Privacy Policy
Last updated: April 20, 2026
Tofu ("we", "us", "our") is a plant-based lifestyle app operated by Moloko Ventures s.r.o. This policy explains what data we collect, how we use it, and your rights.
1. What We Collect
Information you provide
- Profile data: Name (optional), dietary type, allergies, health goals, cooking level, cuisine and recipe preferences, excluded ingredients.
- AI feature usage: Recipe discovery searches you submit and questions you ask within the scanner's contextual chat, plus the responses you receive.
- Recipe interactions: Ratings, favorites, and personal notes you add to recipes.
- Shopping lists: Items you add to your shopping list.
- Supplement logs: Which supplements you track and when you log them.
Information collected automatically
- Device identifier: A random ID generated on your device, used to sync recipe ratings and for analytics. This is not your Apple ID or advertising identifier.
- Product scans: Barcodes you scan are sent to OpenFoodFacts (a public food database) to retrieve product information.
- Usage data: We track feature usage (e.g., which tabs you visit, how many scans you perform) to understand how the app is used and improve it.
- Crash reports: If the app crashes, we collect diagnostic data (device model, OS version, stack trace) to fix bugs.
Information we do NOT collect
- Email address, phone number, or physical address
- Location data (GPS)
- Photos (the camera is used for scanning only — no images are stored or uploaded)
- Contacts, calendar, or other personal data from your device
2. How We Use Your Data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Personalize recipe recommendations | Profile preferences, ratings, favorites | Consent (you choose to set preferences) |
| Analyze ingredients for vegan/vegetarian status | Ingredient text from scanned products | Legitimate interest (core app function you requested) |
| Power AI recipe discovery and the scanner contextual chat | Search queries, conversation history within a session, profile context | Legitimate interest (core app function you requested) |
| Enforce free-tier usage limits | Daily scan and question counts | Legitimate interest (fair use of the service) |
| Manage your subscription | Purchase data (handled by Apple and RevenueCat) | Contract (performance of subscription) |
| Improve the app and fix bugs | Analytics events, crash reports | Legitimate interest (service improvement) |
3. Third-Party Services
We share data with the following services to provide core app functionality:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Backend database, authentication | Recipe ratings (linked to device ID), anonymous auth tokens |
| Anthropic (Claude) | AI-powered ingredient analysis, recipe discovery, and scanner contextual chat | Ingredient text, search queries, conversation messages, profile context (dietary type, allergies, preferences) |
| OpenFoodFacts | Product database for barcode scanning | Product barcodes |
| RevenueCat | Subscription management | Purchase transactions, device identifier, app version |
| TelemetryDeck | Privacy-first analytics | Anonymous usage events, device type, OS version. TelemetryDeck does not use cookies or advertising identifiers. |
| Sentry | Crash reporting | Error logs, device info |
We do not sell your data to anyone. We do not use your data for advertising.
4. AI Features & Data Processing
When you use AI recipe discovery, scan ingredients, or chat within the scanner, your data is sent to Anthropic's Claude API for processing. This includes:
- Your conversation messages (full history within the current conversation)
- Your profile context (dietary type, allergies, goals, preferences) to personalize responses
- Ingredient text from scanned products for vegan/vegetarian analysis
Conversations are stored locally on your device. They are not stored on our servers. Anthropic processes your data according to their privacy policy.
5. Where Your Data Is Stored
- On your device: Profile, conversations, scan history, supplement logs, shopping lists, notes, and favorites are stored locally using Apple's encrypted on-device storage.
- On our servers: Only recipe ratings (linked to your anonymous device ID) are stored on our backend (Supabase, hosted in the EU).
- Third-party servers: Analytics (TelemetryDeck, Germany), crash reports (Sentry, Germany — EU data residency), AI processing (Anthropic, US), and subscription data (RevenueCat/Apple) are processed by their respective services.
International data transfers: One third-party processor we rely on (Anthropic, based in the United States) processes data outside the European Economic Area. This transfer relies on Standard Contractual Clauses (SCCs) as approved by the European Commission, through our agreement with Anthropic. All other data processing takes place within the EEA.
6. Data Retention
- Local data is deleted when you uninstall the app.
- Recipe ratings on our servers are retained indefinitely in aggregate form to maintain rating statistics.
- Analytics data (TelemetryDeck): anonymous usage events retained for approximately 1 year.
- Crash reports (Sentry): retained for 30–90 days depending on the report type.
- Subscription data (Apple, RevenueCat): retained as required by applicable accounting and consumer-protection laws, typically up to 7 years.
- AI feature data (Anthropic): we do not retain AI requests or responses on our servers; Anthropic retains them short-term for abuse prevention (typically up to 30 days per their API policy) and does not use them for model training.
7. Your Rights
Depending on your jurisdiction (including under GDPR and similar laws), you have the right to:
- Access the personal data we hold about you
- Delete your data — uninstalling the app removes all local data; contact us to request deletion of server-side data (recipe ratings)
- Rectify inaccurate data via your in-app profile settings
- Data portability — request a copy of the personal data we hold about you in a structured, commonly-used, machine-readable format
- Restrict processing in certain circumstances (e.g., while you contest the accuracy of data we hold)
- Object to data processing — you can stop using features that require data transmission (AI recipe discovery, barcode scanner, scanner contextual chat)
- Lodge a complaint with a supervisory authority. In Slovakia, this is the Office for Personal Data Protection (Úrad na ochranu osobných údajov — dataprotection.gov.sk). You may also contact the authority in your EU country of residence.
To exercise your rights, contact us at support@gettofu.app.
8. Children's Privacy
Tofu is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.
9. Security
All data transmitted between the app and our servers uses HTTPS/TLS encryption. Local data is stored in Apple's encrypted app container. We do not store passwords or authentication credentials.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through the app or by updating the "Last updated" date above.
11. Contact
Moloko Ventures s.r.o.
Email: support@gettofu.app
Website: gettofu.app