Privacy Policy - WasteLess

This policy explains in a complete and transparent way how WasteLess collects, uses, shares, protects, stores and deletes your data when you use the mobile app, its backend services and our support channels.

Last updated: April 7, 2026
Effective date: April 7, 2026

1. Data controller and contact details

WasteLess is published by Hilaire Giovanni, 925 Boulevard Rene-Levesque Est, Canada.

Unless local law states otherwise, the publisher acts as the controller for the personal data described in this policy.

  • Primary privacy and support contact: support.wasteless@gmail.com
  • Legal contact: support.wasteless@gmail.com

2. Scope of this policy

This policy applies to the WasteLess mobile app, its backend, related databases and storage, notifications, support services and public legal pages.

It does not apply to third-party services operated under their own policies, including Apple, Google, Open Food Facts, Spoonacular or OpenAI when you interact with their environments outside WasteLess.

3. Categories of data we process

We process the data needed to operate the service, secure it, provide support and manage in-app purchases.

  • Account and authentication data: Firebase UID, email address, display name, sign-in method identifier and the minimum account data received from Google, Apple or email authentication.
  • Profile data: display name, profile photo, stored photo URL and account information held in Firebase Auth and Firestore.
  • Inventory and usage data: food items, quantities, expiration dates, storage location, consumption or waste history, favorite recipes, shopping list data, meal plans, food preferences, goals and exclusions.
  • Scan and product data: entered or scanned barcode, product information and metadata obtained from Open Food Facts, category, nutrients, allergens, additives, brand and storage guidance.
  • Photo and media data: profile image selected from the camera or photo library, then uploaded to Firebase Storage.
  • Notification data: FCM push token, token refresh timestamps and notification-related preferences or permissions managed by your device.
  • Subscription and purchase verification data: free or pro status, expiration date, subscription provider, technical transaction identifiers, subscribed product and verification payloads sent to the backend to validate Apple or Google purchases.
  • Technical and security data: technical logs, errors, anti-abuse signals, App Check verification and minimum request information required to protect the service.
  • Support and user relationship data: emails sent to support and, where enabled, transactional emails such as a welcome email.

4. Where the data comes from

  • Directly from you when you create an account, edit your profile, add food, set preferences or contact support.
  • From your device when you use the camera, photo library, notifications or other device-level features, subject to your permissions.
  • From our technical providers for authentication, hosting, payments and infrastructure.
  • From third-party product or content providers integrated into the app, such as Open Food Facts and Spoonacular.

5. Device permissions

WasteLess may request certain operating system permissions only to provide the related feature. You can revoke them in your device settings, but some features may then stop working properly.

  • Camera: to scan product barcodes.
  • Photos or gallery: to choose a profile picture.
  • Notifications: to send expiration alerts and other useful notices if you allow them.

6. Why we process data and our legal bases

  • To provide WasteLess and perform our contract with you: account creation, authentication, cloud sync, inventory features, recipes, shopping list, meal plans, profile and support.
  • To process user requests and provide assistance: support responses, troubleshooting and service continuity.
  • To manage in-app purchases and related entitlements: purchase verification, restore flows, anti-fraud checks and quota management.
  • To protect the security, integrity and availability of the service based on our legitimate interests: logging, abuse prevention, backend protection, access control and fraud prevention.
  • To send notifications if you have enabled them, based on your consent or device settings.
  • To comply with legal, accounting, tax, evidence preservation and regulatory obligations where applicable.

7. Automated features, AI and third-party data

Some WasteLess features rely on automated processing, including AI services routed through the backend, to generate recipe suggestions, assist with estimates or enrich content.

These outputs are provided for convenience and information only. They may be inaccurate, incomplete or unsuitable for your personal circumstances.

  • You remain responsible for checking ingredients, allergens, timings, temperatures, storage conditions and the suitability of any suggestion.
  • WasteLess does not provide medical advice, diagnosis or personalized nutritional guarantees.
  • Third-party data sources such as Open Food Facts or Spoonacular may contain errors, delays or gaps.

