Privacy Policy

Last updated: May 1, 2026

This Privacy Policy explains how FlashPan ("FlashPan", "we", "us", or "the app") collects, uses, shares, and protects your information when you use the FlashPan mobile application and related websites at flashpanapp.com (together, the "Service"). FlashPan is designed to collect as little personal data as is necessary to operate the Service, and we do not use advertising networks, cross-app tracking, or third-party analytics SDKs.

If you do not agree with this Policy, please do not create an account or use the Service.

1. Who is the controller of your data

The "data controller" responsible for your personal data under the EU/UK General Data Protection Regulation (GDPR) and the equivalent role under other applicable laws is the operator of FlashPan. You can contact us at mail@flashpanapp.com for any privacy-related question, including a request to exercise your rights described in Section 11.

2. Categories of information we collect

We collect the following categories of information:

• Account information. When you sign up with email and password, we store your email address and, if you provide one, your display name. If you sign in with Apple, we receive the identifiers Apple shares with us (a stable Apple user identifier and, the first time you sign in and only if you choose to share them, your name and email — which may be a private relay address generated by Apple of the form x@privaterelay.appleid.com). Passwords are handled by our authentication provider (Supabase Auth) and are never stored in plaintext by us.
• Authentication session. Once you sign in, your session token is stored on your device using the operating system's secure storage (Keychain on iOS, encrypted Keystore on Android). It is used solely to keep you signed in.
• App content stored on our backend. Recipes you save, pantry items you add, favourite ingredients you mark, your token balance, your "daily reward" claim timestamp, your AI-feature consent timestamps, and your account-level rate-limit counters are stored in our backend and linked to your account identifier.
• App content stored only on your device. Your shopping list, your chat conversation with the AI assistant (kept in app memory only and lost when you close the chat or the app), and the "prioritize local recipes" toggle are stored locally on your device. They are not uploaded to our backend except when their contents are transiently included in an AI request that you initiate.
• Token balance and purchase records. Your in-app token balance, a record of token purchases (platform, store product ID, store transaction ID, the minimal store receipt fields used to verify the purchase, status, and number of tokens credited), and a log of token-consuming actions (which AI feature was called and how many tokens it consumed). These logs do not contain the content of your AI requests or responses.
• Diagnostic / error logs. When the app encounters an unhandled error while you are signed in, we record a minimal diagnostic entry containing the error message, the stack trace, the platform (iOS/Android), the operating-system version, the error category, and your account identifier so we can correlate the entry with you if you contact us. We do not record screen contents, text you typed, network request bodies, advertising identifiers, device fingerprints, or precise device identifiers. Logs are deduplicated and rate-limited, and are stored in our own backend (Supabase). We do not use any third-party crash-reporting SDK such as Sentry, Bugsnag, Crashlytics, or Firebase Crashlytics.
• Camera and photo-library content (transient). Photos you take or pick for ingredient scanning. See Section 3.
• Coarse location (transient, optional). See Section 4.
• Information automatically generated by your device. When your device communicates with our backend, our hosting provider may temporarily process your IP address and basic request metadata (timestamp, request path) for security and abuse-prevention purposes. We do not maintain our own analytics database from this metadata.

We do not collect the following: device advertising identifiers (IDFA / AAID), behavioural analytics, biometric data, contacts, calendar entries, microphone audio, SMS, call logs, browsing history outside the app, payment-card numbers, or any "special category" data within the meaning of GDPR Article 9. We do not maintain user profiles for advertising purposes.

3. Camera and photo library

FlashPan lets you take a photo of your ingredients with your camera or pick an existing photo from your gallery. Camera and photo-library access are requested through the operating system's standard permission prompts and can be revoked at any time from your device settings.

Before the image leaves your device, it is resized and re-encoded, which removes EXIF metadata, including any GPS coordinates, camera serial number, or timestamps that may have been embedded. The image is then sent over TLS to our backend, which forwards it to OpenAI for ingredient detection. The ingredient list returned by OpenAI is parsed and returned to your device.

