Prism Scan

Privacy Policy

Last updated: June 27, 2026

Who we are

This privacy policy explains how Prism Scan handles personal data for the Prism website, Chrome extension, iOS mobile app, Android mobile app, backend services, contact form, product submissions, subscriptions, analytics, and issue reporting tools.

The controller is sole trader Adriano Barbet. You can contact us via the form on this website.

Prism is free and accountless by default and is built for manual product checks. An account and payment details are collected only if you choose to subscribe to Supporter. Prism does not sell personal data or use advertising identifiers.

Prism website

When you use the website contact form, Prism Scan collects the name, email address, and message you submit so we can read, route, and respond to your request. If you submit uninstall feedback, Prism Scan collects the selected uninstall reasons, optional feedback text, creation time, client label, and user-agent header.

The website sends contact submissions and uninstall feedback to the Prism backend server-side. The backend stores contact messages in the reports collection and uninstall feedback in the uninstalls collection. Backend API keys and provider secrets are not exposed to the browser.

The website does not currently set non-essential cookies, use advertising pixels, or run product analytics. Standard hosting and security logs may still be created by infrastructure providers when you visit the site.

Chrome extension

The extension reads product-page content only to provide its user-facing product lookup features. This can include product title, brand, barcode or other product identifiers, ASIN, ingredients, category, image URL, quantity, source URL, and other visible product evidence needed to identify and score the product.

Prism stores preferences locally in Chrome storage on your device. Preferences can include diet choices, allergen flags, religious preference flags, skin profile, household safety choices, cosmetic avoidance choices, risk tolerance, price sensitivity, production-standard preferences, and custom notes.

The extension also stores local product history, saved products, product score caches, AI result caches, ingredient and additive hydration caches, and ASIN-to-barcode mappings. Score and AI caches are designed around time-limited local entries, with the main score cache using a 7-day default lifetime.

Content scripts do not call external APIs directly. They ask the extension background service worker to perform lookups, cache reads and writes, backend calls, and Open Facts requests.

The extension generates a random anonymous device identifier that is stored locally and sent to the backend to check entitlement, link an extension install to a Supporter account when you choose to sign in, and count daily free AI usage. This identifier is not connected to your name unless you create a Supporter account.

The use of information received through the Chrome extension complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Prism does not sell extension user data, use it for advertising, or transfer it for unrelated purposes.

iOS mobile app

The iOS app uses the device camera when you choose to scan a barcode. Camera access is used to detect retail product barcodes and is not used to identify you. Prism does not send a live camera feed to the backend.

If you submit a missing product, the iOS app may use the camera or photo library to collect product photographs, such as a front-of-pack photo and an ingredients photo. These photos are uploaded through backend-provided signed upload URLs and may be reviewed by Prism so the product can be added to or corrected in the Prism product database.

The iOS app creates or stores an anonymous Prism device identifier. It is sent to the backend with mobile requests to resolve entitlement, count daily free AI usage, associate product submissions with the submitting device, and use RevenueCat for in-app subscriptions. It is not an advertising identifier.

Mobile preferences and profiles are stored locally on your device by default. They may include allergens, religious or cultural dietary choices, diets, nutrition targets, ingredient avoidances, fragrance sensitivity, exposure sensitivity, skin needs, household safety preferences, cleaning chemical avoidances, production-standard preferences, and custom notes.

Android mobile app

The Android app uses the device camera when you choose to scan a barcode. Camera access is used to detect retail product barcodes and is not used to identify you. Prism does not send a live camera feed to the backend.

If you submit a missing product, the Android app may use the camera or photo library to collect product photographs, such as a front-of-pack photo and an ingredients photo. These photos are uploaded through backend-provided signed upload URLs and may be reviewed by Prism so the product can be added to or corrected in the Prism product database.

