Privacy Policy


Engaging with this website involves the processing of personal data. We aim to make the nature of these processes transparent with the following detailed descriptions. This document also explains your rights according to the European General Data Protection Regulation (GDPR).

Contact Details

Should you have any inquiries or wish to exercise your data protection rights, please contact our designated data protection officer:

Stefan Stumpfl

General Information on Data Processing

We adhere to the relevant data protection laws, particularly the GDPR. We only undertake data processing activities where legally permitted. This site processes personal data mainly based on user consent (Art. 6 para. 1 lit. a) GDPR) or as detailed in specific sections of this privacy policy.

Duration of Storage

Data is stored only for the duration necessary to fulfill its intended processing purpose, unless specified otherwise in this document.

Automated Server Data Processing

When visiting our website for informational purposes without registering, your browser automatically transmits certain information to our server which includes:

  • Type and version of your browser
  • Operating system
  • The page you accessed
  • The previous page you visited (referrer URL)
  • Your IP address
  • The date and time of your request
  • HTTP status code

This information is processed based on our legitimate interest in the technical administration and security of the website (Art. 6 para. 1 lit. f) GDPR). We retain this information only as long as necessary unless there is an indication of unlawful use requiring further investigation.

Our server and data hosting are managed by Vercel. You can find Vercel's privacy policy here. Note that data processed by our website may be transferred to and processed by Vercel in the USA, where data protection standards may differ from those in the EU. For details on data transfer and protection measures, refer to this document.

Data Processing by User Input

When registering for our services, the following data is processed:

  1. Name
  2. Email address
  3. Other relevant data as requested

For inquiries made via email or phone, we process:

  1. Name
  2. Email address
  3. Phone number
  4. Details of the inquiry

This data is not shared without your explicit consent. Processing is based on Art. 6 para. 1 lit. b GDPR if related to a contract or necessary for pre-contractual measures. Otherwise, it is processed based on our legitimate interest in efficiently handling inquiries (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR) if this has been sought; you may revoke consent at any time.

Communication Consent

By supplying your email during registration or joining a waitlist, you consent to receiving periodic communications from FoodFacts for marketing and informational purposes. These may include newsletters and promotions. Opt-out options are available at any time.

Data Security

Your personal data is secured on Firebase servers located in Belgium, the Netherlands, and Finland. However, transfers to the USA or other third countries may occur if necessary for operational purposes. We maintain a data processing agreement with Firebase, accessible here.

Cookies and External Content

We limit our use of cookies to those essential for website functionality. For analytics, we employ, which gathers non-personal data such as:

  • Page URL
  • HTTP Referer
  • Browser type
  • Operating system
  • Device type
  • Geolocation data (country, region, city)

Further details on Plausible's privacy practices are available here.

Mobile Apps

Data Collection and Use

Our mobile apps (iOS, Android) collect data including email addresses, user interactions, crash reports, and performance statistics to enhance user experience and app functionality.

We utilize Google Analytics for anonymous statistical analysis, focusing on app usage patterns without linking data to personal identifiers. Note that while data is processed on servers in the USA, no personal data is transmitted internationally.

Your Rights

You are entitled to exercise your data subject rights at any time, which include:

  • The right to information about our processing of your personal data
  • The right to correct inaccurate data
  • The right to erase your personal data
  • The right to restrict data processing
  • The right to data portability
  • The right to object to certain processing activities

‍If you have given us separate consent to process your data, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Revocation does not affect the lawfulness of processing that occurred before the revocation based on the consent.

If, contrary to expectations, there is a breach of your right to lawful processing of your data, please contact us immediately. You also have the right to lodge a complaint with the Austrian Data Protection Authority ( or with another data protection supervisory authority in the EU.