8. Recipients, processors and sharing

We do not sell your personal data. We share data only with recipients that are necessary to operate the service, process payments, provide support, secure the platform or comply with the law.

  • Google Firebase and Google Cloud: authentication, Firestore database, file storage, Cloud Functions, push messaging and related infrastructure.
  • Apple: federated sign-in, iOS purchase handling, receipt verification and subscription management.
  • Google Play: Android purchase handling, purchase verification, restore flows and subscription management.
  • OpenAI: AI processing and, depending on enabled features, content or illustration generation through the backend.
  • Spoonacular: recipe-related data and services where those flows are enabled.
  • Open Food Facts: product data fetched after barcode scans or lookups.
  • Resend: transactional email delivery, including welcome emails where enabled.
  • Authorities, courts, advisers or security providers where disclosure is legally required or necessary to defend our rights.

9. International transfers

Depending on your location and the location of our providers, some data may be processed or accessed from countries other than your state, province, country or the European Economic Area.

Where required, we rely on appropriate contractual, organizational and technical safeguards for such transfers.

10. Retention

We keep personal data for as long as needed for the purposes described in this policy, then delete, anonymize or archive it where required by law.

  • Account, profile, inventory, meal plan, favorites, shopping list and preference data: generally for as long as your account remains active, then until deletion processing is completed.
  • Subscription, purchase verification, anti-fraud and related technical records: for as long as reasonably necessary to prove transactions, prevent abuse, handle disputes and meet legal obligations.
  • Notification tokens and related data: until they are replaced, invalidated, no longer needed or the account is deleted.
  • Support emails: for the time needed to handle the request, follow up and preserve reasonable evidence where necessary.

11. Account deletion, erasure and subscriptions

You may request deletion of your account from the app when an in-app option is available, or by contacting us at support.wasteless@gmail.com. We may request reasonable identity verification before acting on the request.

Deleting the account triggers deletion or anonymization of associated data, subject to legal or security exceptions, including profile data, inventory, history, favorites, shopping lists, meal plans, related sharing data and some account-linked technical records.

  • Some information may be kept longer when necessary for legal compliance, evidence, fraud prevention, security or dispute handling.
  • Deleting your WasteLess account does not automatically cancel a subscription purchased through the App Store or Google Play.
  • Cancellation, restore, refund and subscription management must be handled through your Apple or Google account depending on your platform.

12. Your rights

Depending on the law that applies to you, you may have rights of access, correction, deletion, portability, objection, restriction, consent withdrawal and complaint.

To exercise your rights, contact us at support.wasteless@gmail.com and specify the email address linked to your account and the nature of your request.

  • We may request reasonable information to verify your identity and protect your data against fraudulent requests.
  • If you are located in the EU or another jurisdiction with a supervisory authority, you may also lodge a complaint with the competent authority.

13. Security

We implement reasonable security measures appropriate to the nature of the data and the risks involved.

  • Authentication and access control based on least privilege.
  • Encryption in transit through HTTPS or TLS where available.
  • Firebase security rules, backend controls, App Check, abuse prevention and technical logging.
  • Restricted internal access to people and providers who need the data to perform their role.

14. Children

WasteLess is a general audience application and is not specifically designed for children under laws that require enhanced protections.

If you believe a child has provided us with personal data in violation of applicable law, please contact us so we can review and delete the data where appropriate.

15. Store-related disclosures

This policy is intended to support store transparency requirements, including Google Play and the App Store, but it does not replace platform-native disclosures such as Apple's privacy nutrition information or Google Play's Data safety section.

Those disclosures should remain consistent with this policy, the app's screens and our actual practices.

16. Changes to this policy

We may update this policy to reflect changes to the service, our providers, legal obligations or data practices.

The last updated date at the top of the page indicates the current version. Where material changes are made, we may notify you in the app, by email or by another appropriate method.

This policy is published on a public URL for users and store compliance purposes. If mandatory local law provides stronger protections, that law will prevail.