You may withdraw consent at any time (Section 10); this does not affect processing carried out before withdrawal.

6. Artificial Intelligence & Automated Processing

Processed uses AI to analyze the meals and ingredients you submit.

  • What happens. When you photograph a meal or an ingredient list, or describe a meal in text, that image or text is sent to our backend and may be transmitted to third-party AI providers that perform image and language analysis on our behalf.
  • Which AI providers we use. Our current AI sub-processors are OpenAI, Anthropic, and Google (Gemini / Vision). These providers process the submitted content to identify foods and ingredients, estimate processing levels, and generate follow-up questions and results. They act under contractual terms that restrict their use of your data to providing the service to us. This processing may occur on servers located in the United States (see Section 8).
  • Model training. We do not provide your personal information to third parties to train their AI models for their own purposes. We may use de-identified and aggregated data (data that no longer identifies you) to evaluate and improve the accuracy and quality of our service.
  • No significant automated decisions. The App's AI provides informational food analysis. It does not make decisions that produce legal or similarly significant effects about you without human involvement.
  • Not medical or dietary advice. AI results, processing classifications, and nutrition information are provided for general informational purposes only. They may be incomplete or inaccurate and are not medical, nutritional, or dietary advice. Always consult a qualified professional regarding your health and diet.

7. How We Share Your Information — Service Providers & Sub-Processors

We do not sell your personal information. We share it only as described below.

RecipientPurposeNotes
Google Firebase (Google LLC / Google Cloud)Authentication, crash reporting (Crashlytics), remote configuration, database and storageData hosted in the United States
Google Cloud PlatformHosting of our backend API infrastructure
Google Sign-InSign-in optionAuthentication tokens
Apple — Sign in with AppleSign-in optionAuthentication tokens
RevenueCatSubscription and entitlement managementReceives account ID, purchase status, product IDs, timestamps
Apple App Store / Google PlayPayment and billingCard data handled by Apple/Google, not us
OpenAI, Anthropic, Google (Gemini/Vision)AI analysis of meal/ingredient images and textProcessing may occur in the United States (Section 6)
CloudflareContent delivery, security, and DNS for our domains
Our website / content (WordPress at processedapp.com)Serving articles and content

We may also disclose personal information:

  • For legal reasons — to comply with law, regulation, legal process, or enforceable governmental request, or to protect our rights, safety, and the safety of others.
  • In a business transfer — in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy or notify you of any material change.

A current list of sub-processors is reflected in this Policy and updated as our service evolves.

8. International Data Transfers

We are based in Canada, and our service providers — including Google/Firebase, our Google Cloud backend infrastructure, and our AI providers (OpenAI, Anthropic, Google) — process data in the United States and potentially other countries. This means your personal information may be transferred to, stored, and processed outside your country of residence, including outside Canada, the EEA, and the UK.

Where we transfer personal data from the EEA, UK, or other regions with cross-border transfer rules, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum) and equivalent contractual protections with our providers. You may contact us at [email protected] for more information about these safeguards.

9. Data Retention

We keep personal information only as long as necessary for the purposes described in this Policy:

  • Account, meal, scan, and onboarding data — retained while your account is active.
  • After account deletion — we delete or de-identify your personal information within 30 days, except where we must retain certain records to comply with legal, tax, or accounting obligations, or to resolve disputes and enforce our agreements.
  • De-identified and aggregated data — may be retained indefinitely, as it no longer identifies you.
  • Crash and diagnostic logs — retained for approximately 90 days.
  • Local cache on your device — remains until it expires or you clear it, by deleting the App or clearing its storage.

10. Your Rights & Choices

Depending on where you live, you have some or all of the following rights regarding your personal information.

10.1 Rights under the EU/UK GDPR

  • Access a copy of your data.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability — receive your data in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with your local supervisory authority.

