Privacy Policy - The Halal Scanning App

Last updated: 3 March 2026

  Summary: The Halal Scanning App is designed with your privacy in mind. We collect minimal data, store scan history locally on your device, and never sell your personal information to third parties. This policy applies to all users worldwide.

1. Data Controller

The Halal Scanning App ("we", "us", "our") acts as the data controller for personal data processed through this application.

Contact: privacy@halalscanningapp.com
Support: support@halalscanningapp.com

If you are based in the EEA or UK and have concerns about our data practices, you may contact your local supervisory authority (e.g. the ICO in the UK at ico.org.uk).

2. Information We Collect

2.1 Information You Provide

Account Information: If you create an account, we collect your email address and display name. Account creation is optional.
Preferences: Your selected madhab (Islamic school of thought), dietary preferences, health conditions, and allergy information. This is stored locally on your device.
Product Submissions: If you submit a product for review, we collect the product details you provide.
Scholar Questions: Questions submitted through the Scholar Q&A feature.

2.2 Information Collected Automatically

Scan Data: When you scan a barcode, the barcode number is sent to the Open Food Facts database to retrieve product information. Your scan history is stored locally on your device.
Camera Images: Photos taken for ingredient label, menu, or product scanning are sent to Google Gemini AI for analysis. Images are processed in real-time and are NOT stored on our servers or by Google beyond the API request.
Location Data: If you use the Halal Map feature, your approximate location is sent to Google Places API to find nearby halal establishments. We do not store or log your location.
Device Information: We collect anonymous crash reports and error logs via Sentry to improve app stability. No personal identifiers are included.
Push Notification Tokens: If you opt in to notifications, your device push token is stored to deliver notifications.

2.3 Information We Do NOT Collect

We do not collect audio, voice, or biometric data
We do not access your contacts, photo library, or files (camera is only used when you actively scan)
We do not use advertising SDKs or ad trackers
We do not create user profiles for advertising or marketing
We do not use cookies (this is a native mobile app)
We do not perform behavioural tracking or analytics profiling
We do not collect financial or payment information (payments are handled entirely by Apple/Google)

3. Legal Basis for Processing (GDPR)

Under UK GDPR and EU GDPR, we process your data on the following legal bases:

Consent: Camera access, location access, and push notifications require your explicit opt-in consent. You can withdraw consent at any time in your device settings.
Contract Performance: Processing your scan requests and providing halal analysis is necessary to deliver the service you requested.
Legitimate Interest: Crash reporting (Sentry) and service improvement are based on our legitimate interest in maintaining a stable, functional app. You can opt out by contacting us.

For users outside the UK/EU: We apply the same high standards of data protection regardless of your location.

4. How We Use Your Information

To provide halal status verification for food products
To display personalised rulings based on your selected madhab
To filter products based on your dietary and allergy preferences
To show nearby halal establishments on the map
To display current halal deals from supermarkets in your region
To send push notifications about deals and tips (only if you opt in)
To monitor and fix app crashes and errors (Sentry)
To improve the accuracy of our halal database based on aggregated, anonymous scan patterns

5. Data Storage, Security & Retention

Local Storage: Scan history (up to 100 items), preferences, and settings are stored locally on your device using encrypted storage. We cannot access this data.
Cloud Storage: Account data and product submissions are stored on Supabase (hosted on AWS EU-West-1, Ireland) with encryption at rest (AES-256) and in transit (TLS 1.2+).

Retention Periods:

Account data: Retained until you delete your account.
Scan history: Stored locally; deleted when you clear history or uninstall the app.
Product submissions: Retained for community benefit; anonymised after account deletion.
Crash reports (Sentry): Automatically deleted after 90 days.
AI scan cache: Automatically purged after 30 days.
Push notification tokens: Deleted when you disable notifications or delete your account.

