Legal

Privacy Policy

Last updated: 7 June 2026 · Effective: 7 June 2026

GDPR & UK GDPRCCPA-awareNo data sellingOn-device scanning

Barliva (“Barliva”, “we”, “us”) builds tools that help you understand what's in the food you buy. This policy explains what personal data we collect through the Barliva apps and the websites at barliva.com (the “Services”), how we use and share it, and the choices and rights you have.

Who we are
Data we collect
How we use data
Legal bases
How we share data
Data retention
Your rights
Security
International transfers
Children
Changes
Contact us

01Who we are

Barliva is the data controller responsible for personal data processed through the Services. Questions? Reach us at privacy@barliva.com.

02Data we collect

We collect the following categories, depending on how you use the Services:

Category	Examples	Source
Account data	Email, display name, password (stored only as a salted hash), authentication identifiers	You
Scan & product activity	Barcodes scanned, products viewed, scan history, saved items	You / device
Dietary preferences	Allergens you track, dietary filters, health goals	You
Camera input	The barcode value decoded on-device. Images are not uploaded or stored unless you explicitly submit a product photo	Device
Device & technical	Device model, OS, app version, language, IP address, crash logs	Automatic
Usage & analytics	Feature interactions, session duration, diagnostic events (aggregated where possible)	Automatic

We do not sell your personal data, and we do not use your scan history to serve third-party advertising.

03How we use data

To provide core features — decoding barcodes, returning health scores, ingredient breakdowns, and allergen alerts;
To personalise results based on the allergens and dietary preferences you set;
To create and secure your account and authenticate you;
To maintain, troubleshoot, and improve the Services, including diagnosing crashes;
To analyse aggregate usage so we can prioritise improvements;
To communicate about service updates, security notices, and (where you opt in) product news;
To detect, prevent, and respond to fraud, abuse, and security incidents;
To comply with legal obligations.

04Legal bases (EEA/UK)

Where the EU or UK GDPR applies, we rely on:

Performance of a contract — to deliver the features you request;
Legitimate interests — to secure, maintain, and improve the Services, balanced against your rights;
Consent — for optional analytics, marketing, and any sensitive data you choose to provide (such as health-related dietary preferences). You may withdraw consent at any time;
Legal obligation — where processing is required by law.

Service providers (processors) — cloud hosting, object storage, error monitoring, and analytics vendors that process data on our behalf under contract;
Product data sources — we query public food databases (such as Open Food Facts) using the barcode value; we do not send these sources your identity;
Legal & safety — where required by law or to protect the rights, safety, and property of Barliva, our users, or the public;
Business transfers — in connection with a merger, acquisition, or asset sale, subject to this policy.

06Data retention

We keep personal data only as long as needed for the purposes described here. Account data is retained while your account is active; scan history until you delete it or close your account; diagnostic and crash logs typically up to 90 days. When you delete your account, we delete or anonymise your personal data within 30 days, except where we must retain it to comply with legal obligations.

07Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your data; to object to or restrict certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority. Residents of California and similar jurisdictions may request disclosure of the categories of data we collect and may opt out of any “sale” or “sharing” — note Barliva does not sell personal data.

To exercise any right, email privacy@barliva.com or use the in-app account controls. We respond within the time required by law.

08Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS), hashed credentials, access controls, network segmentation, and regular patching. No method is completely secure, but we work to protect your data and to notify you and the authorities of breaches where required. See our Security page for more.

09International transfers

We operate from data centres located in Canada and may process data in other countries where our providers operate. Where we transfer data internationally, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses.

10Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.

11Changes to this policy

We may update this policy. For material changes, we'll update the “Last updated” date and, where appropriate, notify you in-app or by email. Continued use after an update means you accept the revised policy.

12Contact us

Barliva — Privacy Team
Email: privacy@barliva.com
Web: app.barliva.com

This policy describes Barliva's data practices in good faith and is provided for transparency. It does not constitute legal advice; please consult qualified counsel for your specific obligations.