Privacy Policy

Company: Cievo Pte. Ltd.
Location: Singapore
Application: FoodMoment mobile application

We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy covers:

- The FoodMoment mobile application
- The FoodMoment website (if applicable)
- Services provided through the application

This Privacy Policy does NOT cover:

- Third-party websites or services linked from our Service (they have their own privacy policies)

For Privacy Inquiries:

- Email: [email protected]
- Subject Line: "Privacy Inquiry - FoodMoment"
- Response Time: Within 30 days (or as required by applicable law)

Data Protection Officer (if applicable):

- Email: [email protected]

Company Information:

- Legal Name: Cievo Pte. Ltd.
- Registered Address: 70C TELOK BLANGAH HEIGHTS
#15-537, TELOK BLANGAH RIDGEVIEW
Singapore 103070
- Company Registration Number: 202539592W

This Privacy Policy was last updated on November 1, 2025. We encourage you to review this Policy periodically. The "Last Updated" date at the top indicates when changes were last made.

When you create a FoodMoment account, we collect:

Account Information:
- Contact details for account creation and communication
- Authentication credentials for secure access
- Account preferences and settings

Subscription Information:
- Subscription tier and status to manage feature access

We securely store your information on servers located in Singapore, using enterprise-grade cloud infrastructure with encryption and access controls.

You may optionally provide additional information to personalize your experience:

Preference Information:
- Preference and customization data for service personalization
- Language and interface preferences
- App settings (theme, notifications, privacy choices)

Preference Data Classification: We treat preference data as customization information, not sensitive categories under GDPR. This data is used solely for service personalization and does NOT constitute professional advice.

When you use content management features, we collect:

User-Generated Organizational Data:
- Content items and associated metadata for tracking and organization
- Optional transaction information (dates, amounts, sources) for record keeping
- Organization preferences and time-based attributes for notification delivery
- Personal notes and categorization tags

Data Retention: Until you delete items or your account.

When you interact with content, we collect:

Saved Content Information:
- Bookmarked content items with associated details and metadata
- AI-generated content you choose to save
- Multi-item content collections

Temporary Data (NOT SAVED):
- Content search queries (deleted immediately after use)
- Service interaction messages (deleted immediately after use)

CRITICAL PRIVACY POINT: Query history and interaction messages are NOT SAVED. They are processed in real-time for AI content generation and immediately discarded. Only the resulting content you save is stored.

Data Retention: Until you remove bookmarked items or delete your account.

CRITICAL DISCLOSURE: Camera images are NOT stored.

Camera Access:
- Purpose: Visual content capture for processing and content uploads
- Data Collected: Images captured periodically during use
- Storage: NOT STORED

Data Flow:
- Camera captures images during use
- Images sent to AI service providers for content extraction and analysis
- Images immediately discarded after processing (not saved anywhere)
- Only extracted text data stored in your account if you confirm

Platform Note: RECORD_AUDIO permission declared in Android manifest but NOT USED.

Your Control: You can revoke camera permission anytime in device settings. Manual data entry remains available.

We automatically collect certain device and technical information:

Device & Technical Information:
- Device model and operating system for compatibility
- App version for feature support and bug tracking
- Device identifier for push notifications and ad delivery
- Display settings for UI optimization
- Language and connection information for localization and regional content

Usage: Used for app functionality, push notifications, and ad delivery (personalized ads require opt-in).

OPT-OUT BY DEFAULT: Analytics are disabled by default. You must explicitly opt-in.

If you opt-in to analytics, we collect:

App Usage Information:
- Screen views and user interactions
- Feature usage patterns
- Session duration and engagement metrics
- Subscription tier and preferences (for segmentation)

Your Control: Opt-out anytime in Settings → Privacy & Analytics.

WE DO NOT COLLECT OR STORE PAYMENT CARD DETAILS.

- Subscription Status (Collected)
- Stored in your user profile
- Used to manage which features you can use

- Purchase History (Collected)
- Stored by subscription management platforms + Apple/Google
- Used for transaction records

- Payment Card Details (NOT Collected)
- Stored in Apple/Google payment systems
- We never see or store payment card details

Payment Processing:

- iOS: Apple In-App Purchase handles all payment processing
- Android: Google Play Billing handles all payment processing
- Intermediary: Subscription management platform helps manage your subscription across devices and confirms your purchases

All payment transactions occur through Apple or Google's secure payment systems. We never see or store your credit card number, CVV, or billing address.

Data Shared with Subscription Processors:

- Your User ID (to link subscriptions to your account)
- Purchase confirmations from Apple or Google
- Subscription status (active, expired, cancelled)

WE DO NOT COLLECT PRECISE LOCATION (GPS).

- Precise Location (GPS) (NOT Collected)
- We do NOT collect precise GPS location data
- Your Control: N/A (not collected)

- General Location (Collected - from your internet connection)
- Used for regional content and ad targeting
- Your Control: Limited (cannot disable internet connection information)

Push Notification Provider Location Tracking: EXPLICITLY DISABLED for GDPR compliance.

General Location Usage:

- Determine where to store your information (Europe, US, or Singapore)
- Provide region-specific content and recipes
- Deliver contextual (non-personalized) ads based on general location

We collect information when you communicate with us:

Customer Communications:
- Support inquiries (email address, message content, attachments)
- Bug reports (device information, app logs, screenshots if provided)
- Feedback and feature requests

Retention: Support communications retained for 24 months for record-keeping.

We use your information to deliver the core services you signed up for, including:

- Providing personalized content recommendations
- Managing your saved content and preferences
- Processing payments and subscriptions
- Enabling service communication (notifications, support)

Legal Basis (GDPR): Contract performance (Art. 6(1)(b)) - Necessary to provide the Service you signed up for.

With your analytics consent, we analyze usage patterns to improve service quality, fix technical issues, and develop new features.

Legal Basis (GDPR):
- Consent (Art. 6(1)(a)) - Analytics require explicit opt-in
- Legitimate Interest (Art. 6(1)(f)) - Error tracking for app stability

We personalize your experience based on your preferences and settings, including customizing content recommendations and remembering your preferences.

Legal Basis (GDPR): Contract performance (Art. 6(1)(b)) - Personalization is a core feature of the Service.