The Android app creates or stores an anonymous Prism device identifier. It is sent to the backend with mobile requests to resolve entitlement, count daily free AI usage, associate product submissions with the submitting device, and use RevenueCat for in-app subscriptions. It is not an advertising identifier.

Mobile preferences and profiles are stored locally on your device by default. They may include allergens, religious or cultural dietary choices, diets, nutrition targets, ingredient avoidances, fragrance sensitivity, exposure sensitivity, skin needs, household safety preferences, cleaning chemical avoidances, production-standard preferences, and custom notes.

Backend, AI, and reports

When you request backend hydration, additive lookup, evidence lookup, issue reporting, product lookup, product submission, entitlement lookup, or AI analysis, Prism may send relevant product evidence and reduced preference context to the Prism backend. This can include product identity, barcode, ingredient or additive names, Open Facts scores, source URL, selected preference signals, and the anonymous Prism device identifier.

Some preference categories may reveal sensitive information, such as allergies, religious dietary choices, health-related skin concerns, or other information you place in custom notes. Prism uses these fields only when you choose to save preferences and request features that need them. Preferences are stored locally at rest on your device, but the active preference context is sent to the backend and AI provider when needed to produce personalized scores or analysis. Do not enter sensitive information that is not needed for product analysis.

Issue reports submitted from the extension or mobile app can include an optional email address and the message you write. Website contact messages and product issue reports are stored in the backend reports collection so Prism Scan can respond, debug problems, improve safety, and maintain the service.

Server-side AI analysis is provided through DeepSeek. Prism sends the minimum product and preference context needed for the requested analysis and validates the returned structure before showing it in Prism.

Analytics and diagnostics

The mobile app uses PostHog only if you explicitly opt in during onboarding or later in settings. Before consent, analytics collection is disabled. If you decline or later turn analytics off, Prism stops sending analytics events from that point forward.

PostHog analytics are configured to be anonymous and coarse. Prism does not call identify, does not send the Prism device identifier, RevenueCat identifier, email, barcodes, product names, raw search queries, preference values, notes, photos, upload paths, or exact scores to PostHog. Events may include high-level screen names, feature actions, broad result bands, timing, platform, app environment, and safe error context.

PostHog is also used for JavaScript error diagnostics after consent. These diagnostics help understand where the app breaks, but they are sanitized so product details, preference content, contact details, photos, and payment identifiers are not intentionally sent.

Accounts, Supporter, and payments

On the website and Chrome extension, if you upgrade to Supporter, you sign in through Firebase Authentication using Google or an email and password. Firebase collects your email address, your display name when you use Google sign-in, and a Firebase user ID, and it manages your authentication credentials.

Website and extension payments are handled by Stripe. Prism Scan does not receive or store your card number or full payment details. The Prism backend stores your email, a Stripe customer ID, a Stripe subscription ID, and your subscription status in the users collection so it can grant Supporter access and manage billing.

In the iOS and Android apps, in-app subscriptions are handled by Apple App Store or Google Play billing through RevenueCat. RevenueCat receives purchase history, subscription status, store receipt information, app platform details, and the Prism device identifier used as the RevenueCat app user ID so Prism can grant Supporter access and prevent fraud.

Apple, Google, Stripe, Firebase, and RevenueCat process payment, authentication, purchase, and account data under their own terms and privacy notices.

Legal bases

Prism Scan processes contact messages, reports, product evidence, product submissions, photographs, device identifiers, and preference context where it is necessary to provide the requested service, respond to you, operate Prism, protect the service, and improve product reliability.

Prism Scan processes uninstall feedback and consented analytics where it is necessary to understand how Prism is used, why users leave Prism, and how to improve product reliability, compatibility, privacy communication, and performance.

Prism Scan processes account and subscription data where it is necessary to perform the Supporter subscription contract you enter into, process your payment through Stripe, Apple, Google, or RevenueCat, grant entitlement, and comply with related tax and accounting obligations.

