Privacy Policy

Privacy Policy & Disclaimer
Effective date: November 6, 2025 • Last updated: November 14, 2025

Plain‑English Summary:
AllergySpeak processes sensitive health data (your allergies, medical conditions, and emergency information) only to power translations, local‑language allergy cards, and AI-powered photo ingredient analysis. 

All data is stored locally on your device—we do not upload or sync to the cloud.

Camera access is optional and used only for photo ingredient analysis. Photos and ingredient text are sent to OpenAI (GPT-4o Vision API) for analysis, then results are returned and cached. Voice playback uses your device's built-in text-to-speech (no recording). No location tracking is used.

We do not sell your personal information. We share only allergen names and ingredient photos with OpenAI for translations and ingredient analysis—no personal medical details or identifying information are shared.

Your allergy profiles, medical info, and trip data stay on your device. Clearing browser data or uninstalling the app permanently deletes everything.

⚠️ Translations and AI ingredient analysis can be wrong or outdated—always verify with restaurant staff, read product labels carefully, and carry your medication. AllergySpeak is not a medical device.

1) Who We Are
MacroPath Corp DBA AllergySpeak ("we," "us," "our") operates AllergySpeak (the "Service").
Address: 8 THE GRN STE R, Dover, DE 19901, United States
Contact: info@allergyspeak.com
2) What We Collect
2.1 Data you provide

• Allergy profile (special‑category data): allergens (e.g., peanut, tree nut, shellfish), severity levels, emergency instructions, medications (e.g., epinephrine). Stored locally on your device only. (Collected and used only with explicit consent.)
  
• Allergy card content: your statements and their local‑language versions you save/edit. Stored locally on your device.
  
• Medical information: medical conditions, medications, emergency contacts you choose to add. Stored locally on your device.
  
• Trip profiles: destination, travel dates, family member profiles you create. Stored locally on your device.
  
• Photos for ingredient analysis: photos of ingredient lists, nutrition labels, or menus you submit for AI analysis. Photos are sent to OpenAI for processing but are not stored by us or OpenAI beyond short-term processing (ephemeral).
  
• Support/feedback: messages and metadata you send us.
  
• Payments: Currently, AllergySpeak is 29.99 USD to use. Payments will be processed by Apple App Store or Google Play Store; we would receive only limited billing metadata (no full card numbers).

2.2 Data collected automatically

• Device & app data: device model, OS/app version, performance metrics, crash logs (minimal, stored locally).
  
• Usage analytics: Basic feature usage (e.g., "photo analyzed," "card generated") for improving the app. No personally identifiable information is collected.
  

2.3 From features you enable (permissions)

• Camera: Optional. Used only for Photo Ingredient Analyzer to capture images of ingredient lists, nutrition labels, or menus. Photos are sent to OpenAI (GPT-4o Vision API) for analysis and are not stored by us.
  
• Microphone/speech: Optional. Used for voice playback of emergency phrases and translations using your device's Web Speech API. No audio is recorded or transmitted.

4) Sensitive Health Data Safeguards

• Data minimization, role‑based access, and encryption in transit for data sent to third parties (OpenAI). Allergy profiles and medical data are stored locally on your device only.
  
• We do not use allergy data for targeted advertising and do not combine it with advertising IDs.
  
• Consent is granular where feasible (e.g., use photo ingredient analysis without creating an allergy profile).
  

5) Our Service Providers (What We Send and Why)
AllergySpeak uses the following third‑party services to provide core features. We share only the minimum data needed, and only for the feature you invoke.

OpenAI (translations and photo ingredient analysis)
We send the text of your allergy statements/phrases (and language context) to generate local‑language translations. We also send photos of ingredient lists/labels/menus and your selected allergens to OpenAI's GPT-4o Vision API for ingredient analysis. OpenAI states that API data is not used to train models unless you explicitly opt‑in; by default, API inputs/outputs may be retained up to ~30 days for abuse monitoring (provider‑specific/endpoint‑specific). We configure the API accordingly. Photos are processed ephemerally and results are cached on our servers for 24 hours to reduce costs.