Communication Purposes:

- Send push notifications for expiry alerts, recipe suggestions, and app updates (if enabled)
- Respond to your customer support inquiries
- Notify you of important Service updates, security alerts, and policy changes
- Send transactional emails (password resets, subscription receipts)
- Send marketing communications (ONLY with explicit opt-in)

Legal Basis (GDPR):

- Transactional/service communications: Contract performance (Art. 6(1)(b)) or Legitimate interest (Art. 6(1)(f))
- Marketing communications: Consent (Art. 6(1)(a)) - Requires explicit opt-in

Your Control: You can opt-out of marketing communications by clicking "unsubscribe" in emails or adjusting Settings. You cannot opt-out of essential service communications (e.g., Terms updates, security alerts).

Advertising Purposes:

- Display contextual (non-personalized) ads to support the free tier of the Service
- Display personalized ads (ONLY if you explicitly opt-in via Settings)
- Measure ad performance and effectiveness
- Prevent ad fraud and abuse

Legal Basis (GDPR):

- Contextual ads: Legitimate interest (Art. 6(1)(f)) - Ads fund the free Service
- Personalized ads: Consent (Art. 6(1)(a)) - Requires explicit opt-in

Default: Non-personalized ads only. Personalized ads require explicit opt-in.

Your Control: Toggle "Personalized Ads" in Settings → Privacy & Analytics.

Legal and Security Purposes:

- Detect, prevent, and respond to fraud, abuse, and illegal activity
- Enforce our Terms of Service and other policies
- Comply with legal obligations (court orders, subpoenas, regulatory requests)
- Protect our rights, property, and safety, and that of our users and third parties
- Conduct internal audits and investigations

Legal Basis (GDPR):

- Legal obligation (Art. 6(1)(c)) - Compliance with laws
- Legitimate interest (Art. 6(1)(f)) - Security and fraud prevention

We process certain personal data based on your explicit consent (your permission):

- Analytics: Opt-in required via consent modal or Settings
- Personalized Advertising: Opt-in required; default is non-personalized ads
- Marketing Emails: Opt-in required; transactional emails do not require opt-in

Your Right to Withdraw Consent: You can withdraw consent at any time by:

- Adjusting Settings → Privacy & Analytics
- Clicking "unsubscribe" in marketing emails
- Contacting us at [email protected]

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

We process your information to deliver the core services you signed up for, including:

- Account creation and management
- Service delivery and personalization
- Content management and storage
- Payment and subscription processing

Without this data, we cannot provide the Service.

We process certain personal data based on our legitimate business interests, provided these interests do not override your privacy rights:

- Error Tracking Services: App stability and security are necessary for operational integrity
- Push Notification Delivery: Core service functionality for timely alerts
- Fraud Prevention and Security: Protecting the Service and our users from abuse
- Non-Personalized Advertising: Funding the free tier of the Service

Fairness Assessment: We've carefully considered whether our business needs are fair given your privacy rights. You can object to processing based on legitimate interest by contacting [email protected].

We process personal data when required by law:

- Tax and Accounting Records: Subscription payment records retained for 7 years (legal requirement)
- Lawful Requests: Responding to court orders, subpoenas, or regulatory inquiries
- Data Breach Notification: Notifying supervisory authorities and affected users as required by GDPR Art. 33-34

We work with the following categories of third-party service providers:

1. Analytics and Performance Providers

Purpose: Help us understand app usage patterns, improve features, and fix technical issues

Data Shared: Usage and interaction data, technical information, error logs

Privacy Controls:
- ✅ OPT-OUT BY DEFAULT: Analytics disabled by default. You must explicitly opt-in via Settings
- ✅ Respects your analytics consent choice
- ✅ Personal information anonymized if you decline analytics
- ✅ Limited automatic tracking to essential interactions only

Legal Basis: Consent (Art. 6(1)(a)) for analytics; Legitimate interest (Art. 6(1)(f)) for error tracking

Data Residency: United States

Data Retention: Analytics logs ≤ 12 months; Error data ≤ 90 days

---

2. Advertising Networks (Google AdMob)

Purpose: Display ads to support the free tier of the Service

Data Shared: Advertising identifiers, device information, ad interaction data

Privacy Controls:
- ✅ NON-PERSONALIZED ADS BY DEFAULT: Shows contextual ads unless you opt-in to personalized ads
- ✅ Limited Ads Mode: Delivers ads without cross-app tracking
- ✅ iOS tracking permission: Personalized ads require your permission on iOS
- ✅ Granular consent: Separate toggle for "Personalized Ads" in Settings

Legal Basis:
- Contextual ads: Legitimate interest (Art. 6(1)(f)) - Ads fund the free Service
- Personalized ads: Consent (Art. 6(1)(a)) - Requires explicit opt-in

Data Residency: United States

Strategic Partner: We work with major advertising platforms for advertising services

---

3. Push Notification Providers

Purpose: Deliver push notifications for app updates, reminders, expiry alerts, and service announcements

Data Shared: Device notification identifiers, technical information

Privacy Controls:
- ✅ User can disable notifications in device settings or app Settings
- ❌ Location tracking: EXPLICITLY DISABLED for GDPR compliance
- ❌ IP address: NOT collected for EU/UK users

Legal Basis: Legitimate interest (Art. 6(1)(f)) - Core functionality for service communication

Data Residency: United States

---

4. Cloud Infrastructure Providers

Purpose: Secure data storage, user authentication, database hosting, backend API infrastructure

Data Stored: Account information, user preferences, content you save, subscription information, authentication credentials

Data Residency: Singapore

Your personal data is stored and processed on servers located in Singapore. We use enterprise-grade cloud infrastructure providers that maintain data centers in Singapore to provide secure, reliable service with low latency for our global user base.

