Privacy Policy

1. Who We Are

lifo provides batch level inventory management software for retail stores. We help you track product expiration dates, reduce food waste, and make data-driven decisions about discounts and donations. Contact Us: Email: [email protected] | For GDPR rights requests: [email protected]

2. What Data We Collect

We collect the following types of data:

• Account Information: Name, email address, store name and location, user role (admin, manager, or employee), login credentials (encrypted)
• Inventory Data: Product names and descriptions, batch numbers and quantities, expiration dates, barcode information, discount and donation decisions
• Product Images: Photos captured during barcode and expiration date scanning, processed through image recognition technology, used solely for extracting product information and dates
• Usage Data: Actions taken within the app (scans, updates, decisions), timestamps of activities, device information (browser type, operating system, IP address), performance and error logs

3. How We Use Your Data

We process your data to:

• Provide Our Service: Enable inventory tracking and management, generate discount and donation recommendations, create analytics dashboards showing inventory value and waste metrics, send important notifications about expiring products
• Improve Our Service: Enhance image recognition accuracy, optimize recommendation algorithms, identify and fix technical issues, develop new features based on usage patterns
• Communicate With You: Send service updates and important announcements, respond to your support requests, notify you of changes to our terms or policies
• Comply With Legal Obligations: Meet food safety and waste reporting requirements, respond to legal requests when required, protect against fraud and abuse

4. Legal Basis for Processing (GDPR)

We process your data based on:

• Performance of Contract: To provide the Service you signed up for
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Your Consent: Where we explicitly request permission (e.g., for optional features)
• Legal Obligation: To comply with applicable laws and regulations

5. Data Storage and Security

• Where We Store Your Data: All data is stored on secure servers located in the European Union. We use Supabase (EU region) for database hosting. Data is encrypted both in transit (TLS/SSL) and at rest.
• How We Protect Your Data: Industry-standard encryption protocols, regular security audits and vulnerability assessments, access controls and multi-factor authentication, secure development practices and code reviews, employee training on data protection.
• Data Retention: We retain your data for as long as your account remains active. Upon account deletion, we delete or anonymize your data within 90 days. Some data may be retained longer if required by law (e.g., accounting records).

6. Data Sharing and Third Parties

7. Your Privacy Rights (GDPR)

Under GDPR, you have the right to:

• Access Your Data: Request a copy of all personal data we hold about you
• Rectify Inaccurate Data: Correct any information that is incomplete or incorrect
• Delete Your Data ("Right to Be Forgotten"): Request deletion of your personal data (subject to legal retention requirements)
• Data Portability: Receive your data in a structured, commonly used format (CSV, JSON)
• Object to Processing: Object to certain data processing activities (e.g., direct marketing)
• Restrict Processing: Limit how we process your data in specific circumstances
• Withdraw Consent: Withdraw consent at any time where processing is based on consent (does not affect prior processing)

To exercise these rights, contact us at [email protected].

We will respond to your request within 30 days (or 60 days for complex requests, with notification).

8. Analytics & Cookies

We use Google Analytics to understand how users interact with lifo and improve our service.

For more information, see [PostHog's Privacy Policy](https://posthog.com/privacy). Essential cookies for service functionality (authentication, session management, security) are required and cannot be disabled.

9. International Data Transfers

Your data is primarily stored in the European Union. If we transfer data outside the EU, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Adequacy Decisions (for countries recognized as providing adequate protection)
• Other lawful transfer mechanisms under GDPR Article 46

We will notify you of any changes to our data transfer practices.

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware and inform relevant supervisory authorities as required by GDPR. We will provide information about the nature of the breach, data potentially affected, likely consequences, measures taken to address the breach, and steps you can take to protect yourself.

11. Children's Privacy

The lifo Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child, we will delete it immediately.

• If you believe we have collected data from a child, please contact us at: [email protected]

12. Automated Decision-Making

We use automated systems to generate discount and donation recommendations based on product expiration dates, historical sales patterns, inventory levels, and store-specific data. Important: These recommendations are advisory only. You retain full control over all business decisions. We do not make automated decisions with legal or significant effects without human oversight.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory updates, or new features or services. We will notify you of material changes via email to your registered address, in-app notification, or notice on our website. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Your Data Protection Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR or your privacy rights.

15. Data Ownership

You own your data. All inventory data, product information, and business insights generated through lifo remain your property. We are merely processors of this data on your behalf. You can export your data at any time in standard formats (CSV, JSON) through your account settings.

16. Contact Us

For questions about this Privacy Policy, to exercise your GDPR rights, or for any privacy concerns:

Email: [email protected]

Response Time: We aim to respond to all privacy inquiries within 2 business days.