Privacy Policy

1. Introduction

This Privacy Policy explains how PluckAI ("we", "our", or "the app") collects, uses, and protects information when you use our iOS application. PluckAI is a produce freshness scanner and social discovery platform powered by AI.

By using PluckAI, you agree to the practices described in this policy. If you do not agree, please do not use the app.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Authentication data — email address and authentication tokens via Firebase Authentication (supports Apple Sign In, Google Sign In, and email/password)
• Profile information — display name and optional profile photo that you choose to provide

2.2 Photos & Scan Data

When you scan produce, PluckAI captures a photo using your device camera or accepts an image from your photo library. These images are:

• Sent to our secure cloud service for AI analysis (see Section 3)
• Stored locally on your device in encrypted form for your scan history
• Optionally shared to the community feed if you choose to post them

2.3 Scan Results & AI Interactions

Analysis results (produce name, freshness status, tips, recipes, and voice narration text) are stored both locally on your device and in our cloud database associated with your account. Conversations with NutriChef AI are processed through our cloud service.

2.4 Social & Community Data

When you use PluckAI's social features, we collect:

• Posts — content, images, and captions you share to the community feed
• Comments & Likes — interactions you make on other users' posts
• Follows — your follower and following relationships
• Direct Messages — messages you send to and receive from other users

2.5 Usage Data

We may collect anonymized and aggregated usage data, such as feature usage frequency and scan patterns, to understand how users interact with the app and improve its performance. This data is stripped of personally identifiable information.

3. How We Use Your Information

3.1 AI Analysis & Processing

When you scan produce or interact with NutriChef AI, your data is processed through the following services:

• Anthropic's Claude API — for produce freshness analysis and NutriChef AI chat interactions. We encourage you to review Anthropic's Privacy Policy.
• OpenAI API — for generating recipe images via DALL-E within NutriChef AI. We encourage you to review OpenAI's Privacy Policy.

3.2 Account & Cloud Services

We use Google Firebase to provide:

• Authentication — secure account sign-in and management
• Cloud Firestore — storing your profile, posts, comments, follows, messages, and scan data
• Cloud Storage — storing images you upload (profile photos, post images)
• Cloud Functions — processing AI requests securely on the server side

3.3 On-Device Storage

Scan history and images are also stored locally on your device for offline access. Images are encrypted using AES-GCM 256-bit encryption before being saved locally. The encryption key is stored in the iOS Keychain, protected by your device passcode and the Secure Enclave.

3.4 Service Improvement

We may use anonymized and aggregated data — including scan results and interaction patterns — to review, analyze, and improve the accuracy of our AI models and the overall user experience. This data is stripped of personally identifiable information before any analysis.

4. Data Security

We take the security of your data seriously:

• Encryption at rest: locally stored images are encrypted with AES-GCM 256-bit encryption
• Keychain storage: sensitive values (encryption keys) are stored in the iOS Keychain
• TLS in transit: all communication with our servers and third-party APIs uses HTTPS
• Firebase Security Rules: strict server-side rules ensure users can only access their own data
• Authenticated access: all API requests require a valid authentication token

5. Third-Party Services

PluckAI uses the following third-party services:

• Google Firebase (Authentication, Firestore, Cloud Storage, Cloud Functions) — for account management, data storage, and server-side processing. Subject to Google's Privacy Policy.
• Anthropic Claude API — for AI-powered produce analysis and chat. Subject to Anthropic's Privacy Policy.
• OpenAI API — for generating recipe images. Subject to OpenAI's Privacy Policy.

We do not use any advertising SDKs, social media tracking tools, or third-party analytics services.

6. Data Retention & Deletion

We retain your data as follows:

• Account data — retained while your account is active
• Posts & social data — retained while your account is active or until you delete specific content
• Scan history — retained both locally and in the cloud while your account is active
• Messages — retained while your account is active

You can delete your account at any time through the app's settings. When you delete your account:

• Your profile, posts, comments, follows, and messages are permanently removed from our servers
• Local data is removed when you uninstall the app
• Some anonymized and aggregated data that has already been processed for service improvement may be retained, as it cannot be linked back to you

7. International Data Transfers

PluckAI's servers are located in the United States. If you are accessing the app from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the app, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

8. Your Privacy Rights

8.1 All Users

Regardless of your location, you have the right to:

• Access your personal data through the app
• Delete your account and associated data
• Update your profile information at any time
• Delete individual posts, comments, or scans

8.2 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate personal data
• Right to erasure — request deletion of your personal data
• Right to data portability — request a machine-readable copy of your data
• Right to object — object to the processing of your personal data for certain purposes
• Right to restrict processing — request that we limit processing of your personal data

The legal basis for processing your data is: (a) your consent when creating an account and using the app, (b) performance of a contract (providing the service), and (c) legitimate interests (improving our service and ensuring security).

To exercise any of these rights, contact us at privacy@pluckai.app. We will respond within 30 days.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know — what personal information we collect, use, and disclose
• Right to delete — request deletion of your personal information
• Right to opt-out — opt out of the sale or sharing of your personal information (we do not sell your data)
• Right to non-discrimination — we will not discriminate against you for exercising your rights

We do not sell your personal information and have not done so in the preceding 12 months.

9. Children's Privacy

PluckAI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at privacy@pluckai.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes, we will notify you through the app or by email. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@pluckai.app