CyberChef — Privacy Policy
App: CyberChef (com.cyberchef.pantry)
Last updated: June 16, 2026
Contact: tapshiftstudios@hotmail.com
CyberChef (“we”, “us”, or “the app”) is a smart pantry and recipe assistant. It helps you scan fridge and receipt photos, track product freshness, manage shopping lists, and receive AI-generated recipe suggestions. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
By using CyberChef, you agree to this policy. If you do not agree, please do not use the app.
1. Who is responsible for your data?
Data controller: TapShift Studios
Email: tapshiftstudios@hotmail.com
2. Information we collect
2.1 Photos, camera, and gallery
With your permission, you may take photos with the camera or pick images from your gallery.
Images are used to detect food items in your fridge/pantry, read grocery receipts (OCR), or scan barcodes.
Receipt images are not stored on our servers. We send them for processing and retain only the extracted product list (names, quantities, estimated expiry, and line prices when visible on the receipt).
Fridge/pantry photos are processed to generate ingredient lists and recipes; we do not use them for unrelated purposes such as advertising profiling.
2.2 Account and authentication
If you create an account, we collect your email address and authentication credentials managed by Supabase Auth.
You may use a guest (anonymous) session without email; guest data may be limited and Pro purchases require a registered email account.
When signed in, pantry/freshness items, scan history, and related data may be stored in your account and synced via our cloud database.
2.3 App and usage data
Pantry / freshness inventory: product names, categories, purchase dates, estimated expiry, quantities, store names, and optional purchase prices from receipts.
Shopping list items and recipe favorites.
Recent scans and recipe results generated from your scans.
Savings / waste-rescue statistics (estimated amounts saved when you use products before expiry) — stored locally on your device unless you export them.
Preferences: language, theme, diet profile, cuisine/region setting, notification time, and similar settings (stored on your device).
AI usage limits: to enforce fair daily quotas, we use an anonymous device identifier and/or your account user ID. We do not use this to track you across unrelated apps.
2.4 Artificial intelligence processing
AI features (pantry analysis, receipt OCR, recipe generation, translation) are processed through our secure server proxy, which calls Google Gemini APIs.
Images and text prompts are transmitted for the purpose of providing the requested feature only.
API keys for AI services are kept on our servers, not in the public app.
Daily usage limits apply to free and Pro plans as described in the app.
2.5 Advertising (Google AdMob)
On the free plan, we show Google AdMob banner and rewarded video ads.
Google may collect the Advertising ID, device information, IP address, and interaction data to serve and measure ads. See Google’s Privacy Policy: https://policies.google.com/privacy
You can limit ad personalization in your device settings (e.g. “Opt out of Ads Personalization” on Android).
Pro subscribers do not see in-app ads.
2.6 Purchases and subscriptions
Pro subscriptions are processed by Google Play Billing. We do not receive your full payment card details.
We may receive purchase tokens, product IDs, and package name to verify your subscription and activate Pro features on our servers.
2.7 Crash and diagnostics (optional)
If enabled in a given build, we may use Sentry to collect crash logs and technical diagnostics to improve stability. These are generally anonymous or pseudonymous.
3. How we use your information
Provide core features: scanning, freshness tracking, shopping lists, recipes, and account sync.
Operate, secure, and improve the app, including abuse prevention and rate limiting.
Process subscriptions and deliver Pro benefits.
Display ads on the free plan and grant optional rewarded scan credits.
Respond to support requests and legal obligations.
We do not sell your personal information.
4. Legal bases (EEA/UK users)
Where GDPR applies, we rely on:
Contract: to provide the app and subscriptions you request.
Legitimate interests: security, fraud prevention, analytics, and product improvement (balanced against your rights).
Consent: where required for camera/gallery access, notifications, or personalized ads (via your device/OS choices).
Legal obligation: when we must comply with law.
5. Third-party service providers
Supabase — authentication, database, and cloud functions.
Google Gemini (Google AI) — AI image and text processing.
Google AdMob — advertising.
Google Play — app distribution and in-app purchases.
Sentry — optional crash reporting.
These providers process data under their own terms and privacy policies.
Google: https://policies.google.com/privacy
6. Data storage and retention
On your device: preferences, local pantry data (when not synced), savings statistics, and similar data in app storage.
In the cloud: account-linked pantry and scan data while your account exists.
Receipt images: not retained on our servers after processing.
AI usage counters: reset on a daily basis.
We retain account data until you delete your account or request deletion, subject to legal retention requirements.
7. International transfers
Your data may be processed in countries other than your own (including the United States and countries where our service providers operate). Where required, we rely on appropriate safeguards such as standard contractual clauses or provider certifications.
8. Your rights and choices
Depending on your location, you may have the right to:
Access, correct, or delete your personal data.
Object to or restrict certain processing.
Data portability (e.g. export local app data from Settings).
Withdraw consent where processing is consent-based.
Lodge a complaint with your local data protection authority.
In the app you can:
Sign out — Settings → Sign out.
Export local data — Settings → Export local data (JSON to clipboard).
Delete local data — Settings → Delete local data.
Manage permissions — camera, notifications, and photos in Android system settings.
For account deletion or other requests, email tapshiftstudios@hotmail.com. We will respond within a reasonable time.
9. Security
We use industry-standard measures including HTTPS, server-side API keys, and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Children
CyberChef is not directed at children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change. Material changes may be communicated in the app or on the store listing. Continued use after changes means you accept the updated policy.
12. Contact us
TapShift Studios
Email: tapshiftstudios@hotmail.com