LabelLens
Privacy Policy — by STILL RAFT PTY LTD
Contents
1. Overview & our commitment
LabelLens is a food-label awareness app that helps you cross-reference ingredients against your own dietary preferences and allergies. It is made by STILL RAFT PTY LTD ("Stillraft"), registered in Australia.
Our core privacy principles:
- No account required — you never need to sign in, share an email, or create a profile on our servers to use LabelLens. Everything works against your local device.
- Local-first — your dietary preferences, allergy profile, watchlist, and scan history are stored exclusively on your device.
- No selling — we do not sell, rent, or trade your personal information to any third party.
- No ads, no tracking — we do not run advertising, do not collect advertising identifiers, and do not track you across apps or websites.
- Delete any time — uninstalling LabelLens removes all locally stored data from your device.
2. Data we collect and how
On your device only
The following data is stored exclusively on your device using AsyncStorage
(@react-native-async-storage/async-storage). It is never
transmitted to our servers, because we operate no servers for storing
personal data.
- Dietary preferences (e.g. vegan, halal, kosher, gluten-free)
- Allergy profile and ingredient restrictions you set in Settings
- Watchlist (specific ingredients or nutrient categories you're tracking)
- Scan history (barcodes you've scanned, products you've saved)
- App preferences and onboarding state
Data that leaves your device
When you scan a barcode or open a product page, LabelLens sends the barcode number only (or, for some recall lookups, the product name) to public food-data APIs to retrieve ingredient and nutrition information. Your identity, allergy profile, watchlist, and scan history are never sent with these requests. See section 4 for the full list of third parties.
Cloud backups
If you choose to use your device's native cloud backup service (Apple iCloud on iOS or Google Drive on Android), LabelLens data stored on your device will be included in those backups, governed by the respective privacy policies of Apple or Google. We never see or touch those backups; they belong to your Apple or Google account.
3. Camera & ingredient OCR
Barcode scanning
LabelLens uses the camera to read product barcodes. Barcode frames are processed on-device in real time and are never stored or transmitted. The microphone is not used or requested.
Ingredient-list OCR
If you tap Scan ingredient list on a product page, LabelLens captures a still image of the ingredient label and sends it to Anthropic's Claude API for text extraction, via a Cloudflare Worker proxy operated by Stillraft. The image is sent over HTTPS, processed by Anthropic, and the extracted ingredients are returned to your device.
- We do not retain the image after the call completes.
- We do not associate the image with your identity, your dietary profile, or any persistent identifier.
- The Cloudflare Worker proxy logs request counts (for cost and abuse monitoring) but not image contents.
- Anthropic's privacy notice is at anthropic.com/legal/privacy.
- You can avoid this feature entirely — barcode lookup works without it.
4. Third parties & sharing
When you scan a barcode or view a product, LabelLens makes direct network requests from your device to the following providers. We send only the barcode number (or, for some recall lookups, the product name) — not your identity, allergy profile, watchlist, or any other personal data. Those providers may log your IP address and the request payload according to their own privacy policies.
| Provider | What we send | Their privacy notice |
|---|---|---|
| Open Food Facts | Barcode number | openfoodfacts.org |
| USDA FoodData Central | Barcode number | fdc.nal.usda.gov |
| Edamam (only if configured) | Barcode number | edamam.com/privacy |
| US FDA openFDA | Barcode number | open.fda.gov |
| UK Food Standards Agency | Product name (for recall search) | food.gov.uk |
| EFSA RASFF (EU) | Product name (for recall search) | webgate.ec.europa.eu |
| Anthropic (Claude API) | Photo of label, only when you opt in to OCR | anthropic.com/legal/privacy |
| Sentry (crash reporting) | Error metadata — see section 5 for details | sentry.io/privacy |
Crash reporting (Sentry)
We use Sentry (Functional Software, Inc.) to receive automatic crash and error reports when LabelLens encounters a bug. Sentry receives:
- The error message and stack trace
- Device model, operating system version, and app version
- Recent navigation breadcrumbs (e.g. "opened Home", "opened Product details")
- A small fraction of session replay frames where text and images are blurred on-device before transmission
- Your IP address (used by Sentry for fraud and abuse prevention; not used by LabelLens)
We do not send your dietary profile, allergen list, scan history, watchlist, or barcodes to Sentry. Before any error metadata is attached to a report, LabelLens redacts any field whose name matches a known personal-data pattern, and we maintain unit tests that enforce this redaction.
