Privacy Policy

Last updated: December 18, 2025

Your privacy matters to us. This policy explains how PNut collects, uses, and protects your information.

1. Overview

PNut helps users identify common food allergens by scanning ingredient labels using AI-powered image analysis. We respect your privacy and only collect data necessary to make the app work.

2. What We Collect

  • Camera & Photo Access: Used only to capture or select ingredient label images for scanning. Images are processed in real-time and not stored on our servers.
  • Scanned Images & Text: Sent securely to OpenAI Vision API to analyze ingredients and detect allergens. Images are not retained after analysis.
  • Allergen Preferences: Your selected allergens (e.g., gluten, dairy, peanuts, nuts) are stored locally on your device only.
  • Subscription Info: Managed through Apple's App Store and processed by RevenueCat to verify and sync your purchase status. We don't access or store any payment details.
  • Basic App Data: Such as crash logs or usage statistics to improve app performance and stability.

3. How We Use Your Data

  • To process ingredient scans and display allergen detection results.
  • To provide color-coded safety indicators (green/red/amber) based on your allergen preferences.
  • To improve app accuracy, performance, and user experience.
  • To detect and fix technical issues through crash reporting.
  • To manage subscription status and free tier scan limits.

We don't sell or share your personal data with third parties for marketing purposes.

4. Data Storage & Security

Your scanned images are processed securely via encrypted HTTPS connections and are not linked to your personal identity. We use trusted cloud services (OpenAI API) for AI analysis. Your allergen preferences and scan history are stored locally on your device, not on our servers.

5. Third-Party Services

PNut uses the following third-party services:

  • OpenAI Vision API: For AI-powered ingredient analysis and allergen detection. When you scan an ingredient label, the image is sent to OpenAI's Vision API for processing. According to OpenAI's API data usage policy (as of December 2025), API inputs are not used to train their models and are retained for 30 days for abuse and misuse monitoring, then automatically deleted. For OpenAI's current data handling practices, see: https://openai.com/enterprise-privacy
  • RevenueCat: For subscription management and purchase verification. RevenueCat processes purchase data according to their privacy policy.
  • Analytics: We may use analytics services to track app usage, crashes, and performance metrics to improve functionality.

These services process data under their own privacy policies, which we encourage you to review.

6. No Medical Advice

PNut is an informational tool and does not provide medical advice, diagnosis, or treatment. Results are for guidance only and should not replace consultation with healthcare professionals or reading of actual product labels. Always verify ingredients with manufacturers when in doubt.

7. Your Choices & Rights

  • Camera/Photo Access: You can revoke permissions at any time via iOS Settings.
  • Data Deletion: Delete the app to remove all locally stored preferences and scan history.
  • Subscription Management: Manage or cancel subscriptions through your App Store settings.
  • GDPR/CCPA Rights: Users in the EU and California have additional rights to access, delete, or port their data. Contact us at support@sufiyanyasa.com.

8. Children's Privacy

PNut is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Continued use of the app after updates means you agree to the latest version. We will notify users of significant changes through the app or via email.

10. Governing Law & International Privacy Rights

This Privacy Policy is governed by the laws of Malaysia and applicable international privacy regulations. Where your local privacy laws provide greater protection, those laws shall apply.

European Union (EU) & UK Users: You have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

California Users: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by businesses
  • Opt-out of sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your CCPA rights

Other Jurisdictions: Users in other jurisdictions may have additional rights under local privacy laws. We respect and comply with applicable privacy regulations worldwide.

Any disputes regarding privacy shall be subject to the dispute resolution procedures outlined in our Terms & Conditions.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: support@sufiyanyasa.com

Developer: Sufiyan Yasa