Replit (hosting)
Our web services are hosted on Replit infrastructure. Replit reports SOC 2 Type II attestation and notes that services are primarily hosted in the United States and may also be hosted in other locations (e.g., India); we configure US hosting for AllergySpeak.

Your allergen selections and ingredient photos are shared only with OpenAI as needed to provide translations and safety analysis. We do not sell your data.

6) How Photo Ingredient Analysis Works (and Its Limits)

• When you use the Photo Ingredient Analyzer, you capture a photo of an ingredient list, nutrition label, or menu with your device camera.
  
• The photo and your selected allergens are sent to OpenAI's GPT-4o Vision API, which uses AI/machine learning to read and analyze the text in any language.
  
• The AI identifies ingredients, checks for your allergens, and returns a safety assessment (Safe/Warning/Danger) in your selected native language.
  
• Results are cached on our servers for 24 hours to reduce costs and improve performance for duplicate queries.
  
• Photos themselves are not stored by us or OpenAI beyond ephemeral processing (typically seconds to minutes).
  

⚠️ Important limitations: AI can misread text, especially handwritten or low-quality images; ingredients/suppliers change; regional labeling rules differ; cross‑contamination is often undisclosed; translations may contain errors. Always read the current label yourself and confirm with restaurant staff. This tool is for assistance only, not a guarantee of safety.

7) Sharing Your Information (No Sale)
We do not sell your personal information. We share it only with:

• Processors/service providers described above, under contracts that require confidentiality, security, and purpose limitation;
  
• Other users/public if you intentionally post reviews/photos (your display name and content may be visible);
  
• Legal/safety recipients to comply with law, enforce terms, or protect rights/safety;
  
• Business transfers (e.g., merger/acquisition); we'll ensure equivalent protection or require deletion.

8) International Data Transfers
If data is transferred outside your region (e.g., EEA/UK to the U.S.), we use approved safeguards such as Standard Contractual Clauses (SCCs) and, where required, the UK IDTA/Addendum, plus transfer risk assessments. (Note: Replit indicates services are primarily hosted in the U.S. and may also be hosted in India.)

9) Retention
We keep data only as long as needed for each purpose, then delete or de‑identify it.

• Allergy profile & trip data: stored locally on your device only. Persists until you clear browser data, uninstall the app, or manually delete. We do not store this data on our servers.
  
• Photo ingredient analysis: photos processed ephemerally (not stored); analysis results cached on our servers for 24 hours then automatically deleted.
  
• Offline data downloads: stored locally on your device for 30 days, then you're prompted to refresh.
  
• Provider‑side: OpenAI API may retain inputs/outputs for up to ~30 days for abuse monitoring (endpoint‑specific); Replit maintains service logs per their policies.
  
• Support tickets: 2 years (if you contact us).

10) Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict or object, withdraw consent, and data portability.

U.S. state privacy laws (e.g., California) may add rights to know/access, correct, delete, opt‑out of sale/share/targeted advertising, and appeal. Use Settings → Privacy or contact info@allergyspeak.com. We may verify your identity and will respond within required timeframes.
California disclosures (CPRA):

• We do / do not "sell" or "share" personal information for cross‑context behavioral advertising. (Choose one; if "do," provide a "Do Not Sell or Share" toggle in‑app.)
  
• We honor device‑level ad‑limit settings (IDFA/AAID). Authorized agents may submit requests with proof.
  

11) Children's Privacy
AllergySpeak is not directed to children under 13 in the US / 16 in the EEA. We do not knowingly collect personal data from children without appropriate consent. If you believe a child has provided data, contact us for deletion.

12) Security
We use administrative, technical, and physical safeguards, including encryption, access controls, and regular security reviews. Replit reports SOC 2 Type II attestation for its platform. No method is 100% secure; we will notify users and/or regulators of a breach as required by law.

