Privacy Policy — Haltbar

Effective: April 2026

1. Data Controller

Responsible for data processing in this app:

Bruno Lottko
Kurt-Eisner-Str. 44
81735 Munich, Germany

Email: lobrapps+haltbar@gmail.com

2. Data Collected

Haltbar processes the following personal data:

• Email address (upon registration)
• Google ID and profile name (for Google sign-in)
• Apple ID (for Apple sign-in)
• Consent timestamps for terms and privacy policy
• Household and inventory data (food items, quantities, expiry dates)
• Recipe data (saved and created recipes, likes)
• Shopping lists
• Product submissions (barcode, photo, product name, brand, quantity, notes, submitter ID, household context, status and moderation data)
• Usage statistics only with explicit consent (pseudonymized and minimized)

3. Purpose of Data Processing

Your data is processed exclusively for the following purposes:

• Providing app functionality (inventory management, recipes, shopping lists)
• Synchronization across your devices
• Household sharing between members
• Notifications about expiring food items
• AI-powered recipe generation
• Review, moderation and inclusion of submitted products in the product catalog

4. Legal Basis

Processing for providing the app and the features you request (e.g. product submissions) is based on Art. 6(1)(b) GDPR (performance of a contract). Optional usage analytics for product improvement is processed only after explicit activation, based on your consent under Art. 6(1)(a) GDPR. You may withdraw this consent at any time with effect for the future (see Section 8). Where required for abuse prevention, IT security and quality assurance, we also process data based on legitimate interests under Art. 6(1)(f) GDPR.

5. Data Storage and Security

Your data is stored encrypted on secure servers (Supabase). We implement technical and organizational security measures to protect your data from loss, manipulation and unauthorized access.

6. Data Sharing

Your data is shared with third parties only in the following cases:

• Supabase (database hosting, EU servers)
• Google LLC (for Google sign-in: OAuth, profile name, email)
• Apple Inc. (for Apple sign-in: Sign in with Apple)
• OpenAI (AI recipe generation, only anonymized product data)
• Open Food Facts (product information, barcode queries only)
• Sentry (error reports, anonymized)

Data is never shared for advertising purposes.

7. Data Retention and Deletion

Your data is stored as long as your account is active:

• Account data: Until account deletion
• Inventory data: Until deletion or 12 months after inactivity
• Recipe likes: Until account deletion
• Product submissions: Until approval/rejection decision, then max. 12 months; if approved for the catalog, only required catalog data is retained
• Consent-based usage analytics: Until withdrawal or max. 90 days
• Consent records: 3 years (legal documentation requirement)

You can delete your account and all associated data at any time in the account settings. After deletion, all personal data will be completely removed within 30 days.

8. Your Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us by email or delete your account directly in the app's account settings.

9. Cookies and Tracking

This app does not use cookies or tracking technologies for advertising. Optional usage analytics is collected only after explicit activation. We only store minimized event data, for example which feature was used or whether a scan succeeded. We do not store full barcodes, free-text inputs, or recipe content for analytics. Local storage is used solely for app functionality and your privacy preferences. Product submission data is not used for advertising profiles and is not sold to data brokers.

10. Children

This app is not directed at children under 16. We do not knowingly collect data from children under 16.

11. Changes to This Policy

We reserve the right to update this privacy policy. The current version is always available on this page and in the app.

12. Contact

For privacy-related questions:
Email: lobrapps+haltbar@gmail.com
Mail: Bruno Lottko, Kurt-Eisner-Str. 44, 81735 Munich, Germany