We do not sell your data
We do not sell, rent, or trade your personal information to any third party.
5. Data retention & deletion
On-device data
Data stored on your device is kept until you delete it. You can:
- Export all your data via the "Export data" button in Settings.
- Clear individual records from the History or Saved screens.
- Delete everything by uninstalling LabelLens. This removes all locally stored data.
Crash reports (Sentry)
Sentry retains crash reports according to its standard retention schedule (typically 90 days for events, longer for issue metadata). To request deletion of any crash reports we may have received about your device, email the address below.
Third-party API logs
The food-data providers listed in section 4 each have their own retention policies; we have no control over those logs. Consult each provider's privacy notice if you need to request deletion.
6. Security
Because LabelLens operates no servers and does not store your data centrally, there is no server-side database that could be breached. Data on your device is protected by the standard iOS / Android sandbox model and any device-level encryption you have enabled (Touch ID / Face ID / device passcode).
All network requests use HTTPS. Our OCR proxy enforces per-IP rate limits and daily / monthly budget caps to prevent abuse.
7. Children
LabelLens does not collect data from anyone, including children under 13. Because we collect no data, LabelLens is appropriate for all ages from a data-collection standpoint. (This is a privacy statement, not a food-safety claim — always read the physical label.)
8. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information we collect, use, disclose, or sell. (Answer: see section 2. We collect nothing on our servers.)
- Right to delete personal information we have collected. (Answer: there is nothing to delete on our side. To delete data on your device, uninstall the app.)
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of personal information. (Answer: we do not sell or share your information.)
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising any of the above rights.
To exercise these rights, email privacy@stillraft.com.
9. European privacy rights (GDPR / UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:
- Right of access to your personal data.
- Right to rectification of inaccurate data.
- Right to erasure ("right to be forgotten").
- Right to restrict processing.
- Right to data portability.
- Right to object to processing.
- Right to lodge a complaint with your local supervisory authority (e.g. ICO in the UK, CNIL in France).
Because LabelLens stores no data on our servers, there is generally nothing for us to retrieve or erase on your behalf except crash reports as described in section 5. To exercise your rights, email privacy@stillraft.com.
Legal basis for processing: our minimal processing (crash reports) is based on legitimate interest (Art. 6(1)(f) GDPR) — keeping the app working. Your OCR opt-in for ingredient extraction is based on consent (Art. 6(1)(a) GDPR), which you can withdraw any time by not using the OCR feature.
10. Australian privacy rights (Privacy Act 1988)
Stillraft is an Australian Privacy Principles (APP) entity under the Privacy Act 1988 (Cth). You have rights under the Australian Privacy Principles to:
- Access the personal information we hold about you (currently: only crash reports, if any).
- Request correction of personal information.
- Know whether we will disclose your information to overseas recipients (answer: only to the third parties listed in section 4, for the purposes described).
Complaints
If you believe we have breached the Australian Privacy Principles, please contact us first at privacy@stillraft.com and we will respond within 30 days. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version at this URL and update the "Last updated" date at the top. For significant changes — particularly if we ever add features that involve collecting your personal data — we will also notify you in the app before any new data leaves your device. Continued use of LabelLens after changes become effective constitutes acceptance of the updated policy.
12. Contact us
If you have any questions, requests, or concerns about this Privacy Policy or your data, please contact:
STILL RAFT PTY LTD
81-83 Campbell Street, Surry Hills NSW 2010, Australia
Email: privacy@stillraft.com
Website: stillraft.com