Security Measures:
- Security settings ensure you can only access your own information
- Secure login codes that expire automatically
- Encrypted storage and encrypted connections (secure HTTPS)
- Infrastructure providers maintain industry-standard security certifications
- Regular security monitoring and incident response procedures
- Infrastructure providers maintain GDPR compliance standards

Legal Basis: Contract performance (Art. 6(1)(b)) - Database necessary for Service delivery

---

5. Payment and Subscription Processors

Purpose: Manage subscriptions, sync purchases across devices, confirm transactions

Data Shared: Account identifiers, subscription status, purchase confirmations

Legal Basis: Contract performance (Art. 6(1)(b)) - Subscription management is necessary for paid service delivery

Data Residency: United States

Data Retention: Purchase history retained for 7 years (tax and legal requirements)

---

6. AI Service Providers

Purpose: AI-powered content generation, organization, and visual content processing

Data Shared: Content generation requests, preference data, camera images for processing

CRITICAL: What We DO NOT Share:
- ❌ Your User ID
- ❌ Your Email Address
- ❌ Your Name
- ❌ Your Account Information

Privacy Protection: We share only the content needed for AI processing, without linking it to your personal identity. Generated content is saved to your account after processing.

Data Retention by AI Provider: Short-term retention for service integrity; not used for model training

Legal Basis: Contract performance (Art. 6(1)(b)) - AI processing is a core feature of the Service

Data Residency: United States

---

Data Processing Agreements

All service providers operate under:
- Data Processing Agreements (DPAs): Legal contracts requiring GDPR compliance
- Standard Contractual Clauses (SCCs): EU-approved contracts for international data transfers
- Contractual Obligations: Providers can only use your data to provide services to FoodMoment, not for their own purposes

IMPORTANT STATEMENT: We do NOT sell, rent, or disclose your personal data to third parties for their own marketing purposes.

What "Sale" Means:

- CCPA defines "sale" as "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating...personal information...to another business or a third party for monetary or other valuable consideration."
- GDPR does not use the term "sale" but prohibits unauthorized data sharing without legal basis.

What We Do:

- Share data with service providers (outlined above) solely for providing and improving the Service
- These providers act as data processors on our behalf and are contractually bound to protect your data

What We Do NOT Do:

- Sell your email address to marketing companies
- Share your purchase history with advertisers (beyond AdMob for ad delivery)
- Provide your personal data to data brokers
- Monetize your data through third-party sales

Exception: If we are acquired or merge with another company, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Subscription purchases are processed through Apple In-App Purchase (iOS) or Google Play Billing (Android). These platforms have their own privacy policies:

Apple Privacy Policy: https://www.apple.com/legal/privacy/
Google Play Privacy Policy: https://policies.google.com/privacy

Data Shared:

- Purchase receipts (shared with subscription management platform for validation)
- Subscription status (synced to our backend for access control)
- Payment information (handled by Apple/Google, NOT shared with us)

We may disclose your personal data if required or permitted by law:

Legal Requirements:

- To comply with court orders, subpoenas, or legal processes
- To respond to lawful requests from government authorities
- To protect our rights, property, or safety, or that of our users or the public
- To enforce our Terms of Service or other policies
- To detect, prevent, or address fraud, security, or technical issues

Data Breach Notification: If we experience a data breach that affects your personal data, we will notify you and relevant supervisory authorities as required by applicable law (e.g., within 72 hours under GDPR Art. 33).

FoodMoment is a mobile application that uses local storage (not browser cookies) to store data on your device:

Local Storage (App Storage on Your Device):

We store the following data locally on your device:

- App Settings & Privacy Preferences
- Your app settings (theme, language, notifications)
- Privacy consent choices (analytics, personalized ads)

- Authentication Session
- Secure login tokens (encrypted)
- Keeps you logged in between app uses

- Subscription Information Cache
- Cached subscription details (for offline access)
- Helps app work without constant internet connection

- Cached Content
- Recently viewed recipes
- Your inventory data
- Favorites and user profile
- Temporarily stored for faster loading and offline access

Security: All local storage is encrypted by your device's operating system by default. Data protection may be reduced if you modify your device's security settings.

Cleared when:

- You log out (authentication session removed)
- You uninstall the app (all data deleted)
- You manually clear cache via Settings → Advanced → Clear Cache

Purpose: Improves app performance, enables offline access, and reduces data usage.

If you access FoodMoment via a web browser (web build), third-party advertising, analytics, and error-tracking cookies may be used.

Cookie Types:
- Advertising cookies for ad delivery (if personalized ads enabled)
- Analytics cookies for usage tracking (if analytics enabled)
- Error tracking cookies for session identification

Cookie Consent Banner: A cookie consent banner will be shown for EU users accessing the web version, allowing you to accept or decline non-essential cookies.

Mobile App: The mobile app does NOT use browser cookies. All data is stored directly on your device.

Mobile advertising relies on device-specific advertising identifiers:

iOS - Advertising Identifier:

- Used for ad targeting and frequency capping
- Requires Permission: iOS requires your permission for ad tracking
- User Control: Settings → Privacy & Tracking → FoodMoment (toggle off)
- Personalized Ads Requirement: Only used if you opt-in

Android - Advertising Identifier:

- Used for ad targeting and frequency capping
- User Control: Settings → Google → Ads → Opt out of Ads Personalization
- Personalized Ads Requirement: Only used if you opt-in

Limited Ads Mode: If you decline personalized ads, AdMob shows ads based on what you're currently viewing, not your browsing history.

Default State: Analytics OPT-OUT (disabled by default)

How to Change:

1. Open FoodMoment app
2. Navigate to Settings → Privacy & Analytics
3. Toggle "Share Analytics" ON or OFF
4. Changes take effect immediately

What Changes When You Opt-Out:

- Analytics providers stop collecting screen views, touch events, and user properties
- Error tracking services anonymize your IP address, email, and username in error reports
- Feature flags and A/B testing continue to work (no personal data collected)

What Continues When You Opt-Out:

- Error tracking services for app stability (legitimate interest) - but personal information is anonymized
- Push notifications for service functionality
- Core Service features (recipe generation, inventory, etc.)