We do not store the photos you submit. They are processed in transit, held only as long as necessary to obtain the AI response, and discarded thereafter. They are not saved in our database, are not used to train any AI model, and are not shared with third parties beyond the AI provider described in Section 6. OpenAI's handling of those images is governed by its own enterprise data-handling commitments (see Section 6).

4. Location

Location access is optional and disabled by default. It is only requested when you turn on the "prioritize local recipes" toggle in the profile screen of the app. When the toggle is on, we read your location only while you are actively using the app and at the lowest accuracy the operating system makes available to us.

We resolve the device-provided coordinates to a country-level string (for example, "Hungary"). We do not transmit your precise GPS coordinates off your device, and we do not store either the coordinates or the country string in our backend. The country string is included only in the body of the single AI recipe-generation request you initiate, so the AI can prioritise recipes from your region's cuisine.

You can disable the toggle at any time in the profile screen, and you can revoke the operating-system location permission entirely from your device settings; either action stops further location reads.

5. In-app purchases and the daily reward

FlashPan sells consumable in-app tokens through Apple's App Store (StoreKit) and Google Play Billing. Payments are processed entirely by Apple or Google under their own terms — we do not see, receive, or store your payment-card details, billing address, or full purchase receipt.

When you complete a purchase, your device sends the store-issued receipt or transaction identifier to our backend. We verify it server-side with Apple's App Store Server API or Google Play's Developer API, store the minimal fields required for verification and bookkeeping (platform, product ID, transaction ID, receipt status, the minimal store-issued receipt data, the number of tokens credited, and the time of the transaction), and credit the corresponding number of tokens to your account. Each verified transaction is bound to your FlashPan account identifier so the purchase cannot be replayed against a different account.

FlashPan also grants free promotional tokens — for example, a daily reward you can claim once every 24 hours. Promotional grants are recorded in the same token ledger together with the timestamp of your last claim.

6. AI processing — what is sent to OpenAI

FlashPan's AI features (ingredient detection from photos, recipe generation, and the AI chat assistant) are routed through our backend (Supabase Edge Functions) to OpenAI, which is currently our only AI model provider. Our backend acts as a controlled gateway: we hold the OpenAI API credentials server-side; the app itself never sees those credentials and does not call OpenAI directly.

Only the content needed to fulfil your specific request is transmitted to OpenAI. Depending on the feature, this may include: the resized photo (with EXIF removed), a chat prompt and a short window of recent chat turns needed for context, the ingredients and dietary preferences you enter, the recipe options you select, and (only if you enabled the location toggle) a coarse country string. Your email address, display name, password, account identifier, token balance, purchase history, and error logs are never transmitted to OpenAI.

OpenAI processes the request as our sub-processor under the data-processing commitments it offers to API customers, which currently include a default policy not to use API inputs and outputs to train OpenAI's models. OpenAI's processing of the data we transmit is also subject to OpenAI's own privacy policy. We may change AI providers in the future; if we do, we will update this Policy.

7. How data is stored and where

Account information, saved recipes, pantry items, favourite ingredients, AI consent records, token balance and ledger, purchase records, error logs, and rate-limit counters are stored in our backend, which is hosted by Supabase, Inc. Supabase acts as our data processor and provides authentication, database, storage, and edge-function hosting on infrastructure operated on its behalf by Amazon Web Services. Data in transit is protected by TLS, and data at rest is encrypted by the hosting infrastructure.

Data on your device — your authentication session token, your shopping list, your "prioritize local recipes" toggle, and any cached app state — is stored using the operating system's standard mechanisms (Keychain / encrypted Keystore for the session, the application sandbox for everything else). It can be deleted by signing out, clearing the app's data, or uninstalling the app.

8. International data transfers

Our hosting provider (Supabase) and our AI provider (OpenAI) are based in the United States, and your data may be processed there or in other countries where their infrastructure is located. Where required by GDPR, UK GDPR, or Swiss data-protection law, such transfers are made under appropriate safeguards — primarily the European Commission's Standard Contractual Clauses (and, for UK transfers, the UK International Data Transfer Addendum) entered into by the relevant provider, together with supplementary technical measures such as encryption in transit and at rest. You can request a summary of the safeguards in place by emailing mail@flashpanapp.com.

9. Legal bases for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies to you, we rely on the following legal bases:

• Performance of a contract (Article 6(1)(b)) — to create your account, deliver AI features you request, process your token purchases, deliver the daily reward, and provide the rest of the Service.
• Legitimate interests (Article 6(1)(f)) — to operate the Service securely, prevent fraud and abuse (including IAP receipt replay and free-token abuse), keep diagnostic error logs to identify and fix bugs, verify purchase receipts with Apple and Google, and enforce our Terms.
• Consent (Article 6(1)(a)) — for camera, photo-library, and location access (each obtained through the operating-system prompt and revocable at any time), and for the AI-feature acknowledgements you accept inside the app. Where you give consent, you can withdraw it at any time without affecting processing already carried out.
• Compliance with a legal obligation (Article 6(1)(c)) — to retain certain purchase, tax, and accounting records for the periods required by applicable law.

10. Disclosure of your information

We share information only as follows:

• Service providers acting as our processors: Supabase (hosting, database, authentication, edge functions, file storage) and OpenAI (AI processing, as described in Section 6). Each is bound by contract to process data only on our instructions and to apply appropriate security measures.
• Apple and Google, in their roles as the operators of the App Store and Google Play, in connection with account sign-in (where you choose Sign in with Apple) and in-app purchases. These companies act as independent controllers of the data they collect from you in those flows.
• Authorities and courts, where we are legally required to disclose information (for example, in response to a binding court order or a lawful request from a competent authority), or where disclosure is necessary to protect our rights, the rights of users, or the public.
• A successor entity, if we restructure, sell, or transfer all or part of our business or assets. In that case we will require any successor to honour this Policy or notify you so you can choose to delete your account before the transfer takes effect.

We do not sell or rent your personal information, and we do not "share" personal information for cross-context behavioural advertising within the meaning of the California Consumer Privacy Act (CCPA), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, or any similar US state law.

11. Your rights

Subject to applicable law and to verification that the request is genuinely yours, you have the following rights with respect to your personal data:

• Access — obtain a copy of the personal data we hold about you. You can self-serve this by tapping Export my data on the profile screen of the app, which generates a JSON file containing your account information, saved recipes, pantry items, favourite ingredients, token transaction and purchase history, and AI-consent records.
• Rectification — update your display name and your "prioritize local recipes" preference directly in the profile screen. For other corrections, contact us.
• Erasure ("right to be forgotten") — delete your account from the profile screen of the app. Account deletion permanently removes your profile, saved recipes, pantry items, favourite ingredients, token balance, AI-consent records, rate-limit counters, and the personally identifying portions of your error logs from our live database. Token purchase and transaction records are de-identified (your account identifier is removed from them) rather than deleted outright, where retention is required for tax, accounting, or fraud-prevention obligations — see Section 12. If you used Sign in with Apple, deletion also revokes your Apple authentication tokens with Apple, in line with App Store Review Guideline 5.1.1(v).
• Restriction and objection — ask us to pause certain processing, or object to processing based on our legitimate interests, on grounds relating to your particular situation.
• Data portability — receive your data in a structured, commonly used, machine-readable format. The in-app "Export my data" feature is provided for this purpose.
• Withdraw consent — toggle off "prioritize local recipes", revoke camera, photo-library, or location permissions in your device settings, or withdraw any other consent you previously gave. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
• Lodge a complaint with a supervisory authority — if you are in the EU, EEA, UK, or Switzerland, with the data protection authority of your country of residence. We would, however, appreciate the opportunity to address your concerns first; please email mail@flashpanapp.com.

