Privacy Policy
Effective Date: December 9, 2025 Last Updated: March 24, 2026
1. Introduction
This Privacy Policy describes how Pixel 81 Web Design LLC, d/b/a The iib App ("iib," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the iib mobile application and website located at iibofficial.com (collectively, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein.
2. Information We Collect
A. Information You Provide Directly
Account Information. You may use the Service without creating an account. If you choose to create an account, we collect your email address and a cryptographically hashed password. You may optionally provide a display name.
Preferences. Your saved dietary preferences, ingredient alert settings, and notification preferences.
Communications. Records of correspondence if you contact us for support at support@iibofficial.com, including the content of your messages and any attachments.
B. Information Collected Automatically
Usage Data. Information about how you interact with the Service, including products scanned, features accessed, scan frequency, session duration, and navigation patterns.
Device Information. Device type, manufacturer, operating system and version, unique device identifiers, application version, language and locale settings, and time zone.
Crash and Performance Data. Diagnostic information including crash logs, application performance metrics, stack traces, and error reports used to identify and resolve technical issues.
Network Information. IP address and general geographic location derived from your IP address. We do not collect or process precise GPS coordinates or real-time location data.
Device Fingerprint. We generate and store a persistent device identifier to enforce scan limits, prevent abuse, and detect fraudulent activity such as repeated account creation or cache clearing to circumvent usage restrictions. This identifier is derived from your device's platform-provided ID (iOS identifierForVendor or Android ID) and is stored on our servers alongside your scan usage data.
Anonymous Session Identifier. When you use the Service without creating an account, we automatically generate an anonymous session identifier linked to your device. This identifier is used to track your scan usage, enforce usage limits, store your preferences, and maintain continuity of your experience. This identifier is not linked to any personal information unless you later create an account, at which point it becomes associated with your account data.
C. Information Received from Third-Party Platforms
App Store and Google Play. When you make a purchase or subscribe through Apple or Google, they transmit a transaction identifier to us for the sole purpose of verifying your subscription status. We do not receive or store your payment method, credit card number, billing address, or other financial account information.
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area ("EEA"), United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation ("GDPR"):
Contractual Necessity. Processing your account information, scan data, and preferences is necessary to perform our contract with you and provide the Service (Article 6(1)(b)).
Consent. We process data for optional features, including push notifications and optional analytics, only with your affirmative consent, which you may withdraw at any time (Article 6(1)(a)).
Legitimate Interests. We process usage data and device information to improve the Service, detect and prevent fraud, and ensure security, where such interests are not overridden by your fundamental rights (Article 6(1)(f)).
Legal Obligation. We may process and retain certain data where required by applicable law, regulation, or legal process (Article 6(1)(c)).
4. How We Use Your Information
We use the information we collect for the following purposes:
Service Operation. To operate and maintain the Service, including processing barcode scans, delivering ingredient analysis results, maintaining your account, and synchronizing your preferences across devices.
Subscription Management. To verify your subscription status and manage access to premium features in accordance with Section 6 of the iib Terms of Service.
Service Improvement. To analyze aggregate usage patterns, diagnose technical issues, and develop new features and functionality.
Communications. To send transactional messages including account verification, security alerts, subscription confirmations, and responses to support inquiries. We do not send marketing or promotional emails unless you have explicitly opted in.
Security and Fraud Prevention. To protect the Service from unauthorized access, abuse, and fraudulent activity through automated monitoring and audit logging.
Legal Compliance. To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
5. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party for any purpose, including marketing or advertising.
We share information only with the following categories of service providers, each of which is contractually obligated to process your data solely on our behalf and in accordance with our instructions:
Infrastructure and Hosting. Supabase, Inc. provides database hosting, user authentication, and file storage services. Your account data and scan history are stored on Supabase infrastructure hosted in the United States.
Analytics and Crash Reporting. Google LLC provides Firebase Analytics (anonymous usage analytics) and Firebase Crashlytics (crash reporting and diagnostic data). Analytics data is collected in aggregate and is not linked to your personal identity.
Push Notifications. Google LLC provides Firebase Cloud Messaging to deliver push notifications to users who have opted in to receive them.
Subscription Verification. Qonversion Inc. verifies your subscription status with Apple and Google. Qonversion receives only anonymous transaction identifiers and does not receive or process your payment details, financial information, or personal identity.
Platform Billing. Apple Inc. and Google LLC process all in-app purchases and subscription transactions. Their collection and handling of your payment information is governed by their respective privacy policies, which we encourage you to review.
We may also disclose your information in the following circumstances:
Legal Process. When required by law, regulation, subpoena, court order, or other compulsory legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers. In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your personal information may be transferred to the successor entity. We will provide notice of any such transfer in accordance with applicable law.
Aggregated and De-Identified Data. We may share data that has been aggregated or de-identified such that it cannot reasonably be used to identify any individual. Such data may be shared for research, analytical, or statistical purposes.