Default State: Non-personalized (contextual) ads only

How to Enable Personalized Ads (opt-in required):

1. Open FoodMoment app
2. Navigate to Settings → Privacy & Analytics
3. Toggle "Personalized Ads" ON
4. iOS: App Tracking Transparency (ATT) prompt will appear → Tap "Allow"
5. Android: Consent recorded, no additional prompt

How to Disable Personalized Ads (return to default):

1. Navigate to Settings → Privacy & Analytics
2. Toggle "Personalized Ads" OFF
3. AdMob switches to Limited Ads mode immediately

What Changes:

- Personalized Ads ON: AdMob uses your device ID (IDFA/AAID) for cross-app behavioral targeting
- Personalized Ads OFF: AdMob shows contextual ads based on current app content only (no tracking)

Additional Controls:

- iOS: Settings → Privacy & Tracking → Allow Apps to Request to Track → Toggle OFF
- Android: Settings → Google → Ads → Opt out of Ads Personalization

How to Disable Push Notifications:

In-App:

1. Open FoodMoment app
2. Navigate to Settings → Notifications
3. Toggle "Enable Notifications" OFF

Device-Level (iOS):

1. iOS Settings → Notifications → FoodMoment
2. Toggle "Allow Notifications" OFF

Device-Level (Android):

1. Android Settings → Apps → FoodMoment → Notifications
2. Toggle "Show notifications" OFF

What Happens When Disabled:

- Push notification providers stop sending notifications to your device
- Your push token remains registered but inactive
- You can re-enable notifications anytime

Note: You cannot opt-out of critical service notifications (e.g., security alerts) while using the Service, but you can disable all notifications via device settings.

How to Revoke Camera Access:

iOS:

1. iOS Settings → Privacy & Security → Camera → FoodMoment
2. Toggle OFF

Android:

1. Android Settings → Apps → FoodMoment → Permissions → Camera
2. Toggle OFF

What Happens When Disabled:

- Live ingredient scanning feature will not work
- You can still manually enter ingredients into your inventory
- The app will prompt for camera permission when you try to use the scanner
- You can re-enable camera access anytime

Reminder: Camera images are processed in real-time and immediately discarded. Images are NOT stored.

You can change your privacy consent choices at any time:

Consent Modal (First Launch):

- Shown on first app launch after installation
- Separate toggles for "Share Analytics" and "Personalized Ads"
- Default: Both disabled (opt-out)

Settings (Anytime After First Launch):

1. Navigate to Settings → Privacy & Analytics
2. Toggle "Share Analytics" and "Personalized Ads" as desired
3. Changes take effect immediately

Effect of Changes:

- Opt-in to analytics: Analytics providers start collecting usage data
- Opt-out of analytics: Analytics providers stop collecting, error tracking services anonymize PII
- Opt-in to personalized ads: Advertising networks use device ID for cross-app targeting (ATT prompt on iOS)
- Opt-out of personalized ads: Advertising networks switch to contextual ads

IMPORTANT: Account deletion is permanent and irreversible after 30 days.

How to Delete Your Account:

1. Open FoodMoment app
2. Navigate to Menu → Profile → Delete Account
3. Confirm deletion (no password entry required)
4. Your account will be scheduled for deletion

What Happens:

- Grace Period: 30-day grace period to change your mind and recover your account
- During Grace Period: Account deactivated, but data not yet deleted; can contact [email protected] to recover
- After 30 Days: Permanent deletion of:
- User profile (email, name, preferences)
- Inventory data (all ingredients and notes)
- Favorites and AI-generated recipes
- Subscription history (except purchase records required for tax compliance)
- Analytics data associated with your User ID

What Is NOT Deleted:

- Purchase records (retained for 7 years for tax and legal compliance)
- Aggregate or anonymized data (no longer linked to your identity)
- Data required by law to be retained

Subscription Cancellation: Deleting your account does NOT cancel active subscriptions. You must cancel subscriptions separately via Apple App Store or Google Play Store.

Alternative: You can request account deletion by contacting [email protected].

Encrypted Connections:

- Secure, encrypted connections protect all data sent between your device and our servers
- API communications use secure encrypted connections
- Push notifications use encrypted channels

Encrypted Storage:

- Database encryption enabled on cloud infrastructure providers (industry-standard encryption)
- Login tokens stored securely using your device's built-in protection
- Local storage encrypted by your device's operating system

Database Security Settings:

- You can only access your own information
- Our systems use special secure access separate from user accounts
- User credentials never grant access to other users' data

Authentication:

- Secure login codes that expire automatically
- Refresh tokens stored securely on your device
- Session management with automatic token renewal
- Passwords protected with encryption (passwords never stored as readable text)

Operational Security:

- Regular security audits and vulnerability scans
- Automated security checks for software components
- Secure coding practices following industry standards
- Employee access restricted on need-to-know basis
- Security incident response plan

Third-Party Security:

- All third-party service providers meet recognized security standards
- Data Processing Agreements (DPAs) with all processors
- Regular review of third-party security practices

Important Disclaimer: No method of transmission over the internet or electronic storage is 100% secure. While we implement reasonable security measures, we cannot guarantee absolute security.

Your Responsibility:

- Create a strong, unique password (minimum 8 characters with mix of letters, numbers, symbols)
- Do not share your password with anyone
- Enable device-level security (biometric authentication, PIN codes)
- Keep your device operating system and FoodMoment app up to date
- Report security issues immediately to [email protected]

User Negligence: We are not liable for unauthorized access resulting from your failure to maintain account security (e.g., shared passwords, compromised devices).

If we experience a data breach that affects your personal data, we will:

GDPR (EU/UK Users):

- Notify the relevant supervisory authority within 72 hours (Art. 33)
- Notify affected users without undue delay if the breach poses a high risk to your rights (Art. 34)
- Provide details of the breach, data affected, and remediation steps

CCPA (California Users):

- Notify affected users without unreasonable delay
- Provide information about the breach and steps to protect yourself

Other Jurisdictions:

- Comply with local data breach notification requirements
- Notify users via email and in-app alert

Notification Method: Email to your registered email address + in-app notification.

Retention Period: Until you delete your account

What Happens:

- Account data (profile, preferences, dietary restrictions) retained while your account is active
- Upon account deletion request: 30-day grace period → Permanent deletion after 30 days
- Exception: Purchase records retained for 7 years for tax and legal compliance

Inactivity Policy: Accounts with no login activity for 24 months will be subject to deletion.

Process:

1. Warning Email: Sent 30 days before deletion ("Your account will be deleted in 30 days")
2. Grace Period: 30 days to log in and reactivate your account
3. Automatic Deletion: If no login within 30 days, account permanently deleted

Reactivation: Simply log in before the deletion date to prevent deletion.

