Proco · Privacy Policy

How we handle your data

Effective 29 May 2026 · Last updated 29 May 2026

This policy explains what data Proco collects when you use Proco Scanner and procohq.com, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It is written in plain language. If anything is unclear, email privacy@procohq.com.

Who runs Proco. Proco Technologies Limited is an Irish company (No. 670796) registered in Ireland. We are the data controller for the information described below.

1. What we collect

We collect only the data we need to make Proco Scanner work and improve.

Account information

• Email address — required for account creation, login, and transactional emails (welcome, receipts, scan results if you opt in).
• Display name — optional, shown only to you in-app.
• Authentication tokens — managed by our infrastructure provider (Supabase) for sign-in.

Health context (collected during onboarding, used to personalise analysis)

• Primary health goal — e.g. better sleep, more energy, cognitive performance, longevity, athletic recovery. You pick from a list.
• Demographic data — biological sex and age band. We use these to weight the relevance of ingredient research findings (some research is sex- or age-specific).

We do not collect specific medical conditions, diagnoses, medications, or any data that constitutes "special category" health data under GDPR Article 9.

Scan data

• Supplement label photos — captured when you scan a label. Photos are uploaded to encrypted Storage and used to extract the ingredient list via our vision model.
• Extracted ingredient text — the structured ingredient list from your label.
• Analysis output — the per-ingredient verdict (effective / mixed evidence / ineffective / risky), evidence summaries, and the overall scan score.
• Optional barcode scans — if you scan a barcode instead of a label, we query the public Open Food Facts database to look up the product.

Usage data

• Scan history — timestamps, scan counts, score trends — visible only to you, used to render your in-app history.
• Anonymous diagnostics — crash reports and aggregated usage events via Sentry and Mixpanel. These are not linked to your real identity.

We do not collect: precise location, contacts, photos beyond the ones you actively scan, microphone or call data, browsing history, advertising identifiers, or any data that would allow building a profile about you outside the app.

2. Why we collect it (legal bases)

What	Why	GDPR basis
Account information	To create and operate your account	Performance of contract (Article 6(1)(b))
Health goal + demographics	To personalise the relevance weighting of ingredient analysis	Performance of contract (Article 6(1)(b))
Scan photos + ingredients	To run the analysis you requested	Performance of contract (Article 6(1)(b))
Transactional emails (welcome, receipts)	To confirm actions you took	Performance of contract (Article 6(1)(b))
Marketing emails (newsletter, nurture)	To share content and product updates	Consent (Article 6(1)(a)) — opt-in at signup, opt-out via unsubscribe link in every email
Crash reports + product analytics	To fix bugs and understand product usage	Legitimate interest (Article 6(1)(f)) — data is anonymous and you can object

3. Who we share it with

We do not sell your data. We share it only with the service providers ("subprocessors") we need to operate Proco Scanner. Each is bound by a data processing agreement.

Subprocessor	What they do	Where they process data
Supabase	Account database, authentication, scan photo storage	EU (eu-central-1)
Anthropic	Ingredient text extraction (vision model) and analysis (language model)	United States
RevenueCat	In-app subscription management, receipt validation	United States
Resend	Transactional and marketing email delivery	United States (data in transit; sender domain is procohq.com)
Sentry	Crash and error reporting (anonymous)	United States or EU depending on plan tier
Mixpanel	Aggregated product analytics (anonymous)	United States or EU depending on plan tier
Open Food Facts	Public barcode-to-product lookup (we send the barcode, get back the product name and ingredients list)	EU

We may disclose data when required by law (court order, valid government request) or to protect rights, safety, or property. If that happens we will tell you unless legally prohibited.

4. How long we keep it

• Scan label photos: automatically deleted 30 days after upload. The extracted ingredient text and analysis output are retained as part of your scan history.
• Scan history (ingredient text + analysis output): retained for the lifetime of your account so you can revisit past scans.
• Account data (email, display name, goal, demographics): retained for the lifetime of your account.
• Ingredient cache (anonymous, not linked to you): retained indefinitely so we do not re-analyse the same ingredients for every user. This reduces our API costs and your wait time.
• Email subscription: retained until you unsubscribe or delete your account.
• Account deletion: when you delete your account in-app (Settings → Delete Account), we erase your account, scan history, and remaining photos within 30 days. Backups containing your data are overwritten on a rolling 90-day basis.
• Crash and analytics data: retained for 12 months in aggregated form.

5. International transfers

Some of our subprocessors (Anthropic, RevenueCat, Resend, Sentry, Mixpanel) process data outside the European Economic Area, primarily in the United States. We rely on the European Commission's adequacy decisions where they exist (e.g. the EU-US Data Privacy Framework, where the provider is enrolled) and on Standard Contractual Clauses where they do not. We assess each transfer for risk and apply supplementary safeguards where required.

6. Your rights

Under GDPR you have the following rights. To exercise any of them, email privacy@procohq.com. We respond within 30 days; complex requests may take up to 90 days. There is no charge for exercising your rights.

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct anything inaccurate.
• Erasure — ask us to delete your data ("the right to be forgotten"). The fastest way is the in-app Delete Account flow.
• Restriction — ask us to stop processing your data while a dispute is resolved.
• Portability — ask us for your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests (e.g. analytics).
• Withdraw consent — for processing based on consent (e.g. marketing emails), at any time.
• Complain — lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

7. Children

Proco Scanner is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a child has created an account, email privacy@procohq.com and we will delete it.

8. Security

We encrypt data in transit (TLS) and at rest. Authentication uses industry-standard secure tokens. Scan photos are stored in a private, user-scoped bucket so users cannot access each other's photos. Access to production systems is limited to the founding team and is logged. We follow the principle of least privilege.

No security is absolute. If we discover a breach affecting your personal data, we will notify you and the Data Protection Commission within 72 hours as required by GDPR Article 33.

9. Changes to this policy

If we change this policy in a material way (e.g. new subprocessor, new data category, new purpose), we will email you and update the "Last updated" date at the top of this page. Past versions are kept in our records.

10. Contact

For any privacy question, complaint, or rights request:

• Email: privacy@procohq.com
• Postal: Proco Technologies Limited, Ireland (full registered address available on request)

If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, Ireland — dataprotection.ie.