6. Data Security
We implement administrative, technical, and physical security measures designed to protect your personal information, including:
Encryption of data in transit using TLS 1.2 or higher
Cryptographic hashing of passwords (passwords are never stored in plaintext)
Row Level Security ("RLS") policies on all database tables, ensuring each user can only access their own data
Role-based access controls for administrative functions
Audit logging of administrative actions
No method of electronic transmission or storage is 100% secure. While we employ commercially reasonable measures to protect your information, we cannot guarantee absolute security and are not liable for unauthorized access resulting from circumstances beyond our reasonable control.
7. Data Retention
We retain your personal information in accordance with the following schedule:
Anonymous Session Data. For users who do not create an account, anonymous session data (including scan usage and preferences) is retained for as long as the anonymous session remains active. If the session is abandoned (for example, by reinstalling the app without creating an account), the associated data may be retained for up to twelve (12) months before automatic deletion.
Account Data. Retained for as long as your account remains active.
Scan History. Retained for twelve (12) months from the date of each scan, after which it is automatically deleted.
Crash and Diagnostic Data. Retained for ninety (90) days from the date of collection.
Aggregated Analytics. Anonymous, aggregated analytics data that cannot identify any individual may be retained indefinitely for service improvement purposes.
Post-Deletion. Upon account deletion, your personal data is permanently purged from our active systems within thirty (30) days. Residual copies in encrypted backups are purged in accordance with our backup rotation schedule, not to exceed ninety (90) days. Data required to be retained by applicable law (for purposes such as fraud prevention or regulatory compliance) will be retained for the legally mandated period and then deleted.
8. Your Rights and Choices
A. All Users
Regardless of your location, you have the right to:
Access the personal data we hold about you by contacting support@iibofficial.com
Correct inaccurate or incomplete personal data
Delete your account and all associated personal data
Export your data in a machine-readable format upon request
Withdraw consent for optional data processing at any time through your app settings
Opt out of push notifications through your device settings
B. Account Deletion
If you have created an account, you may permanently delete it and all associated personal data directly within the app by navigating to Settings, then Account, then Delete Account. Users who have not created an account may uninstall the app to cease data collection. Anonymous session data will be automatically deleted in accordance with our retention schedule.
Before deletion is processed, you will be prompted to cancel any active subscriptions through your device's subscription settings (Settings > Subscriptions on iOS; Google Play Store > Subscriptions on Android). Deleting your iib account does not automatically cancel subscriptions managed by Apple or Google.
Upon confirmation, your account data, scan history, saved preferences, and all personally identifiable information will be permanently deleted within thirty (30) days. Account deletion is irreversible.
C. California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), provides you with the following rights:
Right to Know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we share your information.
Right to Delete. You may request deletion of your personal information, subject to certain exceptions provided by law.
Right to Correct. You may request correction of inaccurate personal information.
Right to Opt Out. You may opt out of the sale or sharing of your personal information. We do not sell or share your personal information as those terms are defined by the CCPA.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
To submit a verifiable consumer request, contact us at support@iibofficial.com. We will verify your identity before processing your request and respond within forty-five (45) days, or ninety (90) days if an extension is necessary and proper notice is provided.
Categories of Personal Information Collected in the Preceding Twelve Months
Identifiers. Email address, device identifiers, and IP address.
Commercial Information. Subscription purchase history.
Internet Activity. App usage data, scan history, and feature interaction.
Geolocation Data. Approximate location derived from IP address.
Inferences. Product category preferences based on scan history.
We have not sold or shared personal information in the preceding twelve months.
D. EEA, United Kingdom, and Swiss Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
Right of Access (Article 15): Obtain confirmation of whether we process your data and request a copy.
Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Article 17): Request deletion of your personal data, subject to applicable legal exceptions.
Right to Restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent (Article 7(3)): Withdraw consent for processing at any time, without affecting the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence.
International Data Transfers. Your data is processed and stored on servers located in the United States. If you access the Service from outside the United States, your information will be transferred to the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses approved by the European Commission as the legal mechanism for such transfers where required.
To exercise your GDPR rights, contact us at legal@iibofficial.com. We will respond within thirty (30) days.
9. Children's Privacy
The Service is not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13), or under the age of sixteen (16) in the European Economic Area.
If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately at support@iibofficial.com. Upon verification, we will take prompt steps to delete such information from our systems.
10. Third-Party Links
The Service may contain links to third-party websites and services, including government regulatory databases and official food safety resources, for reference and verification purposes. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review their privacy policies independently before providing any personal information.
11. Do Not Track Signals
The Service does not currently respond to "Do Not Track" browser signals, as no uniform standard for interpreting such signals has been adopted. We do not track users across third-party websites or services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy within the app and, where practicable, by email to the address associated with your account, at least fourteen (14) days before the changes take effect.
The "Last Updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service following the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint regarding our data practices, please contact us at:
Pixel 81 Web Design LLC, d/b/a The iib App
Email: legal@iibofficial.com
Website: https://iibofficial.com