10.2 Rights under U.S. state laws (California CCPA/CPRA and others)

  • Know / access the categories and specific pieces of personal information we collect.
  • Delete personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of "sale" or "sharing" of personal information — note that we do not sell or share personal information as those terms are defined under California law.
  • Limit the use of sensitive personal information.
  • Non-discrimination for exercising your rights.

10.3 Rights under Canadian law (PIPEDA and Québec Law 25)

  • Access and correct your personal information.
  • Withdraw consent, subject to legal or contractual restrictions.
  • Request information about how your data is handled, including automated processing.

10.4 Deleting your account and data

You can delete your account directly in the App. Account deletion removes your authentication record and triggers deletion of your associated data from our backend, subject to the retention exceptions in Section 9. You may also email [email protected] to request deletion.

10.5 How to exercise your rights

Email [email protected]. We may need to verify your identity before acting on a request. We will respond within the timeframe required by applicable law (generally within 30–45 days; we will tell you if we need an extension). Exercising these rights is free, except where a request is manifestly unfounded or excessive.

10.6 Complaints

EEA/UK users may complain to their data-protection authority. Canadian users may contact the Office of the Privacy Commissioner of Canada or, in Québec, the Commission d'accès à l'information. We would appreciate the chance to address your concerns first.

11. Device Permissions

The App requests the following permissions, which you can grant or revoke in your device settings:

  • Camera — to scan barcodes and capture photos of meals and ingredient lists.
  • Photo Library (iOS) — to save and select meal photos.

If you decline a permission, related features may not function.

12. Data Security

We use reasonable technical and organizational measures to protect your personal information, including:

  • Encryption in transit using HTTPS/TLS;
  • Authenticated access to our API using secure tokens and API keys;
  • Managed, access-controlled infrastructure via Google Cloud and Firebase.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach that affects you, we will notify you and the relevant authorities as required by applicable law.

13. Children's Privacy

Processed is intended for users 13 years of age and older. In the EEA and the UK, where the applicable minimum age of digital consent is higher (up to 16), users below that age must have consent from a parent or guardian.

We do not knowingly collect personal information from children below the applicable age. If you believe a child has provided us personal information, contact [email protected] and we will delete it.

14. Third-Party Links & Content

The App and website may display articles and links to third-party websites and content, and may open content in an in-app browser. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing personal information.

15. Communications

  • Service/transactional messages — we may send you essential messages about your account, security, and the service. These are not promotional and you cannot opt out of them while you have an account.
  • Marketing emails — where we send promotional emails, you can opt out at any time using the unsubscribe link or by emailing [email protected].
  • Push notifications (future feature) — we do not currently send push notifications. If we introduce them, they will be optional and you will be able to control them in your device settings, and we will update this Policy accordingly.

16. Region-Specific Disclosures

16.1 California (CCPA/CPRA)

In the past 12 months we have collected the following categories of personal information: identifiers (account ID, email, name); sensitive personal information (health/diet-related responses); commercial information (subscription/purchase records); internet/network activity and device diagnostics; visual information (meal and ingredient photos); and user content (feedback). We collect this for the business purposes in Section 4 and disclose it to the service providers in Section 7. We do not sell or share personal information and we do not use sensitive personal information for purposes beyond providing and improving the service. California residents have the rights described in Section 10.2.

16.2 Canada (PIPEDA / Québec Law 25)

We collect, use, and disclose personal information with your knowledge and consent, for the purposes identified in this Policy. We use service providers, including some outside Canada (notably the United States), which means your information may be accessible to authorities in those jurisdictions under their laws. You have the rights described in Section 10.3.

16.3 EEA / UK (GDPR)

Our legal bases are set out in Section 5, international transfer safeguards in Section 8, and your rights in Section 10.1.

17. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the App or by email. Your continued use of the App after an update means you acknowledge the revised Policy.

18. Governing Law & Contact

This Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-laws principles.

For any privacy question, request, or complaint:

Reev Tech Inc.
Attn: Privacy
3080 Yonge Street, Suite 6060
Toronto, Ontario M4N 3N1, Canada
Email: [email protected]