FridgeAI Privacy Policy
Last updated: April 15, 2026
Controller: PreCheck GbR with Kevin Wukasch and Peter Wilke · Hofer Str.66, 04317 Leipzig, Germany · kontakt@pre-check.info
1. Overview
FridgeAI helps you manage your household groceries, scan receipts, get recipe suggestions, and stay ahead of expiring items. We process only the data required for these features. This policy explains what we collect, why, and your rights.
2. Data we process
2.1 Account data
- Email address — for sign-in and account recovery (Art. 6(1)(b) GDPR, contract).
- Display name — collected at sign-up and shown to your household members so they see who added which item (Art. 6(1)(b)).
- Firebase User ID — technical identifier linking your data.
2.2 Inventory data
- Pantry/fridge items (name, quantity, expiry date, location, optional image).
- Shopping list and recipe favorites.
- Household data — if you share a household: member list with names.
Stored in Google Firestore, region europe-west1 (Frankfurt, Germany).
2.3 Receipt scanning
- Receipt photos are processed locally on your device (Google ML Kit). The image does not leave your device unless you explicitly attach it to an item.
- Extracted product and price information is added to your inventory.
2.4 Barcode scanning
- Barcode scans query the public Open Food Facts database using only the EAN code. No personal data is sent. Product info is cached locally for 24 hours.
2.5 Recipes
- Ingredient keywords from your inventory are sent to Spoonacular (USA) to fetch recipe suggestions. No personal data — only ingredient names like "tomato" or "pasta".
- When you open a recipe, its full content (title, ingredients, instructions) is fetched from Spoonacular and then translated to German via the DeepL API (Germany). Again, no personal data.
2.6 Subscriptions (FridgeAI Pro)
- Payments and subscription status are handled via RevenueCat and the respective App Store. RevenueCat receives a pseudonymous user ID and subscription status. Payment processing is entirely with the App Store — we never see card or bank details.
2.7 Push notifications
- We use Firebase Cloud Messaging to send expiry reminders. Your FCM token is stored in your user document and used only for push notifications.
2.8 Technical data
- App Check token (Google Play Integrity / Apple DeviceCheck) — ensures requests come from a genuine FridgeAI app. No personal content.
- Crash reports (if opted in) — anonymized error reports.
3. Legal bases
| Purpose | GDPR basis |
|---|---|
| Account, household, inventory | Art. 6(1)(b) (contract) |
| Recipes, barcode lookups | Art. 6(1)(b) |
| Expiry push notifications | Art. 6(1)(b) |
| App Store billing via RevenueCat | Art. 6(1)(b) |
| Security (App Check, rate limits) | Art. 6(1)(f) (legitimate interest) |
| Crash reports | Art. 6(1)(a) (consent) |
4. Recipients / processors
We share data with these processors (all covered by Data Processing Agreements):
- Google Ireland / Firebase — Auth, Firestore, Cloud Functions, Messaging, App Check. Primary region
europe-west1(Frankfurt). Unavoidable sub-transfers to the US are covered by EU Standard Contractual Clauses. - RevenueCat Inc., USA — subscription management. User ID + subscription status only.
- Spoonacular LLC, USA — recipe data. No personal data.
- DeepL SE, Cologne — recipe translation. EU-based.
- Open Food Facts, France (non-profit) — product database via barcode.
- Apple Inc. / Google LLC — App Store / Play Store payments and distribution.
5. Retention
- Account & inventory data: for as long as your account exists.
- Open Food Facts cache: 24 hours local only.
- Rate-limit counters: up to 24 hours on our servers.
- Account deletion: all personal data is fully removed within 30 days of your request.
6. Your rights
Under GDPR you have the right to:
- Access (Art. 15) — see what data we store about you.
- Rectification (Art. 16) — correct inaccurate data.
- Erasure (Art. 17) — delete your account directly via *Profile → Delete account*, or by email to kontakt@fridgeai.app.
- Restriction (Art. 18) and objection (Art. 21).
- Portability (Art. 20).
- Withdraw consent at any time, with effect going forward.
- Lodge a complaint with a data-protection authority — typically the one in your habitual residence.
7. Children
FridgeAI is not directed at children under 16. If we learn that we have collected data from someone under 16 without parental consent, we delete it promptly.
8. No ads, no tracking
FridgeAI contains no third-party tracking. We do not use IDFA and do not display the AppTrackingTransparency dialog. Crashlytics and analytics are disabled or opt-in.
9. Security
- All communication uses TLS/HTTPS.
- Firebase App Check blocks unauthorized clients.
- Firestore security rules ensure only you and your household members access your data.
10. Changes to this policy
We update this policy when our processing changes. The current version is always available at https://get-fridgeai.app/privacy. Material changes are also announced in-app.
11. Contact
Privacy questions or requests:
Email: kontakt@pre-check.info