Retention Period:

- Active Items: Until you manually delete them or delete your account
- Archived Items: Permanently deleted 6 months after archival (automatic cleanup)

Purpose: Reduce storage bloat and improve app performance.

Analytics Retention: Analytics logs kept ≤ 12 months per our service providers' standard policies

Error Tracking Retention: Error data kept ≤ 90 days

Purpose: Retain sufficient data for bug tracking and product improvement while respecting privacy principles.

Retention Period: NOT STORED

What Happens:

- Chat messages sent to AI are processed in real-time and immediately discarded
- Search queries are executed and results returned; queries not saved to database
- AI-generated recipes are stored

Exception: AI service providers retain API data for 24 hours for abuse prevention only.

Retention Period: NOT STORED

What Happens:

- Camera images captured during live scanning are sent to our servers for processing
- Images processed by AI service providers for ingredient detection
- Images immediately discarded after processing (NOT saved anywhere)
- Only detected ingredient names (text only) saved to your inventory (if you confirm)

Purchase Records: 7 years (tax and legal requirements in Singapore and most jurisdictions)

Legal Dispute Data: Retained until dispute resolution + statute of limitations expires

Compliance Data: Retained as required by applicable laws and regulations

OUR SERVICE IS INTENDED FOR USERS 13 YEARS OF AGE AND OLDER.

Not Directed at Children Under 13: We do not direct this Service to children under 13 years of age. The Service is designed for teenagers and adults who manage recipes, meal planning, and cooking activities. We do not knowingly collect, use, or disclose personal information from anyone under 13 years of age.

Age Verification: During signup, you must confirm that you are 13 years or older by checking an age verification checkbox. By creating an account, you represent and warrant that you are at least 13 years of age.

Note for Young Users (13-17): If you are between 13 and 17 years old, we recommend obtaining permission from a parent or guardian before using the Service, especially if your jurisdiction requires parental consent for online services.

If we learn that we have collected personal information from someone under 13 years of age without proper verification, we will:

1. Immediately Restrict the Account: Prevent access to the Service
2. Delete Personal Information: Permanently delete the user's account and all associated data within 24-48 hours
3. Notify Parents (if identifiable): If we can identify a parent or guardian, we will notify them of the deletion

Timeline: Account deletion and data erasure completed within 24-48 hours of discovery.

If you are a parent or guardian and believe your child under 13 years of age has created an account on FoodMoment without your knowledge or consent, please contact us immediately:

- Email: [email protected]
- Subject Line: "Underage User Report - [Child's Email]"
- Include: Your name, your child's name, your child's email address (if known), and proof of parental relationship (for security)

We will investigate and take appropriate action (account deletion) within 24-48 hours.

COPPA (US): Our Service is NOT directed at children under 13. We comply with the Children's Online Privacy Protection Act (COPPA) by:

- Not knowingly collecting personal information from children under 13
- Implementing age verification during signup
- Deleting data immediately upon discovery of an underage user
- Designing the Service for teenagers and adults (recipe management, meal planning, cooking activities)

GDPR (EU): GDPR Article 8 requires parental consent for users under 16 (or lower age threshold set by individual member states, ranging from 13-16). Our Service requires users to be 13 years or older.

For Users Aged 13-15 in the EU: Some EU member states require parental consent for online services for users under 16. We recommend that users aged 13-15 in the European Union obtain parental permission before using the Service. While we do not implement mandatory parental consent mechanisms (as the Service is not specifically directed at minors), we encourage young users to discuss their online activities with parents or guardians.

Age Rating:

- iOS (Apple App Store): 13+ (Teen)
- Android (Google Play Store): Teen (T)

Reason: App designed for teenage and adult users managing recipes, meal planning, and cooking activities. The Service is NOT directed at children under 13.

Platform Age Gates: Apple and Google enforce age restrictions at the platform level. However, we do not rely solely on platform age gates and implement our own age verification during signup to ensure compliance with COPPA (preventing users under 13 from creating accounts).

Primary Data Storage: Your personal information is stored on secure servers located in Singapore.

Infrastructure Services:
- Cloud-based backend API infrastructure (Singapore region)
- Database hosting and user authentication services (Singapore region)

Our cloud infrastructure providers maintain enterprise-grade security certifications including ISO/IEC 27001, SOC 2 Type II, and GDPR compliance standards.

Why Singapore: We have selected Singapore as our primary data center location to provide secure, reliable service with low latency for our global user base while maintaining strong data protection standards under Singapore's Personal Data Protection Act (PDPA).

FoodMoment operates globally and uses trusted third-party cloud infrastructure providers to store and process information. Your data may be transferred to and maintained on servers located outside your country or region of residence.

Core Infrastructure (Singapore):
- Backend API infrastructure - Singapore
- Database hosting and authentication - Singapore

Third-Party Services (United States):
- Analytics and error tracking providers
- AI service providers (recipe generation, image recognition)
- Advertising networks
- Push notification providers
- Subscription management platforms

Whenever we transfer personal information internationally, we ensure appropriate safeguards are in place—such as Standard Contractual Clauses, data-processing agreements, and equivalent legal protections—to maintain a level of security and privacy consistent with applicable data-protection laws worldwide.

By using FoodMoment, you acknowledge that your information may be processed in other jurisdictions under these protections and that we apply the same security and privacy standards regardless of where the data is handled.

Where required by local law, we obtain your consent before transferring or processing information outside your region.

Important Information for EU/UK Residents:

If you are located in the European Economic Area (EEA) or United Kingdom, please note that Singapore does not have an adequacy decision from the European Commission or the UK government. This means Singapore is not officially recognized as providing an equivalent level of data protection to the GDPR or UK GDPR.

