Privacy Policy

What we collect

When you create an account, we collect your email address and a hashed password. We also store your profile type (celiac, gluten intolerant, or gluten-free by choice) and the languages you have downloaded.

If you grant notification permission, we store an Expo push token for your device. This token is used only to deliver notifications about new content and subscription events. It is not used for advertising, tracking, or shared with third parties. You can revoke notification permission at any time in your device settings.

We collect anonymous usage events to understand how the app is used — for example, which screens are visited most. These events are not linked to personally identifiable information.

We do not collect your name, phone number, location, or any medical information beyond what you provide during onboarding.

How we use it

Your email address is used to send transactional emails only: account verification, password reset, and subscription notifications. We do not send marketing emails without explicit opt-in.

Usage events are used to improve the product — to understand which features are valuable and where the app could be clearer.

Offline content

Downloaded cards, guides, and recipes are stored locally on your device in a SQLite database. This data does not leave your device except to sync with our servers when you are online. Authentication tokens are stored in your device's secure storage (iOS Keychain or Android Keystore).

Payments

Payments are processed by LemonSqueezy. We receive a customer ID and subscription status from LemonSqueezy but do not store your card details. LemonSqueezy's privacy policy applies to payment processing.

Third-party services

• LemonSqueezy — payment processing
• Resend — transactional email delivery
• Plausible — privacy-respecting analytics on this marketing site (no cookies, no fingerprinting)

No third-party analytics SDKs are included in the mobile app.

Data retention

Your account data is retained until you delete your account. Deleting your account removes all associated personal data from our servers within 30 days. Downloaded content on your device is removed immediately when you delete your account through the app.

Lawful basis for processing (GDPR)

For users in the European Union and UK, we process your personal data under the following legal bases:

• Contract (Article 6(1)(b)) — your email address is necessary to provide the account and subscription services you have requested.
• Legitimate interest (Article 6(1)(f)) — your dietary profile type (celiac, gluten intolerant, or gluten-free by choice) is stored to personalise restaurant card messaging. This is the core function of the product and directly serves the safety of users with celiac disease. This processing is necessary and proportionate to that purpose. You may update or delete this information at any time.
• Legitimate interest (Article 6(1)(f)) — anonymous usage events are collected to improve the product. These events contain no personally identifiable information.

You have the right to object to processing based on legitimate interests. Contact us at hello@gfglobal.app to exercise this right.

Your rights

You may request a copy of your personal data, correction of inaccurate data, or deletion of your account at any time by contacting us at hello@gfglobal.app.

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR). Our servers are located in Nuremberg, Germany (EU).

Contact

Questions about this policy: hello@gfglobal.app