Privacy Policy
Last updated: May 2025
1. Data Controller
Thomas Duclain — Lyon, 69000, France
Email: contact@yumiq.app
2. Data Collected
2.1 At Account Creation
- Email address (via Google Sign-In)
- Google display name (optional, editable)
- Google profile photo (optional)
2.2 During Use
- Scans: scanned barcodes and timestamps
- Ratings: scores, reviews, product flags
- Profile: dietary preferences, purchase countries, language
- Shopping lists: added products and quantities
- Meal plans: planned dishes and ingredients
2.3 Technical Data
- Browsing data collected via Google Analytics (GA4) — see section 5
- Anonymised server logs (error resolution)
3. Purposes of Processing
| Purpose | Legal Basis |
|---|---|
| Authentication and account management | Contract performance |
| Display of public ratings | Consent (user's choice) |
| Personalisation (preferences, language) | Contract performance |
| Service improvement (analytics) | Legitimate interest / cookie consent |
| Security and fraud prevention | Legitimate interest |
4. Data Sharing
Personal data is not sold or transferred to third parties for commercial purposes.
Data may be shared with:
- Supabase Inc. — storage and authentication. Data hosted in the EU region (Paris, AWS eu-west-3). See their privacy policy.
- Google LLC — OAuth authentication and analytics (GA4). See their privacy policy.
5. Cookies and Trackers
YumiQ uses cookies via Axeptio (consent management) and Google Analytics (GA4) via Google Tag Manager. These tools are only activated after your explicit consent. You can change your preferences at any time by clicking the "Manage cookies" button at the bottom of the page.
For more details on the cookies used, see our cookie policy.
6. Retention Period
| Data | Duration |
|---|---|
| User account and associated data | Until account deletion |
| Public ratings (if anonymised) | Lifetime of the service |
| GA4 analytics data | 14 months (GA4 setting) |
| Server logs | 30 days |
7. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: delete your account and data
- Portability: receive your data in a structured format
- Objection: object to processing based on legitimate interest
- Restriction: request the suspension of processing
To exercise your rights: contact@yumiq.app
Response time: up to 30 days.
You may also lodge a complaint with your national supervisory authority (e.g., CNIL in France).
8. International Transfers
Data may be transferred to the United States via Google (authentication, analytics). These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs).
9. Security
Data is transmitted over HTTPS. Database access is restricted and protected by row-level security policies (Row Level Security, Supabase). No payment data is collected or stored by YumiQ.
10. Minors
YumiQ is accessible to all ages. No sensitive data specific to minors is collected. Use by minors is under the responsibility of parents or legal guardians.
11. DPO Contact
No DPO has been appointed (not required for this activity). All GDPR requests: contact@yumiq.app