13) SDKs, Cookies & Telemetry
Our app and site may use first‑party storage and third‑party SDKs for analytics, crash reporting, and performance. Manage preferences in Settings → Privacy and via device/browser privacy controls.

14) Automated Processing, OCR & Translation Specifics
Text/images you submit for OCR/translation may be sent to OpenAI to return results. OpenAI's API does not use your data to train models unless you opt in; API data may be retained for up to ~30 days for abuse monitoring (endpoint‑specific). We configure the API accordingly.

⚠️ Machine translations/OCR can be inaccurate. Always verify with staff and labels.

15) Third‑Party Links
Links to restaurants, retailers, or resources are governed by their own terms and privacy policies (e.g., Google/Maps content attribution where displayed).

16) Changes to This Policy
We'll post updates here and change the "Last updated" date. For material changes, we'll notify you in‑app or by email.

17) Contact
Privacy questions and requests: info@allergyspeak.com
Security reports: security@allergyspeak.com
Mailing address: 8 THE GRN STE R, Dover, DE 19901, United States
Medical & Travel Safety Disclaimer
AllergySpeak helps you communicate allergies to restaurant staff, generate a local‑language allergy card, analyze ingredient photos with AI for potential allergens, and translate common medical phrases. 

However:
⚠️ No medical advice; no clinician relationship
AllergySpeak provides general information and communication support only. It does not provide medical advice, diagnosis, or treatment, and does not create a doctor‑patient relationship. Consult a qualified clinician about your specific condition.

🚨 Not for emergencies
AllergySpeak is not an emergency service. In a medical emergency, call local numbers immediately (e.g., 112, 911, 999) or seek in‑person care. Always carry your prescribed medications (e.g., epinephrine auto‑injector).
Translations and cards can be wrong or misunderstood

• Machine translations may contain errors, vary by dialect/region, or miss nuance important for safety.
• Staff may misread or be unable to read your device/card. Show your card and confirm verbally whenever possible.
  

Photo ingredient analysis limitations

• AI can misread text, especially handwritten notes, blurry images, or non-standard fonts; ingredients and suppliers change; regional labeling rules differ; cross‑contamination is often undisclosed.
  
• The AI provides analysis in your selected language, but translations may contain errors or miss nuances important for safety.
  
• Always read the complete label yourself, verify ingredients with staff, and use this tool as a supplementary aid only.
  

Restaurant and kitchen practices change
Recipes, suppliers, and prep areas change frequently; cross‑contact can occur even when an allergen is not an ingredient.

Individual risk varies

Severity depends on personal factors and context. AllergySpeak cannot assess co‑factors (exercise, alcohol, illness). Follow your clinician's personal emergency action plan.

Airlines/transport
Special meals, buffer zones, and cleaning are not guarantees of an allergen‑free environment. Confirm policies directly with operators before travel.

No warranties; limitation of liability
The Service is provided "as is" and "as available." We make no warranties of accuracy, completeness, or suitability. To the maximum extent permitted by law, MacroPath Corp DBA AllergySpeak and its officers, employees, and partners are not liable for indirect, incidental, special, consequential, or punitive damages, or for loss of data, personal injury, or death arising from or related to your use of or reliance on the Service. This clause does not limit liability that cannot be limited by law.

Indemnity
You agree to indemnify and hold harmless MacroPath Corp DBA AllergySpeak from claims arising out of misuse of the Service or violation of this disclaimer.

Governing law & venue
These terms are governed by the laws of the State of Delaware, United States, and disputes will be resolved in the courts of Delaware (unless mandatory law provides otherwise).
                ✓ Safety Reminders (Keep These in Mind)

• ✓ Carry your epinephrine and medications at all times.
  
• ✓ Confirm twice: show your allergy card and ask staff to read back your allergens in the local language.
  
• ✓ Ask about cross‑contact (shared oil, grills, utensils).
  
• ✓ Read the label every time; formulations change.
  
• ✓ When in doubt, do not consume.
  

© 2025 MacroPath Corp DBA AllergySpeak. All rights reserved.