Privacy Policy

Last updated: 20 May 2026

1. Data Controller

The data controller responsible for processing your personal data is:

Davi Augusto Wazlawick
4 Frankfurter Allee, 10247 Berlin, Germany
Email: contact@growthroom.eu

2. What Data We Collect

Account Data

Profile Data (optional)

Note: Dietary and allergy information may constitute health-related data under GDPR Article 9. We process it solely to provide personalised analysis results, based on your explicit consent given during onboarding.

Usage Data

Product Images

Photos you take or upload are sent to Anthropic's API for AI analysis and are not stored on our servers after the analysis is complete. Anthropic's data handling is governed by their Privacy Policy.

3. How We Use Your Data

4. Legal Basis (GDPR Art. 6 & 9)

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only as follows:

6. Data Retention

7. Your Rights Under GDPR

You have the right to:

To exercise any right, email contact@growthroom.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection supervisory authority. In Germany: Bundesbeauftragter für den Datenschutz (BfDI).

8. Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, bcrypt password hashing, and restricted database access. No system is completely secure; we cannot guarantee absolute security.

9. International Transfers

Product images are processed by Anthropic in the United States. If you opt in to ad measurement (see Section 11), pseudonymised event and device data are processed by Meta Platforms Ireland Ltd. (EU controller) and may be transferred to Meta Platforms, Inc. (USA). All transfers outside the EU/EEA are made under appropriate safeguards (EU Standard Contractual Clauses). No other personal data is transferred outside the EU/EEA.

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately.

11. Cookies, Tracking & Advertising

Our web pages (terms, privacy, password reset, marketing) use no tracking cookies — only essential browser behaviour.

The mobile app integrates the Meta Audience Network / Facebook SDK for the sole purpose of measuring advertising campaigns we run on Facebook and Instagram and improving the Service. When enabled, it processes the following data:

iOS: on first launch you will see Apple's App Tracking Transparency prompt. If you choose "Ask App not to Track", the advertising identifier is not collected and event data is reported in Apple's aggregated SKAdNetwork format only.

Android: you can reset or limit your Advertising ID in your device's Google settings at any time.

Legal basis: consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by disabling tracking in your device settings or by uninstalling the app.

Data recipient: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (EU controller) — see Meta's Privacy Policy for further details on their processing.

What we never send to Meta: your email address, name, dietary or allergy profile, scanned product photos, or ingredient lists.

The mobile app also integrates Google Firebase Analytics for measuring our advertising on Google Ads (Universal App Campaigns, Performance Max, YouTube) and understanding aggregated app usage. When enabled, it processes:

iOS: Firebase Analytics respects the same Apple ATT decision as the Meta SDK. If you decline tracking, the advertising identifier is not shared and event data is reported in Apple's aggregated SKAdNetwork format only.

Legal basis: consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by disabling tracking in your device settings or by uninstalling the app.

Data recipient: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (EU controller) — see Google's Privacy Policy. Firebase data is processed in the United States under Standard Contractual Clauses.

What we never send to Google: your email address, name, dietary or allergy profile, scanned product photos, or ingredient lists.

12. Push Notifications

With your permission, we send push notifications to your device to announce product updates, new features, and time-sensitive information such as referral rewards becoming available.

13. Changes to This Policy

We will notify you of material changes via email or in-app notification at least 14 days before they take effect.

14. Contact & Data Protection Enquiries

Davi Augusto Wazlawick
4 Frankfurter Allee, 10247 Berlin, Germany
contact@growthroom.eu

Last updated: 20 May 2026