Privacy Policy

1. Who we are

Poison Check (hereinafter, "the App") is developed and operated by Ingeniería.dev, led by Chris Flores (hereinafter, "we", "the Developer").

• Contact: christian@irack.mx
• Address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico

2. What data we collect

Poison Check was built with privacy by default. The App:

• Does not require registration or an account
• Does not ask for your email, name, phone number, or any personally identifiable information
• Does not access your contacts, microphone, photo library, calendar, or health data
• Does not include any third-party SDKs for analytics, advertising, tracking, or profiling
• Does not track you across apps or websites, and is not linked to any advertising identifier
• Does not sell, rent, or share your information with data brokers or third parties

The two sensitive resources the App uses — the camera and your approximate location — are explained in sections 3 and 4 below.

3. Camera and label analysis

Poison Check uses the camera to capture the photo of a product label that you want to analyze. This is the core function of the App.

• When you scan a product, the captured image is sent securely over HTTPS/TLS to our analysis service at poison.ingenieria.dev, which reads the ingredient list and returns the science-based breakdown.
• The photo is used only to perform that single analysis. It is processed and discarded — we do not store your photos permanently, we do not build a library of your images, and we do not associate them with you (there is no account to associate them with).
• The image is transmitted anonymously: it carries no name, email, account, or advertising identifier.
• The camera is used only while you are actively scanning. iOS shows a green indicator in the status bar whenever the camera is active.
• The App does not access your existing Photo Library and does not save scanned images to your camera roll.

4. Approximate location (region detection)

Poison Check can use your approximate (coarse) location for a single purpose: to detect which country you are in so it can show the ingredient regulations that apply where you are (for example, which additives are restricted in your region).

• Location is used only to determine your country or region — never to track your movements.
• The App requests coarse location, not precise GPS coordinates.
• Your location is not stored on our servers, not linked to an identity, and not used for advertising, profiling, or analytics.
• This permission is optional. If you decline it, the App still works — you can review ingredient analysis without region-specific regulations.

5. What is stored on your device

The App stores locally (using SwiftData) only what's needed to show your history and settings:

This data is never sent to the Developer's servers. If you delete the App, all of this information is removed with it.

6. External services used

The App relies on the following services to function:

• poison.ingenieria.dev — our own ingredient analysis backend, operated by Ingeniería.dev. It receives the scanned image, reads the ingredient list, returns the analysis, and discards the image. It does not store your photos permanently and receives no personal identifier from you.
• Apple App Attest — used as an anti-abuse security measure so that only the genuine Poison Check app can reach the analysis backend. App Attest does not identify you personally; it verifies the integrity of the app instance. See Apple's Privacy Policy.

The App uses no third-party analytics, advertising networks, or crash-reporting SDKs.

7. The scientific sources we reference

The ingredient analysis cites recognized public scientific and regulatory bodies — including IARC, NIH, FDA, EFSA, WHO, and EWG. These are referenced as informational sources. We do not send your data to these organizations, and they are not involved in operating the App.

8. System permissions

Poison Check requests only the permissions it actually needs:

• Camera — required to scan product labels. Images are sent for a one-time analysis and then discarded; they are never stored permanently.
• Location (approximate / "When In Use") — optional. Used only to detect your country for region-specific ingredient regulations.

The App does not request access to: microphone, contacts, calendar, reminders, photo library, media library, Bluetooth, local network, HealthKit, or health data.

9. Marketing and advertising

The App displays no ads. We do not collect data for remarketing, profiling, segmentation, behavioral analysis, or any promotional purpose. We do not participate in ad networks, and we do not sell information to third parties.

10. Health and wellness context

Poison Check is an educational, informational app — not a medical device and not a source of medical advice. The ingredient breakdown, toxicity flags, IARC classifications, NOVA processing levels, and risk indicators are educational signals based on public scientific sources. They are not a diagnosis and must not be used as the basis for medical, dietary, or allergy decisions. Always consult a healthcare professional regarding your health, diet, or any specific ingredient sensitivity.

No data produced by Poison Check is transmitted to HealthKit, to any health provider, or to any third party.

11. Minors

The App requires no registration and collects no personal data. Because it requires no account, it complies with COPPA (US), LGPD Infantil (Brazil), and GDPR-K (EU) by design. Poison Check is intended for general consumers making everyday food choices.

12. User rights (GDPR, CCPA, LFPDPPP, LGPD)

The following rights are guaranteed by design:

• Right to access: Your scan history and settings live on your device and are accessible from within the App.
• Right to rectification: You can delete any scan and change any preference at any time.
• Right to erasure: Deleting a scan from within the App removes it. Uninstalling the App deletes everything. Scanned photos are not retained on our servers, so there is nothing to erase there.
• Right to portability: Not applicable — no personal data is stored on external servers.
• Right not to be subject to automated decisions: The App provides informational analysis only; no decision affecting your legal rights, employment, credit, insurance, or health is made on your behalf.

For any questions about your rights, please email christian@irack.mx.

13. Security

Local data is stored inside the iOS sandbox, protected by the operating system and by device-level disk encryption (Apple's Data Protection API). Communication with the analysis backend happens exclusively over HTTPS/TLS 1.2+, and access is protected by Apple App Attest. The scanned image exists on our server only for the moment of analysis and is then discarded.

14. International transfers

The analysis backend processes the scanned image transiently and stores no personal data. Because no personal data is retained, there are no international transfers of personal data to manage. The image is processed and discarded as part of a single, anonymous request.

15. Changes to this policy

We may update this Privacy Policy to reflect changes to the App or to applicable law. The current version will always be published at this URL, along with the date of the last update. Material changes will also be announced inside the App.

16. Governing law

This Policy is governed by the laws of the United Mexican States, in particular the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Any dispute will be submitted to the competent courts of Mexico City.

17. Contact

Privacy Officer: Chris Flores
Email: christian@irack.mx
Postal address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico