Kitcheck Privacy Policy

Last updated: June 3, 2026

Abdulaziz Ayman Linjawi’s Trading Establishment and AAL Technologies ("we", "us", "our") operate the Kitcheck mobile application ("the App", "Kitcheck"). This Privacy Policy explains in detail what information we collect, how we use and protect it, your rights regarding your data, and the choices available to you. By accessing or using Kitcheck, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use the App.

1. Information We Collect

1.1 Information You Provide Directly

• Account Registration Data: Email address, username, and display name. Your password is cryptographically hashed server-side using industry-standard algorithms and is never stored or transmitted in plain text.

• Profile Information: Profile photos, dietary preferences, and any other optional information you choose to add to your profile.

• User-Generated Content: Kitchen inventory items (including item names, quantities, categories, expiry dates, and storage locations), recipes you create, grocery lists, notes, and any text or media you submit through the App.

• Community Content: Recipes, comments, ratings, and other content you publish to the community features of the App.

• Photos and Images: Photos of your fridge, pantry, food items, or recipes that you capture or upload within the App for scanning, recognition, or recipe illustration purposes.

• Communications: Any messages, feedback, or support requests you send to us.

1.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers (for push notification delivery only), app version, and language settings.

• Usage Data: Feature usage patterns, interaction timestamps, and general app performance data collected solely for improving app functionality and stability.

• Crash and Error Data: Diagnostic information including crash logs, error reports, and performance metrics used exclusively for identifying and resolving technical issues.

• Subscription Status: Information about your subscription tier (free or premium) and status, as communicated by Apple's App Store infrastructure. We never receive or store your payment card details, billing address, or Apple ID password.

1.3 Information We Do NOT Collect

• We do not collect precise geolocation data.

• We do not use advertising identifiers (IDFA) or any advertising SDKs.

• We do not use analytics tracking SDKs or third-party analytics platforms.

• We do not track you across other apps or websites.

• We do not collect contacts, call logs, browsing history, or any data from other apps on your device.

• We do not collect biometric data (fingerprints, face scans, etc.).

2. How We Use Your Information

We use the information we collect for the following purposes:

PurposeData UsedLegal Basis (GDPR)Provide core app functionality (inventory tracking, recipe management, grocery lists)Account data, user contentPerformance of contractSync your data across your devicesAccount data, user contentPerformance of contractAI-powered food scanning and recognitionPhotos you capture in-appPerformance of contract / ConsentAI-powered recipe suggestionsInventory items, dietary preferencesPerformance of contractSend expiry and reminder notificationsInventory items, notification preferencesPerformance of contract / ConsentManage your premium subscriptionSubscription statusPerformance of contractEnable community recipe featuresRecipes, profile info, ratingsPerformance of contract / ConsentBarcode product lookupsBarcode numbers onlyPerformance of contractRespond to support requestsCommunications, account dataLegitimate interestDiagnose bugs and improve stabilityCrash data, device infoLegitimate interestEnforce our Terms of UseAccount data, user contentLegitimate interestComply with legal obligationsAs requiredLegal obligation

3. Third-Party Services and Data Processors

We use the following third-party services to operate the App. Each service processes data only as necessary for its specific function:

3.1 Supabase (supabase.com)

Purpose: Database hosting, user authentication, file storage, and real-time data synchronization.

Data Shared: Account information, user-generated content, profile photos, and all data necessary for app functionality.

Data Location: Supabase cloud infrastructure. Data may be stored in data centers located in the United States or other regions depending on Supabase's infrastructure.

Security: Row-level security (RLS) policies ensure users can only access their own data. All data is encrypted in transit (TLS) and at rest.

3.2 Anthropic Claude API (anthropic.com)

Purpose: AI-powered photo recognition for food item scanning and recipe suggestion generation.

Data Shared: Photos captured via the scan feature, inventory item names for recipe suggestions, and dietary preferences.

