Translate any dish into nutrition, recipes, and a smarter shopping list.

Effective date: October 1, 2025
App: Disypher
Company/Developer: Vihaan Bhaduri
Contact: disypher.app@gmail.com

1) Overview

Disypher lets you analyze food photos to get dish descriptions, nutrition insight, and recipe ideas. This policy explains what we collect, why we collect it, how we use and share it, and the choices you have. It applies to the App, our website https://disypher.com, and related services.

2) Data Controller

For users in the EEA/UK/Switzerland, the data controller is Vihaan Bhaduri. For all other regions, the controller is also Vihaan Bhaduri.

If we later form an LLC or appoint an EU/UK representative, we’ll update this section.

3) What we collect

We collect only the data needed to operate Disypher.

A. You provide

• Account info: email and password (via Firebase Authentication; passwords are handled by Google Firebase and not visible to us).
• Content: dishes you save, profile pictures, and any text you enter (e.g., notes, and messages you send to the in-app “Chef” assistant).
• Support messages: emails you send us or feedback you submit via the app store.

B. Collected automatically

• App usage & diagnostics: basic in-app events and performance metrics to keep the app reliable. If Crashlytics is enabled, we collect crash reports and stack traces to fix bugs more quickly.
• Device info: device model, OS version, language, and settings needed for performance and debugging.
• Log data: timestamps, IP address (stored ephemerally in server logs), and request/response metadata for security and abuse prevention.

C. From third parties (service providers)

• Authentication data: from Firebase/Auth to sign you in.
• Cloud storage metadata: file IDs/URLs and metadata for photos stored in Firebase Storage.
• Model processing: when you request analysis, we send the photo (or an encoded version) and your prompt text to our hosted model backend (our Vercel/Cloud Functions endpoint that calls the OpenAI GPT-4o API or equivalent) to generate structured outputs (dish name/description, “healthier” and “mimic” recipes, nutrition estimates).

These same categories must be disclosed in App Store Connect under App Privacy.

D. Permissions we request (iOS)

• Camera and Photos: to capture or pick food images for analysis and to update your profile picture.
• Notifications (optional, if enabled later): to deliver service updates (e.g., policy changes or account notices).

4) How we use data

• Core features: analyze food images; generate dish descriptions/recipes; display saved dishes; favorites; shopping lists.
• Account & security: authentication, fraud/abuse monitoring, and protecting our services and users.
• App performance: diagnostics, debugging, quality improvement.
• Communications: essential service messages (e.g., policy or terms updates, outages).
• Compliance: meeting legal obligations and enforcing terms.

We do not sell your personal information and do not share it for cross-context behavioral advertising. We do not use third-party advertising SDKs or the IDFA.

5) Sharing & processors

We share data only with service providers that process it for us under confidentiality and security obligations:

• Google Firebase (Google LLC): Authentication, Firestore database, Firebase Storage, and (if enabled) Crashlytics for crash reporting.
• AI/Model provider: our backend hosted on Vercel or Google Cloud Functions sends only the minimum necessary (image/prompt) to OpenAI (or an equivalent model provider) to generate outputs.
• Payments: If we add Apple In-App Purchases or subscriptions, Apple will process payment data; we’ll update this section when live.
• Infrastructure: Vercel and/or Google Cloud for hosting our backend.

We may disclose information if required by law, to protect rights and safety, or in the context of a merger, acquisition, or asset transfer (with notice where required).

6) Your choices & rights

• Access, correction, deletion: Email disypher.app@gmail.com from your signed-in address to request a copy of your data, corrections, or account deletion (which deletes your saved dishes and associated content). We’re adding in-app controls in Settings → Privacy for export/delete; until then, email requests are handled within a reasonable time.
• Opt-out of marketing: We don’t send marketing emails. If that changes, every message will include an unsubscribe option.
• California (CCPA/CPRA): California residents can request access and deletion and opt-out of “sale”/“sharing.” We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share” link. Parents/guardians may exercise rights for minors.
• EEA/UK (GDPR/UK GDPR): Where applicable, you may have rights to access, rectify, erase, restrict/oppose processing, data portability, and to lodge a complaint with your local supervisory authority. Our legal bases include: performance of a contract (to provide the app), legitimate interests (to secure and improve), and consent (where required by law).

7) Data retention

• Photos & analyses: kept until you delete the item or your account (or as otherwise configured in in-app controls when available).
• Diagnostics/logs: retained for 90 days for security and troubleshooting, then deleted or anonymized.
• Account data: retained while your account is active and as needed for legal/recordkeeping obligations.

8) Children’s privacy

Disypher isn’t directed to children under 13. We don’t knowingly collect personal data from children under 13 without appropriate consent. If you believe a child has provided personal data, contact us (disypher.app@gmail.com) and we’ll delete it. Apps for kids face additional App Store restrictions; Disypher is not a kids app.

9) Security

We use administrative, technical, and organizational measures appropriate to the nature of the data and risks, including encryption in transit (HTTPS), provider-level encryption at rest (Firebase), access controls, and least-privilege practices. No method is 100% secure, but we work to protect your information.

10) International transfers

Your information may be processed in countries outside your own (including the United States). Where required, we use lawful mechanisms—such as Standard Contractual Clauses—and implement additional safeguards for international transfers.

11) App Tracking Transparency (ATT)

We do not track you across other companies’ apps or websites and do not access the advertising identifier (IDFA). If we add features that require tracking in the future, we’ll request consent via Apple’s ATT prompt and update this policy.

12) Automated decision-making / AI disclosures

When you submit an image or prompt, our servers and our model provider process that content to generate outputs (e.g., dish name, healthier/mimic recipes, nutrition estimates). We may use aggregated, de-identified data to improve model quality and safety (e.g., to detect abuse or measure performance). We do not use your content to train public models. Our upstream model provider may retain limited data for abuse monitoring and rate-limit enforcement—see their policy for details; we’ll link provider-specific terms inside the app.

13) Links & third-party content

The App may link to third-party sites or content we don’t control. Their privacy practices are governed by their own policies.

14) Changes to this policy

We’ll update this policy as our practices evolve. Material changes will be announced in-app or on our website with a new effective date. Your continued use after the effective date means you accept the updated policy.

15) Contact

Questions or requests? Email disypher.app@gmail.com.