Last Updated: March 2026
The data controller can be contacted at: beyonded.studios@gmail.com
By default, all information entered in the app (such as inventory details, products, categories, and notes) is stored exclusively on the user’s local device.
The app offers optional features that require Google authentication and allow data backup to Google Firebase. When these features are enabled by the user, certain data is transmitted to and stored on Google Firebase servers.
The app displays advertisements: if the user consents, ads may be personalized; otherwise, only non‑personalized ads are shown.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) – necessary to provide the service.
The following data is always stored locally on the device:
Inventories: Names and details of created inventories
Products: Name, quantity, price, code, expiration date, description, and product images
Categories and Subcategories: User‑created organizational structures
Notes: User‑added notes
Shopping list: Products and details in the shopping list
Calculator history: Saved calculations
Preferences: Language, currency, theme settings
Statistics and reports: Inventory usage statistics
Expense tracking and comparisons
This data is never sent to Google Firebase or any other service, unless the user explicitly enables cloud backup (see Section 3).
Legal basis: Consent (Art. 6(1)(a) GDPR) – activated only through explicit user choice.
The app allows users to sign in with a Google account to enable automatic cloud backup. This feature is entirely optional and requires explicit user consent.
When the user chooses to sign in with Google:
Google account email address
Full name associated with the account
Profile picture (if available)
Unique user ID provided by Google
When enabled, the backup feature automatically syncs the following data to Google Firebase servers:
All inventories and related products
Categories and subcategories
Personal notes
Shopping list
Calculator history
App preferences (language, currency, theme)
Inventory statistics
Reports and summaries
Inventory settings and notifications
Google account email address (included in the backup document to identify data ownership)
When a barcode is scanned, the app queries a shared Firebase database to suggest a product name (read‑only, available even without authentication).
When authenticated users save a product with a barcode, the product name is contributed to the shared database.
This database contains only barcode, product name, and usage count — no personal data.
Data protection in case of device loss or replacement
Weekly automatic sync (if enabled)
Full data restoration on a new device
Google sign‑in and cloud backup are fully optional
Users may sign out at any time
Signing out does not delete local data
Users may request complete cloud data deletion by contacting beyonded.studios@gmail.com
Data stored on secure Google Firebase servers
Access protected through Google authentication
Encrypted communication via HTTPS
Only the authenticated user can access their cloud data
Legal basis: Consent (Art. 6(1)(a) GDPR) via Google Consent Mode v2.
The app uses Firebase Analytics to collect anonymous usage information. Full data collection occurs only after the user provides consent through the consent banner shown at first launch.
Device information (model, OS, app version)
Anonymous usage data (screens visited, features used)
Session duration
Approximate country
Device language
Aggregated, anonymous data without advertising or personal identifiers
Used by Google solely for statistical modeling
Analytics data is used exclusively to:
Improve app features
Identify and fix bugs
Understand which features are most used
More information: https://firebase.google.com/support/privacy
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – necessary to ensure app stability and proper functioning.
The app uses Firebase Crashlytics to automatically collect crash reports and stability issues. This service is essential for identifying and resolving technical problems.
Crash information (error type, stack trace)
Device information (model, OS, available memory)
App state at the time of the crash
Anonymous installation identifier
No personally identifiable data is collected. Reports contain only technical information required for diagnostics.