Transfer Safeguards:

To ensure your personal information remains protected when transferred to Singapore and the United States, we implement the following safeguards:

1. Standard Contractual Clauses (SCCs):
- We have executed the European Commission's Standard Contractual Clauses with our cloud infrastructure providers
- These legally binding contracts require processors to protect your data according to European standards
- SCCs are approved by the European Commission under GDPR Article 46
- For UK users, we use the UK International Data Transfer Agreement/Addendum

2. Technical and Organizational Measures:
- Encryption in transit via TLS (Transport Layer Security) protocol
- Encryption at rest via AES-256 encryption
- Access controls and authentication security
- Infrastructure providers maintain ISO/IEC 27001 and SOC 2 Type II certifications
- Infrastructure providers undergo regular security audits and penetration testing

3. Transfer Impact Assessment (TIA):
- We have conducted a Transfer Impact Assessment evaluating Singapore's legal framework and our processors' security measures
- Assessment confirms that adequate protection can be ensured through implemented safeguards
- Documentation available for supervisory authority review

Obtaining SCC Copies:

You have the right to request a copy of the Standard Contractual Clauses we have in place. Please contact us at [email protected] to obtain these documents.

Your Rights Regarding Transfers:

Depending on your location, you may have the right to object to international data transfers in certain circumstances. Please see Section 12.7 below and Section 10.1 (GDPR Rights) for more information about your specific rights.

Important Information for Australian Residents:

If you are located in Australia, your personal information will be transferred to and processed in Singapore for core infrastructure (backend API and database hosting) and in the United States for third-party services (analytics, AI, advertising).

Accountability Under Australian Privacy Principles (APP 8):

We remain accountable for your personal information even when it is processed by overseas recipients. Under Section 16C of the Privacy Act 1988, we are liable for acts or practices of overseas recipients that would breach the Australian Privacy Principles.

How We Ensure Compliance:

1. Contractual Safeguards:
- We have executed Data Processing Agreements with our cloud infrastructure providers requiring compliance with Australian Privacy Principles
- Contracts include breach notification obligations and audit rights
- Processors contractually bound to handle data in accordance with APP requirements

2. Comparable Protection Assessment:
- Singapore's Personal Data Protection Act (PDPA) provides substantially similar protections to Australia's Privacy Act
- Both frameworks emphasize consent, purpose limitation, data security, and individual rights
- We have documented this assessment for compliance purposes

3. Ongoing Monitoring:
- Regular reviews of processor compliance
- Incident response procedures for data breaches
- Continuous monitoring of data protection practices

Your Rights:

You retain all rights under the Australian Privacy Act, including:
- Right to access your personal information
- Right to correct inaccurate information
- Right to complain to the Office of the Australian Information Commissioner (OAIC)

These rights apply regardless of where your information is stored or processed.

Important Information for California Residents:

Your personal information may be transferred to and processed in Singapore (core infrastructure) and other jurisdictions including the United States (third-party services).

Good News: California privacy laws (CCPA/CPRA) do not regulate international data transfers or impose geographic restrictions on where data is stored. You can freely transfer California resident data internationally without specific transfer mechanisms like adequacy assessments or Standard Contractual Clauses.

What This Means:

- No separate consent required for international transfers
- No geographic transfer-specific disclosures beyond general privacy policy transparency
- All CCPA/CPRA rights remain fully enforceable regardless of storage location

Your CCPA/CPRA Rights Remain Protected:

Transferring your data to Singapore does not affect your rights under California law, including:

- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: We do NOT sell your personal information
- Right to Non-Discrimination: No service limitations for exercising rights

Service Provider Contracts:

While geographic transfers don't require special mechanisms, we still maintain written contracts with all service providers (cloud infrastructure providers, analytics providers, AI providers, advertising networks) that:
- Restrict use of data to specified purposes
- Prohibit further selling or sharing of data
- Require security safeguards
- Include breach notification obligations

For detailed information about exercising your California privacy rights, see Section 13 (CCPA/CPRA Rights).

Singapore (Core Infrastructure):
- Cloud infrastructure providers (backend API infrastructure, database hosting, authentication)
- Cievo Pte. Ltd. technical operations team

United States (Third-Party Services):
- Analytics and performance tracking providers
- AI service providers (recipe generation, image recognition)
- Advertising networks (ad delivery and measurement)
- Push notification providers
- Subscription management platforms
- Payment processors (Apple Inc., Google LLC for in-app purchases)

All Recipients Operate Under:
- Data Processing Agreements (DPAs) with contractual data protection obligations
- Standard Contractual Clauses (where required by law)
- Industry-standard security certifications (ISO 27001, SOC 2, etc.)
- Strict data usage limitations (processors can only use data to provide services, not for own purposes)

Processor Sub-Processors:

Our infrastructure providers may use sub-processors to deliver their services. We ensure:
- We are notified of any sub-processor changes
- Sub-processors are bound by equivalent data protection obligations
- We maintain the right to object to sub-processor appointments

Consent:

By using FoodMoment, you acknowledge and consent to the international transfer of your personal information as described in this Privacy Policy.

Where required by local law, we obtain your explicit consent before transferring or processing information outside your region. For most jurisdictions, using our Service constitutes informed consent to international transfers, as we clearly disclose these transfers in this Privacy Policy.

Right to Object (EU/UK Users):

If you are an EU/UK resident, you have the right to object to international data transfers in certain circumstances under GDPR Article 21.

How to Exercise:
- Email [email protected] with subject "Object to Data Transfers - [Your Email]"
- Explain your objection and specific concerns
- We will evaluate your objection within 30 days

Effect of Objection:
- If you object to data transfers, we will evaluate whether we have compelling legitimate grounds to continue the transfer
- Objecting to transfers to Singapore (core infrastructure) would prevent us from providing the Service, as all core data is stored there
- Objecting to transfers to US-based third-party services may limit Service functionality:
- No AI recipe generation (requires US-based AI providers)
- No analytics or error tracking (requires US-based providers)
- No advertising (requires US-based ad networks)
- No push notifications (requires US-based notification providers)

Alternative: If international transfers are unacceptable to you, you may need to discontinue use of the Service and request account deletion.