California residents (CCPA/CPRA) — In addition to the rights above, you have the right to know the categories and specific pieces of personal information we collect, the categories of sources, the business purposes, and the categories of third parties to which we disclose it; the right to delete; the right to correct; the right to opt out of "sale" or "sharing" (we do not sell or share your personal information as those terms are defined under the CCPA); and the right not to receive discriminatory treatment for exercising your rights. We do not use or disclose "sensitive personal information" for any purpose that would trigger the right to limit its use under the CCPA.

Other US states (Virginia, Colorado, Connecticut, Utah, Texas, and similar laws) — You may have analogous rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising and "sale" of personal data. We do not engage in targeted advertising and do not sell personal data. To exercise any of these rights, contact mail@flashpanapp.com.

To submit a request that cannot be self-served from the app, email mail@flashpanapp.com from the email address associated with your account, or include enough information for us to verify the request. We will respond within the timeframes required by applicable law (generally one month under GDPR / UK GDPR; 45 days under CCPA, extendable as permitted). You may also designate an authorised agent to make a request on your behalf, where applicable law allows it; we may require proof of authorisation and proof of your identity.

12. Data retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, plus any period required by law:

• Active account data (profile, saved recipes, pantry, favourite ingredients, AI-consent records, token balance, rate-limit counters) — retained for as long as your account is active. Promptly deleted from the live database when you delete your account, and removed from backups in the ordinary course of our backup rotation (typically within 30 days).
• Error / diagnostic logs — automatically pruned from our backend on a rolling schedule (we currently keep at most the last several weeks of entries). When you delete your account, the user-identifier on any remaining log entries is cleared so the entry can no longer be linked to you.
• Token purchase and transaction records — may be retained for the period required by tax, accounting, audit, and fraud-prevention law (typically up to 8 years under EU and Hungarian rules; the exact period depends on the jurisdiction). When you delete your account, your account identifier is removed from these records so they are de-identified, and we keep only what we are legally required to keep.
• Records relating to legal claims — where we have a reasonable basis to retain data because of an actual or anticipated dispute, legal claim, regulatory enquiry, or law-enforcement request, we may continue to retain that data for the duration of the matter and for any applicable limitation period afterwards.

13. Security

We protect your data with technical and organisational measures appropriate to the risks involved, including TLS for all network traffic, server-side input validation and rate limiting on our edge functions, server-side verification of all in-app purchase receipts (we never trust client-side purchase claims), nonce-based replay protection on Sign in with Apple, the operating-system secure storage for your session, and least-privilege database access controls (row-level security keyed on your account identifier). No system is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities and (where required) you, in line with applicable law.

14. Children

FlashPan is not directed to children under 13, and we do not knowingly collect personal data from children under 13. In the EU, EEA, UK, and Switzerland, where Article 8 GDPR or local law sets a higher age, the higher local minimum applies and verifiable parental consent is required below it. If you believe a child has provided us with personal data without the appropriate consent, please email mail@flashpanapp.com and we will delete the relevant data promptly.

15. Automated decision-making

FlashPan does not make decisions about you that produce legal or similarly significant effects based solely on automated processing within the meaning of Article 22 GDPR. AI-generated recipes, ingredient detections, and chat responses are informational outputs you choose whether to act on; they do not determine your access to credit, employment, housing, healthcare, or any other significant matter.

16. Cookies and tracking technologies on the website

The marketing website at flashpanapp.com is intentionally minimal and does not set advertising cookies, embed third-party trackers, or use behavioural analytics. Your browser may receive only the cookies strictly necessary to load the site (if any are set by our hosting provider) and any cookies you set yourself. The mobile app itself does not use HTTP cookies for tracking purposes.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, our service providers, or applicable law. The "Last updated" date above reflects the current version. If a change is material — for example, a new category of data, a new sub-processor with materially different practices, or a change to your rights — we will provide notice through the app, by email, or through a prominent notice on the website before the change takes effect. Continued use of the Service after the change becomes effective constitutes acceptance of the updated Policy.

18. Contact

For any privacy-related question, request, or complaint, email mail@flashpanapp.com. We will respond within the timeframes required by applicable law.