Privacy

Only the minimum we need to run the app and improve it.

• Your email address. Used to log you in and send you receipts if you subscribe to Premium. That's it.
• Scan history. Your scans live on your device first. If you turn on cloud sync, they're also stored on our servers so you can access them across devices. Cloud sync is opt-in, not opt-out.
• Product queries. When you scan a product, we look it up in our database. We log which products were queried (to improve our dataset) but not who queried them — queries are not linked to your account.
• Anonymous analytics. We use Plausible Analytics — a privacy-first tool that counts page views and app sessions with no personal identifiers, no cross-site tracking, and no cookies. You're a number, not a profile.
• Crash reports. If the app crashes, Sentry captures the stack trace. We've configured Sentry to scrub any user-identifiable fields before the report leaves your device.

The camera is yours. We want to be explicit about this because it matters.

• Raw camera frames. When you scan, OCR runs on your device. No image is sent to our servers. Not even a thumbnail. The pixels stay local — always.
• Cloud vision processing. We offer an optional higher-accuracy scan mode that sends a frame to our cloud vision pipeline. This is opt-in, clearly labelled in the app, and the frame is deleted immediately after processing — not stored, not used for training.
• Cross-site tracking. We do not embed tracking pixels on third-party sites. We do not follow you around the web.
• Advertising identifiers. We do not read your IDFA (iOS) or GAID (Android). Plassic has no advertising business. We never will.
• Location. We don't ask for, request, or store your location. Microplastics are everywhere — we don't need to know where you are.

All Plassic user data is stored on Plassic-owned infrastructure. It is not co-mingled with any other product or service.

• Primary region: AWS ap-southeast-2 (Sydney, Australia).
• Database: PostgreSQL, managed and isolated to Plassic's own database cluster.
• Backups: Encrypted at rest using AES-256. Retained for 30 days, then automatically purged.
• Transport: TLS 1.3 in transit. No exceptions.

Your data is yours. Here's the short list of who else can see it.

• You. Always. Export your data any time from Settings → Privacy → Export my data.
• Our small team. Engineers and support staff with least-privilege access. Access is logged and reviewed quarterly.
• Infrastructure sub-processors. AWS (hosting), Plausible (anonymous analytics), Sentry (crash reports, scrubbed). All bound by data processing agreements.

We do not sell your data. Not now, not in a future pricing model, not "to trusted partners." Your scan history is not a revenue stream — you are not the product. The app subscription is the product.

Recommendations are not affiliate-driven. When Plassic recommends a lower-risk alternative, that recommendation is based on score data only. We do not take money from brands for placement. Our only income is subscriptions.

You have control. These actions are available in-app under Settings → Privacy.

• Export your data. Download a JSON file of your account details and full scan history.
• Delete your account. Immediate and complete. See Data retention below.
• Opt out of cloud sync. Keep your scan history on-device only. No server copy.
• Opt out of analytics. Turn off Plausible event collection entirely. The app still works; we just lose the aggregate counts that help us prioritise improvements.
• Opt out of cloud vision. The higher-accuracy scan mode is off by default. If you've enabled it, you can disable it at any time and no further frames will be sent.

If your rights under applicable law go further than what Settings offers, email privacy@plassic.com and we'll respond within 30 days.

• Scan history: Kept until you delete individual scans or delete your account.
• Account deletion: Immediate and complete. When you delete your account, all personal data — email, sync'd scans, preferences — is purged within 24 hours. Backups containing your data roll off within 30 days.
• Crash reports: Retained in Sentry for 90 days, then automatically deleted.
• Anonymous analytics: Aggregated and non-reversible. No deletion possible or necessary because there's nothing identifying to delete.
• Product query logs: Retained for 12 months to improve our dataset, then purged. These are not linked to your account.

Plassic's primary infrastructure is in Australia (ap-southeast-2). If you're outside Australia, here's what applies to you.

• European Union / UK (GDPR / UK GDPR): We process your data under the lawful basis of contract performance. Transfers to Australia rely on adequacy mechanisms or Standard Contractual Clauses where required. You have all rights under GDPR — see Your rights above.
• United States (CCPA / state privacy laws): We don't sell personal information. We don't share it for cross-context behavioural advertising. California residents can request disclosure, deletion, or correction via privacy@plassic.com.
• Canada (PIPEDA): We collect, use, and disclose personal information only with your consent or as permitted by law. You can withdraw consent at any time by deleting your account.

If you're somewhere else and have a question about applicable law, email us. We'll give you a straight answer.

Privacy questions, data requests, and concerns go to:

If you believe we've handled your data unlawfully, you have the right to lodge a complaint with your relevant supervisory authority — in Australia, the Office of the Australian Information Commissioner (OAIC); in the EU, your local data protection authority; in the UK, the ICO.