Your scans stay yours.
Zeta is a community-funded product, so we only collect the minimum data required to deliver halal, allergy, and sustainability guidance. Below is a plain-language overview; the legal text follows.
Effective July 12, 2025
Data we collect
Camera captures, ingredient lookups, account preferences, subscription status, and device info.
- Camera input is processed only to read barcodes or text. Images are not stored unless you explicitly submit a report.
- We log ingredient or product lookups to improve accuracy and to show your history across devices.
- Profile data (name, dietary preferences, household members) stays encrypted at rest within the EU.
How we use data
Deliver verdicts, personalize alerts, provide support, enforce independence safeguards.
- AI scoring requires ingredient lists and labeling context. Moderators see anonymized snippets when reviewing flags.
- Email is used for transactional updates, product recall bulletins, and optional research surveys.
- Aggregated telemetry helps us prioritize accessibility fixes and improves scan speed.
How we don’t use data
No sale, no third-party ads, and no algorithmic sponsorship.
- We never sell, rent, or trade your personal data with brands, data brokers, or ad networks.
- No tracking pixels from Meta, TikTok, or similar platforms operate inside the consumer app.
- Suppliers cannot see who scanned their products; they only receive anonymized performance metrics.
Your controls
GDPR/CCPA rights
Access & export
Download your scan history, contribution logs, and billing invoices as JSON or CSV within Settings → Privacy.
Rectification
Update dietary preferences, contact info, or household members anytime. We propagate edits instantly to all services.
Deletion
Submit a deletion request at /settings/delete or email ${settings?.privacyEmail || "privacy@zeta.app"}. Data is wiped within 30 days unless legal requirements apply.
Submit requests inside the app or email privacy@zeta.app. We respond within 72 hours.
Processors
Services that handle your data
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Authentication + real-time activity feed | EU-hosted |
| Paddle | Payment processing and invoicing | US / EU |
| Postmark | Transactional email delivery | US |
| Sentry | Error reporting (anonymized events only) | EU + US |
Full policy
This policy explains how Zeta Labs (“we”, “us”) collects, uses, and protects your personal data when you use our website, browser add-ons, and mobile applications (collectively, the “Services”). By accessing the Services you agree to this policy.
- Information we collect. We collect account information (name, email), scan history, contribution content, device metadata (browser, OS), and payment details handled through Paddle. We do not store full credit-card numbers.
- Legal bases. We rely on consent (camera, notifications), contractual necessity (deliver subscriptions), and legitimate interest (fraud prevention, product metrics). You may withdraw consent at any time inside settings.
- Retention. Scan events are retained for 24 months, community contributions for historical transparency, and billing records per applicable tax laws. Logs older than 30 days are aggregated.
- Security. Data is encrypted using AES-256 at rest and TLS 1.3 in transit. Access is limited via role-based policies, hardware keys, and mandatory security reviews for engineers.
- Transfers. When data leaves the EU, we rely on SCCs and additional encryption. You can request a list of transfer safeguards at any time.
- Children. The Services are not directed to children under 13. Parents can request deletion of minor accounts via privacy@zeta.app.
- Changes. Policy updates are announced in-app and via email at least 14 days before they take effect.
Questions or concerns? Email privacy@zeta.app or write to ZETA Technologies, 42 Rue du Jour, 75001 Paris, France.
Need help?
Talk to our privacy steward
We are happy to walk you through any clause or sign DPAs for enterprise deployments.