A
AllergyID

Privacy Policy

Last updated: May 14, 2026

Introduction

AllergyID ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password
  • Allergy Profile Data: Allergen information, severity levels, medical information, emergency contacts
  • Profile Photos: Optional photos you upload for identification purposes
  • Additional Notes: Any custom dietary restrictions or preparation instructions you add

Usage Information

We automatically collect certain information when you use AllergyID:

  • Scan Activity Logs: When and where your QR code is scanned, device type, browser, approximate location (if permitted)
  • Device Information: Device type, operating system, unique device identifiers
  • App Usage: Features used, time spent in app, interaction patterns

Location Information

With your permission, we may collect your device's location to:

  • Log where your allergy card was scanned (for your security and records)
  • Suggest appropriate languages based on your location
  • Show relevant cultural context warnings for local cuisines

How We Use Your Information

We use the information we collect to:

  • Provide Services: Create and maintain allergy cards, enable QR code sharing, process translations
  • Safety & Security: Track scan activity for your safety, prevent unauthorized access
  • Improve Services: Analyze usage patterns, develop new features, fix bugs
  • Communications: Send important updates, security alerts, and promotional messages (you can opt out)
  • Subscription Management: Process payments, manage subscriptions, provide customer support

Information Sharing

Information You Share via QR Codes

When someone scans your QR code, they can view information according to your privacy settings. You control what is shared:

  • Allergen information (always visible - this is the core purpose)
  • Your name and photo (optional)
  • Emergency contact information (optional)
  • Medical information (optional)
  • Additional notes (optional)

You can modify these settings anytime in your profile's privacy settings.

Third-Party Service Providers

We share information with trusted service providers who help us operate AllergyID:

  • Supabase: Database hosting and authentication
  • Anthropic: AI-powered medical translations (Premium feature)
  • RevenueCat: Subscription and payment processing
  • Apple: In-app purchases and Apple Wallet pass generation
  • Vercel: Hosting and content delivery

These providers are contractually obligated to protect your data and use it only for specified purposes.

We DO NOT:

  • Sell your personal information to third parties
  • Share your medical information with advertisers
  • Use your allergy data for any purpose other than providing you services

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict authentication and authorization using Row-Level Security
  • Regular Audits: Security reviews and vulnerability assessments
  • Secure Infrastructure: Hosted on certified, compliant cloud platforms

Your Privacy Rights

You have the right to:

  • Access: View all personal data we have about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your data in a portable format
  • Opt-Out: Disable scan activity logging or location tracking
  • Privacy Settings: Control what information is shown when your QR code is scanned

To exercise these rights, go to Settings → Account → Privacy & Data or contact us at allergyid@allergyid.app

Children's Privacy

AllergyID is designed for users of all ages, including children with allergies. Parents or legal guardians must create and manage accounts for children under 13 (or applicable age in your jurisdiction).

We do not knowingly collect personal information from children without parental consent. If you believe we have collected information from a child without proper consent, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide you services
  • Required by law or for legitimate business purposes

When you delete your account, we permanently delete your personal data within 30 days, except where retention is required by law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Your continued use of AllergyID after changes indicates acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

  • Email: allergyid@allergyid.app
  • Website: https://allergyid.app/privacy

GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority
  • Right to data portability
  • Right to object to processing based on legitimate interests

Our legal basis for processing your data includes: consent, contract performance, legal obligations, and legitimate interests in providing and improving our services.

Terms of ServiceBack to App