Privacy Policy

Last Updated: 07/20/2025

WasteLess ("we," "us," or "our"), based in Ukraine, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, application, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordanceance with this policy.

This Privacy Policy should be read in conjunction with our Terms of Use.

1. Information We Collect

We may collect the following types of information:

  • Personal Identification Information:
    • Email address (when you register or sign in).
    • Password (stored securely hashed).
    • Information provided by OAuth providers (Google, Facebook) if you use them to sign in (e.g., name, email), subject to your permissions.
    • Phone number (if you opt-in for SMS notifications, available on the Extra plan).
  • Product Data You Provide:
    • Product names, barcodes, categories, notes.
    • Production dates, expiry dates, notification dates.
    • Images you upload for your specific products (stored in user-specific storage).
  • Feedback Information:
    • Feedback category, title, message content.
    • Screenshots you optionally attach to feedback (stored separately, URLs linked in private GitHub issues). Please do not include sensitive information in screenshots.
  • Usage and Technical Data:
    • Interaction data via Rybbit.io (page views, clicks, scrolls, and session recordings) to understand user behavior and improve the user experience.
    • Device information (Operating System, Browser type) for compatibility and debugging.
    • IP Address: Used to suggest appropriate payment gateways (Monobank) and logged by backend services (e.g., Supabase) for security/operations. Rybbit.io uses the IP address only to determine geographic location (country/region) and does not store it.
    • Error logs and performance data.
    • Usage data. Linked to user ID for quota management and optimization.
  • Cookies and Local Storage:
    • Browser local storage for caching non-sensitive data (your products, dashboard state) for performance and offline access.
    • Essential cookies from Supabase for authentication/session management.

2. How We Collect Information

  • Directly from You: When you register, input product details, upload product images, configure notifications (including providing a phone number for SMS), submit feedback (including screenshots), or contact us.
  • Automatically: When you use the Service (usage/technical data via Supabase and Rybbit.io; essential cookies; local storage).
  • From Third Parties: OAuth information (Google/Facebook) upon your authorization.

3. How We Use Your Information

We use the information we collect for purposes including:

  • Providing, operating, and maintaining the Service.
  • Managing your account, authentication, and subscriptions/payments.
  • Processing product data, including optional AI extraction (Gemini) for barcodes/dates from your images.
  • Storing your product data (Supabase) and product images (user-specific R2 storage).
  • Storing feedback screenshots (separate R2 storage).
  • Displaying relevant shared product images based on barcode scans (from R2 storage).
  • Sending expiry notifications via configured methods (Google Calendar, and SMS for Extra plan users).
  • Processing feedback inside our private GitHub repository.
  • Analyzing usage with Rybbit.io to understand user behavior, improve UI/UX, and diagnose technical issues. This includes analyzing page views, session recordings, and performance data.
  • Determining payment options (using IP address).
  • Communicating with you (support, service announcements).
  • Enforcing Terms and preventing fraud.
  • Complying with legal obligations.
  • Monitoring usage for operational management and quota enforcement.

4. How We Share Your Information

We do not sell your personal information. We may share information as follows:

  • With Service Providers: With third parties performing services on our behalf:
    • Supabase: Database, authentication, backend functions.
    • Cloudflare R2: Storing user product images (user-specific access), feedback screenshots (generated via signed URLs and linked privately), and shared product images bucket.
    • Google Gemini: Processing images for data extraction (image data only).
    • GitHub: Creating issues from feedback (includes feedback content linked within a private repository).
    • Google / Facebook: Authentication (OAuth) and notification delivery (Google Calendar).
    • Monobank: Processing subscription payments (handles payment details directly).
    • Rybbit.io: Collecting and analyzing usage analytics data to improve our Service. Rybbit helps us understand user interactions through session recordings, error logs, and performance metrics while prioritizing user privacy. See the Rybbit Privacy Policy for details.
    • Twilio: Sending SMS notifications for users on the Extra plan. See Twilio's Privacy Policy.
    These providers access only necessary information and are obligated to protect it.
  • For Legal Reasons: If required by law or to protect rights, safety, investigate fraud, or respond to government requests.
  • Business Transfers: If WasteLess is involved in a merger, acquisition, or asset sale, your information may be transferred.
  • With Your Consent: For other purposes disclosed to you, with your consent.

5. Data Storage and Security

  • Storage Location: Data is primarily stored via Supabase (database) and Cloudflare R2 (images) which may use servers globally, potentially outside Ukraine. Your use implies consent to these transfers.
  • Storage Strategy:
    • Your product data: Stored in Supabase, protected by RLS.
    • Your product images: Stored in R2 under user-specific paths, accessed via signed URLs.
    • Feedback screenshots: Stored in R2, potentially public URLs generated but linked within private GitHub issues.
    • Shared product images: Stored in R2 shared bucket, accessed via signed URLs.
  • Security Measures: We use HTTPS, rely on provider security, and implement Supabase RLS. See our Security Page.
  • Disclaimer: No system is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We keep your personal information and product data while your account is active. When you delete your account via profile settings, we initiate permanent deletion of your account, product data, and user-uploaded product images from our primary systems (Supabase, R2 bucket). This process is irreversible and completed promptly, subject only to unavoidable technical delays (e.g., cache propagation). We do not retain backups of deleted user data. Cached data in your browser is under your control. Feedback data (including screenshot URLs) may persist in the private GitHub repository until feature, bug, UI/UX is not resolved.

7. Your Data Rights

Depending on your location (e.g., GDPR applies in the EEA/UK), you may have rights including:

  • Access: View your data via the dashboard/profile.
  • Rectification: Correct your data directly in the app interface.
  • Erasure (Deletion): Delete your account and associated data via profile settings.
  • Object: Object to processing based on legitimate interests (e.g., analytics via Rybbit.io). You can opt-out by replying STOP, UNSUBSCRIBE, or CANCEL to any message or by disabling the feature in your account settings.
  • Automated Decision-making: We don't currently use solely automated decision-making with significant effects.

Exercise rights via the app where possible, or contact [email protected]. We'll respond according to applicable law (e.g., within 1 month under GDPR) after verifying your identity. You may have the right to complain to a data protection authority.

8. Third-Party Services and Links

Our Service uses third parties (Supabase, R2, Gemini, GitHub, Google, Facebook, Rybbit.io, Monobank, Twilio). We may link to external sites. We are not responsible for the privacy practices of these third parties or external sites. Review their policies.

9. Cookies and Tracking Technologies

We use browser local storage for performance caching (non-sensitive data). Supabase uses essential cookies for authentication. For usage analytics, we use Rybbit.io, a privacy-focused tool that helps us understand user interactions (like page views, clicks, and session recordings) to improve our UI/UX. Rybbit does not use cookies for tracking and anonymizes data like IP addresses. For more details, see the Rybbit Privacy Policy. We do not use cookies for targeted advertising.

10. Children's Privacy

Our Service is not intended for children under 12 without parental consent. We do not knowingly collect personal information from children under 12 without such consent. If you believe your child has provided data without consent, please contact us to remove it.

11. International Data Transfers

Your information may be transferred to and processed by our service providers (Supabase, Cloudflare, Google, Rybbit.io, GitHub, etc.) on servers located outside Ukraine, including the USA and other jurisdictions. Data protection laws may differ. We rely on the data processing agreements and security measures of these providers. Your use of the Service constitutes consent to these transfers.

12. Changes to This Privacy Policy

We may update this policy. Changes are effective when posted here with an updated "Last Updated" date. We will notify you of material changes (e.g., via email or in-app). Please review periodically.

13. Contact Us

Questions about this Privacy Policy? Contact us at: [email protected]