Withdrawal of Consent:

You can withdraw your consent to international transfers at any time by:
1. Deleting your account (Menu → Profile → Delete Account)
2. Requesting account deletion via email: [email protected]

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

- Category A: Identifiers (Collected)
- Examples: Email, user ID, device ID
- Business Purpose: Account management, service delivery
- Third-Party Categories: Cloud infrastructure providers, push notification providers, analytics providers, subscription platforms, advertising networks

- Category B: Personal Information (Cal. Civ. Code § 1798.80(e)) (Collected)
- Examples: Name, email
- Business Purpose: Account management
- Third-Party Categories: Cloud infrastructure providers, error tracking services

- Category C: Commercial Information (Collected)
- Examples: Purchase history, subscription status
- Business Purpose: Subscription management
- Third-Party Categories: Subscription management platforms, payment processors (Apple, Google)

- Category D: Internet or Network Activity (Collected)
- Examples: App usage, screen views, ad interactions
- Business Purpose: Analytics, advertising
- Third-Party Categories: Analytics providers, error tracking services, advertising networks

- Category E: Geolocation Data (Collected - approximate only)
- Examples: City, region (from IP)
- Business Purpose: Regional content, ad targeting
- Third-Party Categories: Advertising networks

- Category F: Sensory Information (Collected temporarily, then immediately discarded)
- Examples: Camera images
- Business Purpose: Ingredient detection
- Third-Party Categories: AI service providers (not stored)

- Category G: Professional/Employment Info (NOT Collected)
- Examples: N/A
- Business Purpose: N/A
- Third-Party Categories: N/A

- Category H: Education Information (NOT Collected)
- Examples: N/A
- Business Purpose: N/A
- Third-Party Categories: N/A

- Category I: Inferences (Collected)
- Examples: Dietary preferences, recipe preferences
- Business Purpose: Personalization
- Third-Party Categories: AI service providers, cloud infrastructure providers

- Category J: Sensitive Personal Information (NOT Collected)
- Examples: N/A
- Business Purpose: N/A
- Third-Party Categories: N/A

- Category K: Biometric Information (NOT Collected)
- Examples: N/A
- Business Purpose: N/A
- Third-Party Categories: N/A

Note: Camera images (Category F) are captured temporarily for ingredient detection and immediately discarded. They are NOT stored.

We collect personal information for the following business purposes:

1. Perform Services: Provide recipe generation, inventory management, subscription access
2. Detect Security Incidents: Identify and prevent fraud, abuse, and security threats
3. Debug and Repair Errors: Identify and fix bugs via error tracking services
4. Advertising: Display ads to support free tier (contextual and personalized with consent)
5. Improve and Develop Services: Analyze usage patterns, develop new features
6. Quality and Safety Verification: Ensure app functionality and user experience

We share personal information with the following categories of third-party service providers:

- Cloud Infrastructure Providers: Database hosting, data storage, and authentication
- Push Notification Providers: Message delivery and service communication
- Analytics and Performance Providers: Error tracking, crash reporting, product analytics
- Subscription Management Platforms: Purchase processing and subscription synchronization
- Advertising Networks: Ad delivery and performance measurement
- AI Service Providers: Cloud-based AI platforms for recipe generation and image recognition
- Payment Processors: Apple (iOS in-app purchases), Google (Android in-app purchases)

All third-party recipients act as service providers or contractors and are contractually bound to use personal information only for providing services to us, not for their own purposes.

WE DO NOT SELL PERSONAL INFORMATION.

In the preceding 12 months, we have NOT sold personal information to third parties for monetary or other valuable consideration.

Clarification:

- Data sharing with service providers (analytics providers, advertising networks, cloud infrastructure, etc.) is NOT a "sale" under CCPA
- No monetary exchange for personal data
- Third parties use data only to provide services to us, not for their own commercial purposes

WE DO NOT COLLECT SENSITIVE PERSONAL INFORMATION AS DEFINED BY CPRA.

CPRA Sensitive Personal Information Categories (we do NOT collect):

- Social Security number, driver's license, passport
- Financial account numbers (credit cards handled by Apple/Google)
- Precise geolocation (we only collect approximate location from IP)
- Racial or ethnic origin, religious or philosophical beliefs, union membership
- Mail, email, or text message contents (we don't store chat messages)
- Genetic data, biometric data (no Face ID/fingerprint data collected)
- Health data (dietary restrictions are preferences, not medical data)
- Sex life or sexual orientation data

Dietary Restrictions: We treat dietary restrictions (vegetarian, vegan, gluten-free, etc.) as preferences for recipe personalization, NOT as health or medical information.

See Section 9 (Data Retention) for complete retention policies.

Summary:

- Account data: Until account deletion
- Inventory: Until manual deletion or account deletion
- Archived inventory: 6 months after archival
- Analytics: ≤ 12 months; Error data: ≤ 90 days
- Purchase records: 7 years (tax/legal requirement)
- Camera images: NOT STORED (immediately discarded)
- Chat messages: NOT STORED (session only)

See Section 10.2 (CCPA/CPRA Rights) for detailed information on exercising your rights.

Summary of Rights:

- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out of Sale: Not applicable (we don't sell data)
- Right to Correct: Request correction of inaccurate information
- Right to Limit Use of Sensitive Personal Information: Not applicable (we don't collect SPI)
- Right to Non-Discrimination: No service limitation for exercising rights

You can designate an authorized agent to make CCPA requests on your behalf. The agent must:

- Provide written authorization from you
- Verify your identity and their authority to act on your behalf

Email: [email protected] with subject "Authorized Agent Request - CCPA"

To protect your privacy, we verify your identity before fulfilling CCPA requests:

Verification Methods:

1. Email Verification: Confirm email address matches account
2. Account Authentication: Log in to verify identity
3. Additional Verification (for sensitive requests like deletion): Security questions or additional identity proof

Response Timeline:

- Acknowledge request: Within 10 days
- Fulfill request: Within 45 days (extensible to 90 days if complex)

We will NOT discriminate against you for exercising your CCPA rights, including by:

- Denying goods or services
- Charging different prices or rates
- Providing a different level or quality of goods or services
- Suggesting you will receive different pricing or service

Exception: We may offer financial incentives (e.g., discounts) in exchange for personal information IF the incentive is reasonably related to the value of the data. We currently do not offer such incentives.

