1. Controller
Responsible for data processing under GDPR: Stefan Wibmer · Hans-Maier-Straße 19, 6020 Innsbruck, Austria · [email protected]
2. What we store
- Account data: Email address, password hash (for OAuth: provider ID instead of password), sign-up timestamp.
- Log data: Your food and symptom entries including photos. These belong exclusively to you.
- Technical data: IP address (truncated, max. 14 days), user agent, device type — only for error analysis.
- No trackers: We do not use Google Analytics, Facebook Pixel, or any other advertising trackers.
3. Where we store (EU hosting)
- Database & auth: Supabase, region eu-central-1 (fra1), Frankfurt am Main.
- Website & PWA hosting: Cloudflare Pages, EU edge locations.
- Photo storage: Cloudflare R2, region EU.
- Email delivery: Resend / Loops (data processing agreements in place).
4. AI processing of photos
When you upload a photo of your plate, we send it once to an external AI provider for content extraction (currently Google Gemini via OpenRouter; up-to-date sub-processor list in our privacy policy). The photo is not used for training. You can disable AI analysis in Settings at any time.
5. Your rights (GDPR Art. 15–22)
- Access (Art. 15): Any time via Settings → Data export.
- Rectification (Art. 16): Directly in the app.
- Erasure (Art. 17): Settings → Delete account (immediate, irrevocable).
- Restriction (Art. 18): By email to [email protected].
- Portability (Art. 20): Export as JSON/Markdown any time.
- Objection (Art. 21): By email to [email protected].
6. Cookies
We only use strictly necessary cookies (login session, language/theme preference). No tracking, no cookie banner theater.
7. Right to complain
You have the right to file a complaint with a data protection authority. The competent authority is the Austrian Data Protection Authority (dsb.gv.at).
8. Changes
For significant changes to this privacy policy, beta users will be informed by email.
9. Data sources (nutritional data)
Correlyn uses nutritional data from the following sources: OpenFoodFacts (licence: Open Database License ODbL 1.0, openfoodfacts.org), Ciqual/ANSES (French nutritional database, anses.fr/fr/ciqual), USDA FoodData Central (fdc.nal.usda.gov). Reference values for nutrient requirements are based on the EFSA Dietary Reference Values (2013–2019, efsa.europa.eu). Use of this data is in accordance with the respective licence terms.
10. Minimum age
Use of Correlyn is reserved for persons aged 16 and over (GDPR Art. 8). Minors under 16 may only use the app with the consent of their legal guardians.