Privacy Policy

Last Updated: 06/03/2025

WasteLess ("we," "us," or "our"), based in Ukraine, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, application, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordanceance with this policy.

This Privacy Policy should be read in conjunction with our Terms of Use.

1. Information We Collect

We may collect the following types of information:

  • Personal Identification Information:
    • Email address (when you register or sign in).
    • Password (stored securely hashed).
    • Information provided by OAuth providers (Google, Notion) if you use them to sign in (e.g., name, email), subject to your permissions.
  • Product Data You Provide:
    • Product names, barcodes, categories, notes.
    • Production dates, expiry dates, notification dates.
    • Images you upload for your specific products (stored in user-specific storage).
  • Feedback Information:
    • Feedback category, title, message content.
    • Screenshots you optionally attach to feedback (stored separately, URLs linked in private GitHub issues). Please do not include sensitive information in screenshots.
  • Usage and Technical Data:
    • Interaction data via Microsoft Clarity (clicks, scrolls, session recordings) for UI/UX improvement.
    • Device information (Operating System, Browser type) for compatibility and debugging.
    • IP Address: Used to suggest appropriate payment gateways (Monobank) and logged by backend services (e.g., Supabase) for security/operations.
    • Error logs and performance data.
    • Usage data. Linked to user ID for quota management and optimization.
  • Cookies and Local Storage:
    • Browser local storage for caching non-sensitive data (product lists, dashboard state) for performance and offline access.
    • Essential cookies from Supabase for authentication/session management.
    • Cookies from Microsoft Clarity for usage analytics.

2. How We Collect Information

  • Directly from You: When you register, input product details, upload product images, configure notifications, submit feedback (including screenshots), or contact us.
  • Automatically: When you use the Service (usage/technical data via Supabase, Clarity; cookies; local storage).
  • From Third Parties: OAuth information (Google/Notion) upon your authorization.

3. How We Use Your Information

We use the information we collect for purposes including:

  • Providing, operating, and maintaining the Service.
  • Managing your account, authentication, and subscriptions/payments.
  • Processing product data, including optional AI extraction (Gemini) for barcodes/dates from your images.
  • Storing your product data (Supabase) and product images (user-specific R2 storage).
  • Storing feedback screenshots (separate R2 storage).
  • Displaying relevant shared product images based on barcode scans (from `wasteless-media-static` R2 storage).
  • Sending expiry notifications via configured methods (Google Calendar, Notion).
  • Processing feedback (creating private GitHub issues).
  • Analyzing usage (Microsoft Clarity) to improve UI/UX and diagnose issues (using device/browser info).
  • Determining payment options (using IP address).
  • Communicating with you (support, service announcements).
  • Enforcing Terms and preventing fraud.
  • Complying with legal obligations.
  • Monitoring usage for operational management and quota enforcement.

4. How We Share Your Information

We do not sell your personal information. We may share information as follows:

  • With Service Providers: With third parties performing services on our behalf:
    • Supabase: Database, authentication, backend functions.
    • Cloudflare R2: Storing user product images (user-specific access), feedback screenshots (generated via signed URLs and linked privately), and shared product images bucket.
    • Google Gemini: Processing images for data extraction (image data only).
    • GitHub: Creating issues from feedback (includes feedback content linked within a private repository).
    • Google / Notion: Authentication (OAuth) and notification delivery (Calendar/API).
    • Monobank: Processing subscription payments (handles payment details directly).
    • Microsoft Clarity: Collecting and analyzing usage analytics data.
    These providers access only necessary information and are obligated to protect it.
  • For Legal Reasons: If required by law or to protect rights, safety, investigate fraud, or respond to government requests.
  • Business Transfers: If WasteLess is involved in a merger, acquisition, or asset sale, your information may be transferred.
  • With Your Consent: For other purposes disclosed to you, with your consent.

5. Data Storage and Security

  • Storage Location: Data is primarily stored via Supabase (database) and Cloudflare R2 (images) which may use servers globally, potentially outside Ukraine. Your use implies consent to these transfers.
  • Storage Strategy:
    • Your product data: Stored in Supabase, protected by RLS.
    • Your product images: Stored in R2 under user-specific paths, accessed via signed URLs.
    • Feedback screenshots: Stored in R2, potentially public URLs generated but linked within private GitHub issues.
    • Shared product images: Stored in R2 shared bucket, accessed via signed URLs.
  • Security Measures: We use HTTPS, rely on provider security, and implement Supabase RLS. See our Security Page.
  • Disclaimer: No system is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We keep your personal information and product data while your account is active. When you delete your account via profile settings, we initiate permanent deletion of your account, product data, and user-uploaded product images from our primary systems (Supabase, R2 bucket). This process is irreversible and completed promptly, subject only to unavoidable technical delays (e.g., cache propagation). We do not retain backups of deleted user data. Cached data in your browser is under your control. Feedback data (including screenshot URLs) may persist in the private GitHub repository until feature, bug, UI/UX is not resolved.

7. Your Data Rights

Depending on your location (e.g., GDPR applies in the EEA/UK), you may have rights including:

  • Access: View your data via the dashboard/profile or request a copy via support.
  • Rectification: Correct your data directly in the app interface.
  • Erasure (Deletion): Delete your account and associated data via profile settings.
  • Restrict Processing: Request limitation of processing under certain conditions (contact support).
  • Data Portability: Request your product data in a common format (contact support).
  • Object: Object to processing based on legitimate interests (e.g., analytics via Clarity - check their opt-out options or contact us).
  • Automated Decision-making: We don't currently use solely automated decision-making with significant effects.

Exercise rights via the app where possible, or contact [email protected]. We'll respond according to applicable law (e.g., within 1 month under GDPR) after verifying your identity. You may have the right to complain to a data protection authority.

8. Third-Party Services and Links

Our Service uses third parties (Supabase, R2, Gemini, GitHub, Google, Notion, Clarity, Monobank). We may link to external sites. We are not responsible for the privacy practices of these third parties or external sites. Review their policies.

9. Cookies and Tracking Technologies

We use browser local storage for performance caching (non-sensitive data). Supabase uses essential cookies for authentication. Microsoft Clarity uses first- and third-party cookies and tracking technologies for usage analytics (clicks, scrolls, session recordings) to improve UI/UX. See the Microsoft Privacy Statement for details. We do not use cookies for targeted advertising.

10. Children's Privacy

Our Service is not intended for children under 12 without parental consent. We do not knowingly collect personal information from children under 12 without such consent. If you believe your child has provided data without consent, please contact us to remove it.

11. International Data Transfers

Your information may be transferred to and processed by our service providers (Supabase, Cloudflare, Google, Microsoft, GitHub, etc.) on servers located outside Ukraine, including the USA and other jurisdictions. Data protection laws may differ. We rely on the data processing agreements and security measures of these providers. Your use of the Service constitutes consent to these transfers.

12. Changes to This Privacy Policy

We may update this policy. Changes are effective when posted here with an updated "Last Updated" date. We will notify you of material changes (e.g., via email or in-app). Please review periodically.

13. Contact Us

Questions about this Privacy Policy? Contact us at: [email protected]