Legal document

Privacy Policy

Effective date: July 7, 2026 · scaleforgrams.com & the Scale for Grams iOS app

1. Overview

This Privacy Policy explains how Scale for Grams ("we", "us") collects, uses and protects your information when you use scaleforgrams.com and the Scale for Grams iOS app (the "Service"). The short version: we collect the minimum needed to run an AI photo-analysis service — your photos (to analyse them), an anonymous identifier (to track scan limits), and an email address only if you choose to sign in.

2. Information we collect

Photos you submit

When you scan an object, the photo is uploaded to our servers and processed by our AI service providers to produce the estimate. Photos are stored so you can revisit your results and scan history.

Anonymous identifiers

We generate a random device identifier (UUID) to associate your scans with you and enforce free-plan limits. This identifier does not contain your name or contact details.

Account information (optional)

If you sign in with Google we receive your email address and Google account identifier so your scans can be synced across devices. We never receive your Google password.

Purchase information

Subscriptions and one-time purchases are processed by Apple (App Store) or by our merchant of record, Paddle.com (web). We receive confirmation of the purchase (product, status, transaction identifier) but never your card number.

Usage and technical data

Standard server logs (IP address, request time, user agent) for security and reliability, and privacy-friendly aggregate analytics (page views) via Vercel Analytics on the website.

3. How we use your information

  • To analyse your photos and return weight, calorie, count or size estimates;
  • to maintain your scan history and sync it across devices when you sign in;
  • to enforce plan limits and deliver purchased features;
  • to secure, debug and improve the Service;
  • to respond to support requests;
  • to comply with legal obligations.

We do not sell your personal data, and we do not use your photos for advertising.

4. Who we share data with

  • AI providers (e.g. OpenAI) — receive the photo and minimal context needed to produce the estimate, under agreements that prohibit use of the data for their own advertising;
  • Cloud hosting and storage providers — run our servers and store uploaded images;
  • Payment processors — Apple for App Store purchases, Paddle.com (as merchant of record) for web purchases;
  • Google — only if you use Google Sign-In;
  • Authorities — if required by law or to protect our rights, users or the public.

We never share your data with advertisers or data brokers.

5. Data retention

Scan photos and results are retained so your history remains available, and deleted upon request. Server logs are kept for a short rolling window. Purchase records are retained as required by tax and accounting law. If you ask us to delete your data, we remove your photos, scan history and account linkage within 30 days, except where retention is legally required.

6. Your rights

Depending on your location (including under GDPR and CCPA/CPRA) you may have the right to access, correct, delete, or export your personal data, to object to or restrict processing, and to withdraw consent. To exercise any right, email kedvic@gmail.com from the address associated with your account (or include your device identifier for anonymous accounts). You also have the right to complain to your local data-protection authority. We do not discriminate against you for exercising your rights.

7. International transfers

Our servers and service providers may be located outside your country. Where data is transferred internationally we rely on appropriate safeguards such as standard contractual clauses offered by our providers.

8. Security

Data is encrypted in transit (TLS) and stored with access controls. No system is perfectly secure, but we take reasonable technical and organisational measures appropriate to the data we handle, and we minimise the personal data we collect in the first place.

9. Children

The Service is not directed to children under 13 (or the applicable age of digital consent) and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

10. Cookies and local storage

The website uses local storage for your anonymous identifier, language preference and session token, and cookie-less aggregate analytics. We do not use third-party advertising cookies or cross-site tracking.

11. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with a new effective date. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact

Privacy questions or requests: kedvic@gmail.com. See also our Terms of Service and Refund Policy.