Crash reports are used exclusively to:
Improve app stability
Fix bugs and errors
Optimize performance
Right to object: Users may object to crash report collection by contacting beyonded.studios@gmail.com
More information: https://firebase.google.com/support/privacy
The app requires and uses the following permissions:
Purpose: Barcode scanning and product images
Storage: Local device only
Security: No automatic transmission to external servers
Purpose: Manually selecting images from the gallery
Control: Uses modern Photo Picker for limited access
Security: No automatic transmission to external servers
Purpose: Import/export inventory data
Formats: TXT, XLSX, PDF, CSV, HTML, JPG
Security: Secure sharing via FileProvider
Purpose: OpenFoodFacts and UPC ItemDB APIs for product identification; Firebase cloud sync (if enabled)
Data transmitted: Only barcodes for OpenFoodFacts and UPC ItemDB; full inventory data for Firebase (only if backup is enabled)
Security: HTTPS communication
Purpose: Local notifications for low stock and expiration alerts
Storage: Managed locally on the device
Technology: Room Database (AndroidX)
Storage: Local device only
Backup: Local export + optional Firebase cloud backup
Deletion: Users may delete data at any time
The app shares data with the following third‑party services:
Firebase Authentication: Google sign‑in
Firebase Firestore: Optional cloud backup and anonymous shared barcode database
Firebase Analytics: Usage analytics (subject to consent)
Firebase Crashlytics: Crash and stability reports (legitimate interest)
Privacy Policy: https://policies.google.com/privacy
Only scanned barcodes for product identification
Open‑source service, no user tracking
Only barcodes for product identification (fallback when OpenFoodFacts has no result)
No personal data transmitted
No personal data is shared with third parties not listed in this policy.
Legal basis:
Legitimate interest (Art. 6(1)(f) GDPR) for non‑personalized ads
Consent (Art. 6(1)(a) GDPR) for personalized ads
The app uses Google AdMob to display advertisements. Ads are always shown to support app development. If the user consents via the banner shown at first launch, ads may be personalized. If consent is denied, only non‑personalized ads are displayed.
Device advertising identifiers
General device and app usage information
Approximate location derived from IP address (the app does not request GPS permissions)
General non‑identifying technical device information
No personal advertising identifiers
Users can change their ad preferences at any time in the app settings under “Privacy & Ads”.
AdMob Privacy Policy: https://policies.google.com/privacy
Google Ads Preferences: https://www.google.com/settings/ads
Google services (Firebase, AdMob) may transfer data to servers located in the United States or other countries outside the European Economic Area (EEA).
These transfers are protected by the EU‑US Data Privacy Framework (DPF), to which Google LLC adheres, and by the Standard Contractual Clauses (SCCs) approved by the European Commission.
More information: https://policies.google.com/privacy/frameworks
Local data: Protected by the device’s security measures
Cloud data: Protected by HTTPS encryption and Google authentication
Access: Only the authenticated user can access their cloud data
Backup: Stored on secure Google Firebase servers with at‑rest encryption
Local data: Stored on the device until the user deletes it or uninstalls the app
Cloud data (Firebase): Stored until the user requests deletion via beyonded.studios@gmail.com
Analytics data: Retained by Google for 14 months (default Firebase settings)
Crashlytics data: Crash reports retained for 90 days
AdMob data: Retained according to Google Ads retention policy
Under Regulation (EU) 2016/679, users have the following rights:
Right of access (Art. 15): Obtain confirmation and access to their data
Right to rectification (Art. 16): Request correction of inaccurate data
Right to erasure (Art. 17): Request deletion of their data (“right to be forgotten”)
Right to restriction (Art. 18): Request processing limitation in certain cases
Right to data portability (Art. 20): Receive their data in a structured, readable format
The app provides export features in TXT, XLSX, PDF, CSV, HTML
For full data export, contact beyonded.studios@gmail.com
Right to object (Art. 21): Object to processing based on legitimate interest (Crashlytics, non‑personalized ads)
Right to withdraw consent (Art. 7(3)): Consent can be withdrawn at any time via
Settings → Privacy & Ads → Manage Privacy Settings
To exercise these rights, contact: beyonded.studios@gmail.com
Response time: within 30 days, as required by Art. 12(3) GDPR.
Users have the right to lodge a complaint with the supervisory authority in their country of residence.
Users have full control over their data and may:
Use the app entirely offline without authentication
Choose whether to enable cloud backup
Sign out and disable backup at any time
Export inventory data in various formats
Delete local data from the app
Request deletion of cloud data
Revoke permissions from device settings
Manage privacy preferences via Settings → Privacy & Ads
To request deletion of Firebase cloud data, contact: beyonded.studios@gmail.com
Any substantial changes to this policy will be communicated through app updates with an updated date.
For questions, clarifications, or requests regarding this privacy policy, contact:
beyonded.studios@gmail.com