🍑 Privacy Policy

Last update: May 26, 2026

At Quipi, we take your privacy seriously. This policy explains in plain language what data we collect, why we use it, and your rights. If you have any questions, write to us at quipi@quipiapp.com.

1. Data Controller

The data controller responsible for your personal data is:

Hacker Mate Brand Incorporation Group, S.L. (hereinafter "Quipi" or "we")
Tax ID: B-75626754
Address: P. Sant Joan 9, 17500 Ripoll (Girona), Spain
Girona Commercial Registry: Section 8, Sheet GI-76026, Entry 1, year 2024 (IRUS 1000441199059)
Contact email: quipi@quipiapp.com

The "Quipi" trademark is owned by ARGEVASPEAND, S.L. (Andorran Tax ID L-712670-R), based at Av. Joan Martí 31, AD100 Canillo (Andorra), exclusively licensed to Hacker Mate Brand Incorporation Group, S.L. for its exploitation in the European Union.

2. What data we collect

2.1. Data you provide directly

Email address (when creating your account).
Name (optional, if you choose to add it).
Pantry products: names, expiration dates, prices, stores, allergens, nutritional data.
Product photos: if you use AI analysis (Premium), we process the photos to extract info.

2.2. Technical data

Device type, OS, language, app version.
Anonymous usage data (how often you open the app, which features you use).
Unique device identifier (push notification token).

2.3. Data we do NOT collect

❌ We don't use your GPS location.
❌ We don't access your contacts.
❌ We don't read your photo gallery (only photos you actively upload).
❌ We don't use advertising tracking cookies.

3. Why we use your data

Purpose	Legal basis
Create and maintain your account	Contract performance
Save your products and send expiration alerts	Contract performance
Process your Premium subscription	Contract performance
Improve the app and detect bugs	Legitimate interest
Generate anonymous aggregated stats (future B2B)	Legitimate interest
Comply with legal obligations (tax, accounting)	Legal obligation

4. AI analysis and third parties

When you use automatic photo analysis (Premium feature), your images are sent to OpenAI under a GDPR-compliant data processing agreement. OpenAI processes the image solely to return product analysis to us and does NOT retain your photos after processing.

Barcode lookups are made against Open Food Facts, a public and free database.

5. Do we share your data?

We only share data with these strictly necessary providers:

Supabase Inc. (secure database hosting in the EU)
OpenAI (AI analysis, only if you use Premium)
Google Play / Apple App Store (payment processing)
RevenueCat (subscription validation)
Resend (transactional email delivery)

We NEVER sell your data to third parties for advertising or marketing purposes.

5.1. Anonymous aggregated statistics (future use)

We may generate completely anonymous and irreversible aggregated consumption statistics (for example: "Madrid users throw away 15% more yogurts in summer") to collaborate with manufacturers and reduce food waste. This data never allows identifying you and we apply k-anonymity techniques (minimum 50 users per group).

6. How long do we keep your data?

While your account is active: we keep your data to provide the service.
If you delete your account: we erase everything within 30 days max.
Accounting/tax data: 6 years (Spanish legal obligation).

7. Your rights (GDPR)

As an EU user, you have the following rights:

🔍 Access: know what data we have about you.
✏️ Rectification: correct inaccurate data.
🗑️ Erasure ("right to be forgotten"): delete your account and all data.
⛔ Objection: object to processing.
📦 Portability: export your data in CSV format (available in Settings → Export my data).
🚫 Restriction: restrict how we use your data.

You can exercise your rights at any time:

📱 From the app: Settings → Delete my account or Settings → Export my data
📧 By email: quipi@quipiapp.com

We'll respond within a maximum of 30 days.

8. Security

Your data always travels encrypted (HTTPS) and is stored on servers with AES-256 encryption. We apply Row-Level Security: no one except you can access your data, not even our own technical team.

9. Minors

Quipi is not directed at minors under 14. If we discover that a minor under 14 has created an account, we'll delete it immediately.

10. Changes to this policy

If we update this policy, we'll notify you by email at least 30 days in advance. The current version will always be available on this page.

11. Complaints

If you believe we haven't handled your data correctly, you can complain to:

🇪🇸 Spanish Data Protection Agency: www.aepd.es
🇦🇩 Andorran Data Protection Agency: www.apda.ad

12. Contact

For any privacy question, contact us at:

📧 quipi@quipiapp.com