Data Retention by Anthropic: Per Anthropic's data usage policy, data sent via their API is not used to train their models and is not retained beyond the duration required to process the request. We access the API through a secure server-side proxy; API keys are never exposed to the client.

3.3 Open Food Facts (openfoodfacts.org)

Purpose: Barcode-to-product-name lookups.

Data Shared: Only the numeric barcode value. No personal information, device identifiers, or account data is transmitted.

3.4 Apple App Store / StoreKit

Purpose: Subscription purchase processing and management.

Data Shared: Apple manages all payment processing. We receive only subscription status confirmations (active, expired, etc.) and transaction identifiers from Apple's servers. We never receive or process your payment card information.

We do not use any advertising networks, social media SDKs, analytics platforms (such as Google Analytics, Firebase Analytics, Mixpanel, or Amplitude), or any other third-party services beyond those listed above.

4. Data Storage, Security, and Retention

4.1 Security Measures

• All communication between the App and our servers is encrypted using HTTPS/TLS.

• Passwords are cryptographically hashed using industry-standard algorithms before storage.

• API keys and secrets are stored server-side and are never embedded in or distributed with the App.

• Database access is protected by row-level security (RLS) policies ensuring strict user data isolation.

• Server-side access controls and authentication are enforced on all API endpoints.

• Photos sent for AI scanning are transmitted via a secure proxy and are not permanently stored on our servers.

4.2 Data Retention

• Active Accounts: Your data is retained for as long as your account is active and you continue to use the App.

• Account Deletion: When you delete your account (available in Profile settings), all personal data, inventory items, recipes, photos, and associated content are permanently and irreversibly deleted from our servers within 30 days. Backup copies in encrypted backup systems may persist for up to an additional 90 days before automatic deletion.

• Community Content: If you published recipes to the community before account deletion, those recipes will be anonymized (author attribution removed) rather than deleted, unless you specifically request full removal.

• Legal Retention: We may retain certain data for longer periods if required by applicable law, regulation, or legal proceedings.

• Inactive Accounts: Accounts that have been inactive for more than 24 months may be flagged for deletion. We will attempt to notify you via email before deleting an inactive account.

4.3 International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers (Supabase, Anthropic) maintain infrastructure. These transfers are necessary to provide the App's core functionality. Where required by applicable law (including the GDPR), such transfers are protected by appropriate safeguards, including standard contractual clauses approved by the European Commission or equivalent mechanisms.

5. Data Sharing and Disclosure

5.1 We Do NOT

• Sell your personal data to any third party, for any purpose, under any circumstances.

• Rent, lease, or license your personal data to third parties.

• Share your personal data with third parties for their marketing or advertising purposes.

• Use your data for targeted advertising, behavioral profiling, or ad-supported monetization.

• Share your data with data brokers or data aggregators.

5.2 Limited Disclosure

We may disclose your information only in the following circumstances:

• Service Providers: To the third-party services listed in Section 3, solely to the extent necessary to provide the App's functionality.

• Community Features: Content you voluntarily publish to community features (recipes, ratings, comments) is visible to other users according to the visibility setting you choose (private, friends, or everyone). Your display name and profile photo are shown alongside your community content.

• Legal Requirements: If required by law, subpoena, court order, or governmental regulation, we may disclose your information to the extent legally required. We will attempt to notify you of such requests unless prohibited by law.

• Safety: If we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or protect our legal rights.

• Business Transfer: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity. We will notify you via email or a prominent notice in the App before your data becomes subject to a different privacy policy.

6. Your Rights and Choices

6.1 Rights Available to All Users

• Access: You can view all your data within the App at any time.

• Correction: You can update or correct your account information and content directly within the App.

• Deletion: You can delete your account and all associated data from Profile settings within the App. Account deletion is permanent and irreversible.

• Data Export: You may request a machine-readable copy of your personal data by contacting us at the email address below.

• Notification Preferences: You can manage push notification preferences within the App's settings and your device's notification settings.