Data Breach: In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

6. Third-Party Services

We use the following third-party services to provide our app. Each processes only the minimum data necessary:

Open Food Facts (France): Product barcode lookups. Receives barcode numbers only. Privacy: openfoodfacts.org/privacy
Google Gemini AI (USA): Image analysis for ingredient labels, menus, and product recognition. Receives camera images only during active scans. Google does not use this data for training. Privacy: policies.google.com/privacy
Google Places API (USA): Halal map nearby search. Receives approximate location coordinates. Privacy: policies.google.com/privacy
Supabase / AWS (Ireland): Backend infrastructure for accounts and submissions. Privacy: supabase.com/privacy
Sentry (USA): Anonymous crash reporting. Receives stack traces with no personal data. Privacy: sentry.io/privacy
Expo / EAS (USA): App distribution and over-the-air updates. Privacy: expo.dev/privacy
Apple / Google: App Store distribution and in-app purchases. Subject to their respective privacy policies.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your home country, including the United States (Google, Sentry, Expo) and the European Union (Supabase/AWS Ireland).

For transfers from the UK/EEA to the USA, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission.
The EU-US Data Privacy Framework where applicable.

We ensure that all international transfers provide adequate protection for your personal data in compliance with UK GDPR and EU GDPR.

8. Data Sharing

We do NOT sell, trade, or rent your personal information to third parties. Ever.

We may share data only:

With third-party service providers listed above, solely to provide our services.
With your explicit consent.
To comply with legal obligations, court orders, or lawful government requests.
To protect our rights, safety, or property, or those of our users.

9. Your Rights

Depending on your location, you have the following rights:

UK & EU (GDPR)

Right of Access: Request a copy of your personal data.
Right to Rectification: Correct inaccurate data.
Right to Erasure: Request deletion of your data ("right to be forgotten").
Right to Portability: Receive your data in a machine-readable format.
Right to Restrict Processing: Limit how we use your data.
Right to Object: Object to processing based on legitimate interest.
Right to Withdraw Consent: At any time, without affecting prior processing.
Right to Lodge a Complaint: With the ICO (UK) or your local DPA.

USA — California (CCPA/CPRA)

Right to Know what personal information we collect and how it is used.
Right to Delete your personal information.
Right to Opt-Out of the sale of personal information (we do not sell data).
Right to Non-Discrimination for exercising your rights.

GCC (UAE PDPL, Saudi PDPL, Qatar DPL)

Right to access, correct, and delete your personal data.
Right to withdraw consent.
Right to data portability.

Southeast Asia (Malaysia PDPA, Singapore PDPA)

Right to access and correct your personal data.
Right to withdraw consent.

Australia (Privacy Act 1988)

Right to access and correct your personal information.
Right to complain to the OAIC.

To exercise any of these rights, use the "Delete My Data" option in Settings or contact: privacy@halalscanningapp.com. We will respond within 30 days.

10. Automated Decision-Making

Our app uses AI (Google Gemini) to analyse food product images and determine halal status. This is an automated process, but:

It does not produce legal or similarly significant effects.
All AI results include a confidence score and are presented as guidance, not definitive rulings.
You can always override AI results by consulting qualified scholars.
No profiling or automated decision-making affects your access to the service.

11. Children's Privacy

The Halal Scanning App is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children.

If we discover that we have inadvertently collected data from a child under the applicable age, we will delete it immediately.

If you believe a child has provided us with personal data, contact us at privacy@halalscanningapp.com.

12. Subscription & Payment Data

Premium subscriptions are purchased through Apple App Store or Google Play Store. We do not collect, process, or store any payment information. All billing, receipts, and payment data are handled exclusively by Apple or Google under their respective privacy policies.

We only receive a confirmation that a subscription is active — no credit card numbers, bank details, or billing addresses are transmitted to us.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through an in-app notification or a banner.

The "Last updated" date at the top of this policy indicates the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related queries, data requests, or complaints:

Email: privacy@halalscanningapp.com
General Support: support@halalscanningapp.com

UK Users: You may also contact the Information Commissioner's Office (ICO) at ico.org.uk if you are unsatisfied with our response.

EU Users: Contact your local Data Protection Authority.

We aim to respond to all requests within 30 days.