For GDPR purposes, the usual legal bases are performance of a requested service or contract and pre-contract steps, legitimate interests in operating and securing Prism, compliance with legal obligations, and consent where you choose to provide sensitive preference information for personalized analysis.

You can remove local extension data by clearing Prism extension storage, uninstalling the extension, or using any cache and preference controls available in the extension. You can remove local mobile data by using in-app controls where available, deleting local profiles, clearing app storage, or uninstalling the app.

Third parties

Prism uses Vercel to host the public website, Google Cloud Run to host backend services, and Google Firestore for backend data storage. The Firestore database is configured in the europe-west2 region.

Prism uses Firebase Authentication for website and extension Supporter accounts, Stripe for website and extension payments, RevenueCat for mobile in-app subscription management, Apple App Store and Google Play for native mobile payments, and PostHog for consented mobile analytics and diagnostics.

Prism uses Open Food Facts for food product data and Open Beauty Facts for cosmetic product data. These projects are third-party open-data services, and their data may be incomplete, community-edited, delayed, or unavailable.

Prism may interact with Google and the Chrome Web Store for extension listing, installation, updates, browser storage, and browser extension platform services; Apple and Google for app distribution, installation, updates, and store services; and ecommerce websites you visit or scan from, which remain separate third parties and are not controlled by Prism Scan.

Retention

Local extension and mobile preferences, profiles, saved products, history, and caches remain on your device until you change them, clear local storage, or uninstall the extension or app. Local cache entries are generally time-limited, with score and AI caches designed for short product-lookup reuse.

Website contact submissions, uninstall feedback, extension and mobile issue reports, and product submissions are normally kept for up to 24 months, unless a longer period is needed to resolve a request, review a product submission, handle a security issue, comply with law, or establish, exercise, or defend legal claims.

Product submission photos and related product metadata may be kept while the submitted product is reviewed and, if accepted, as part of the product database evidence and audit trail.

Supporter account and subscription records are kept while your subscription is active and afterwards as needed to meet legal, tax, fraud-prevention, and accounting obligations. Stripe, Apple, Google, RevenueCat, and Firebase retain relevant payment, purchase, transaction, and authentication records under their own terms and legal requirements.

PostHog analytics data is retained according to the PostHog project settings and is limited to consented, coarse analytics and diagnostics described above.

Your rights

If GDPR applies to you, you may have rights to request access, correction, deletion, restriction, portability, or objection to the processing of your personal data. Where processing is based on consent, you may withdraw consent at any time without affecting earlier lawful processing.

You can manage or cancel a website or extension Supporter subscription through the Stripe billing portal. You can manage or cancel an iOS or Android in-app subscription through the Apple App Store or Google Play subscription settings, with RevenueCat reflecting the store status back to Prism.

You can request deletion of your account and subscription data by contacting us or using available in-app account deletion controls. For accountless data, Prism Scan may need enough information to identify the relevant contact message, report, product submission, device record, or backend record before acting on a request.

You also have the right to lodge a complaint with a supervisory authority. In Ireland, the relevant authority is the Data Protection Commission.

Security and transfers

Prism Scan uses technical and organisational measures intended to protect personal data, including server-side handling of backend secrets, API authentication for backend routes, limited data flows, and browser-local storage for anonymous preferences where possible.

No internet service can be guaranteed to be fully secure. Data may be processed by providers outside your country, including infrastructure, browser platform, app-store platform, open-data, analytics, AI, authentication, subscription, and payment providers such as PostHog, RevenueCat, Stripe, Apple, Google, and Firebase. Where required, Prism Scan relies on appropriate safeguards or provider terms for those transfers.

Children and updates

Prism is not directed to children under 16. Do not use the contact form, issue report form, or personalized analysis features if you are under 16 without appropriate permission from a parent or guardian.

Prism Scan may update this policy as the website, extension, mobile apps, backend, analytics, subscriptions, providers, or legal requirements change. The date at the top shows when this policy was last updated.