• Community Content Visibility: You can control the visibility of your recipes (private, friends, or public) at any time.

6.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and equivalent legislation:

• Right to Access (Art. 15): Request a copy of all personal data we hold about you.

• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.

• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").

• Right to Restrict Processing (Art. 18): Request that we limit the processing of your personal data under certain circumstances.

• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.

• Right to Object (Art. 21): Object to processing based on legitimate interests.

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@aaltechnologies.com. We will respond to your request within 30 days.

6.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).

• Right to Delete: You have the right to request deletion of your personal information.

• Right to Correct: You have the right to request correction of inaccurate personal information.

• Right to Opt-Out of Sale: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the App.

To exercise your CCPA rights, contact us at support@aaltechnologies.com. We will verify your identity before processing your request.

Categories of Personal Information Collected (past 12 months): Identifiers (email, username); Internet/electronic activity (usage data, device info); User-generated content. Categories Sold: None. Categories Disclosed for Business Purposes: As described in Section 3 (service providers).

6.4 Additional Rights for Other Jurisdictions

If you are located in a jurisdiction with applicable data protection laws (including but not limited to Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, or other applicable legislation), you may have similar rights to those described above. Contact us to exercise your rights under your applicable local laws.

7. Children's Privacy

Kitcheck is not directed at, marketed to, or intended for use by children under the age of 13 (or the applicable minimum age in your jurisdiction, such as 16 in certain EU member states). We do not knowingly collect personal information from children under this age threshold.

If we learn that we have inadvertently collected personal data from a child under the applicable minimum age, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@aaltechnologies.com so we can take appropriate action.

Users between the ages of 13 and 18 (or the age of majority in their jurisdiction) should review this Privacy Policy with a parent or legal guardian before using the App.

8. Tracking and Advertising

Kitcheck does not participate in cross-app or cross-site tracking of any kind. We do not:

• Request or access the Identifier for Advertisers (IDFA)

• Use any advertising SDKs or ad networks

• Use any third-party analytics or tracking SDKs

• Fingerprint your device for tracking purposes

• Create or maintain advertising profiles about you

• Share data with advertising or data broker networks

Our Apple App Tracking Transparency (ATT) declaration reflects this: we declare that we do not track users.

9. Automated Decision-Making

Kitcheck uses artificial intelligence (AI) to provide certain features, including food item recognition from photos and recipe suggestions based on your inventory. These AI-powered features are assistive tools designed to enhance your experience and do not make decisions that produce legal or similarly significant effects on you. You are never required to follow AI suggestions, and all inventory management and food safety decisions remain entirely your own.

10. Local Storage

The App may store data locally on your device using standard iOS storage mechanisms (UserDefaults, local database) to enable offline functionality, cache data for performance, and store your preferences. This data remains on your device and is protected by your device's security measures (passcode, biometric authentication). Uninstalling the App removes all locally stored data.

11. Push Notifications

If you grant permission, we may send push notifications for item expiry reminders and other app-related alerts. You can disable push notifications at any time through your device's Settings > Notifications > Kitcheck. We use Apple Push Notification Service (APNs) to deliver notifications; your device token is stored solely for this purpose and is deleted upon account deletion or when you revoke notification permissions.

12. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Investigate and contain the breach as quickly as possible.

• Notify affected users via email within 72 hours of becoming aware of a breach that is likely to result in a risk to your rights and freedoms, as required by applicable data protection laws.

• Notify the relevant supervisory authorities as required by applicable law.

• Provide information about what data was affected and steps you can take to protect yourself.

13. Third-Party Links

The App may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.

• Notify you via the App or by email for material changes.

• Where required by law, obtain your consent before applying material changes to how we process your data.

Your continued use of the App after changes are posted constitutes acceptance of the revised Privacy Policy. If you do not agree with the changes, you should stop using the App and delete your account.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AAL Technologies
Email: support@aaltechnologies.com

We will endeavor to respond to all inquiries within 30 days.