Consent Requirements:

- Meaningful consent required for collection, use, and disclosure of personal information
- Consent can be withdrawn at any time (we will explain consequences)
- Express consent required for sensitive information

Accountability:

- Cievo Pte. Ltd. is accountable for personal information in its possession, including data processed by third-party service providers
- We maintain Data Processing Agreements (DPAs) with all processors

Cross-Border Data Transfer:

- Your data may be processed by service providers in other jurisdictions (including the United States) under adequate safeguards
- Protected by contractual safeguards (Data Processing Agreements with Standard Contractual Clauses)

Complaint Mechanism:

- Contact Us First: [email protected] to resolve issues
- If Unresolved: File complaint with Privacy Commissioner of Canada
- Website: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/
- Phone: 1-800-282-1376

Data Protection Obligations:
We comply with PDPA's 10 obligations:

1. Consent Obligation: Obtain consent before collection
2. Purpose Limitation Obligation: Use data only for stated purposes
3. Notification Obligation: Notify purposes for data collection (via this Privacy Policy)
4. Access & Correction Obligation: Provide access and correction mechanisms
5. Accuracy Obligation: Ensure data accuracy
6. Protection Obligation: Implement security measures (encryption, access controls)
7. Retention Limitation Obligation: Retain data only as necessary
8. Transfer Limitation Obligation: Ensure adequate protection for overseas transfers
9. Data Breach Notification Obligation: Notify PDPC and users of significant breaches
10. Openness Obligation: Make policies and practices known (via this Privacy Policy)

Do Not Call (DNC) Registry:

- We do NOT send marketing SMS or make marketing calls
- If we implement SMS/call marketing in the future, we will check Singapore's DNC registry

Data Breach Notification:

- Notify Personal Data Protection Commission (PDPC) within 3 days if breach affects 500+ individuals or causes significant harm
- Notify affected individuals as soon as practicable
- Provide details of breach, data affected, and remediation steps

Overseas Data Transfer:

- Your data may be transferred to service providers in other jurisdictions (including the United States) for processing
- Protected by contractual safeguards (Data Processing Agreements with Standard Contractual Clauses)

Complaint Mechanism:

- Contact Us First: [email protected] to resolve issues
- If Unresolved: File complaint with Personal Data Protection Commission (PDPC)
- Website: https://www.pdpc.gov.sg/help-and-resources/contact-us
- Phone: +65 6377 3131

Data Protection Officer (If Applicable):

- If we have a Data Protection Officer (DPO), contact: [email protected]
- DPO required if annual revenue >S$10 million AND data of >50,000 individuals (not yet applicable)

We reserve the right to update, modify, or replace this Privacy Policy at any time at our sole discretion.

Reasons for Changes:

- Legal or regulatory requirements (new privacy laws, regulatory guidance)
- Changes to the Service or new features
- Business or operational needs
- Clarification or correction of existing policy language

We will notify you of material changes to this Privacy Policy by:

- Posting an in-app notification when you open the app
- Sending an email to the email address associated with your account (if provided)
- Updating the "Last Updated" date at the top of this Privacy Policy

Material Changes Include:

- New categories of personal information collected
- New third-party service providers with access to your data
- Changes to data retention periods
- Changes to your rights or how to exercise them
- Changes to legal basis for processing (GDPR)
- Changes to international data transfers

Advance Notice: Material changes will take effect 30 days after notification, unless a shorter period is required by law.

Material changes include substantive changes to:

- What data we collect
- How we use your data
- Who we share your data with
- Your privacy rights
- Data security practices
- International data transfers

Non-Material changes include:

- Grammatical corrections or clarifications
- Contact information updates
- Format or organizational changes
- Adding examples or explanations without changing substance

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

If You Do Not Agree:

- Stop using the Service immediately
- Delete your account (Menu → Profile → Delete Account)
- Contact [email protected] to request account deletion (until self-service deletion is implemented)

Accessing or using the Service after changes take effect means you agree to be bound by the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information.

Bookmark This Page: [URL to privacy policy] (when hosted)

If you have questions, concerns, or feedback regarding this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]
Subject Line: "Privacy Inquiry - FoodMoment"
Response Time: Within 30 days (or as required by applicable law)

Please Include:

- Your name
- Your registered email address (for verification)
- Specific question or concern
- Relevant details (if applicable)

To exercise your privacy rights (access, deletion, correction, portability, etc.), please contact us at:

Email: [email protected]
Subject Line: "Data Rights Request - [Access/Delete/Export/Correction] - [Your Email]"
Response Time: Within 30-45 days depending on jurisdiction

Required Information:

- Your name
- Your registered email address
- Specific request (e.g., "I request deletion of my account and all associated data")
- Verification information (we may ask for additional proof of identity)

If you discover a security vulnerability or data breach, please report it immediately:

Email: [email protected]
Subject Line: "SECURITY ISSUE - [Brief Description]"
Priority: HIGH - We will respond to security issues within 24 hours

Please Include:

- Description of the vulnerability or issue
- Steps to reproduce (if applicable)
- Potential impact or severity
- Your contact information (for follow-up)

Responsible Disclosure: We appreciate responsible disclosure of security issues. Please do not publicly disclose vulnerabilities before giving us a reasonable time to address them.

For general customer support inquiries (not related to privacy):

Email: [email protected]
In-App: Settings → Help & Support
Response Time: Within 2-5 business days

If we have a designated Data Protection Officer (DPO), you can contact them at:

Email: [email protected]
Role: Oversees data protection strategy and GDPR compliance
Availability: If we are required to designate a DPO under GDPR or PDPA

Current Status: DPO not yet designated (not required for current business size). If/when required, contact information will be provided here.

Legal Name: Cievo Pte. Ltd.
Registered Address: 70C TELOK BLANGAH HEIGHTS
#15-537, TELOK BLANGAH RIDGEVIEW
Singapore 103070
Company Registration Number: 202539592W
Jurisdiction: Republic of Singapore

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM Singapore Time (GMT+8)

If you believe we have violated your privacy rights and are not satisfied with our response, you can file a complaint with the relevant regulatory authority:

European Union:

- Your national Data Protection Authority
- List: https://edpb.europa.eu/about-edpb/about-edpb/members_en

United Kingdom:

- Information Commissioner's Office (ICO)
- Website: https://ico.org.uk/
- Phone: 0303 123 1113

California, United States:

- California Privacy Protection Agency
- Website: https://cppa.ca.gov/
- Email: [email protected]

Canada:

- Office of the Privacy Commissioner of Canada
- Website: https://www.priv.gc.ca/
- Phone: 1-800-282-1376

Singapore:

- Personal Data Protection Commission (PDPC)
- Website: https://www.pdpc.gov.sg/
- Phone: +65 6377 3131