Privacy Policy

Privacy Policy

Effective date: 27 May 2026 Last updated: 12 June 2026 Version 1.1
Short version: ReBip helps you manage shopping lists and scan product barcodes. We collect only the data strictly necessary to provide the service. We do not sell your data. The app may show clearly-labelled sponsored content and standard ad banners (see Section 8), which never use your shopping data. You can delete everything at any time — including your account — directly from the app.

1 Data Controller

The data controller for the ReBip application is:

For any privacy-related inquiry, request, or complaint, please contact us at info@rebip.app.

2 Data We Collect

Category Data Purpose Legal basis
Account Email address, encrypted password Authentication and account management Contract performance
Shopping lists List names, item names, quantities, units, checked status Core app functionality Contract performance
Scan history Product names, brands, barcodes, purchase dates, images Personalised suggestions and offline access Legitimate interest / consent
Personal products Product details and photos added manually by the user Personal product catalogue Contract performance
Camera Barcode frames (processed on-device, never stored) Barcode scanning Consent (permission prompt)
Product photos for AI (optional) Photos of the product and optional text description you provide for Photo Check (off by default, opt-in in Settings) or Deep Search. Sent securely to our backend for AI analysis and discarded right after — never stored. Verify or identify a product when the barcode is not enough Consent (explicit opt-in / user-initiated)
Technical identifiers Anonymous Firebase UID (assigned automatically) Service continuity before sign-up Legitimate interest
Crash & diagnostics Anonymous crash reports via Firebase Crashlytics Bug fixing and stability Legitimate interest

We do not collect: precise location, contacts, microphone audio, health data, or financial information. The advertising identifier (IDFA) is accessed only if you explicitly allow it through the iOS tracking prompt (see Section 8) — if you decline, ads are served in non-personalised mode.

3 How We Use Your Data

We do not use your shopping data for advertising, profiling for third parties, or automated decision-making with legal effects. Ads shown in the app (see Section 8) are independent of your lists and scan history.

4 Data Retention

When you delete your account from within the app, all your personal data is permanently deleted from our servers within 24 hours.

5 Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited cases:

6 Third-Party Services

Service Provider Purpose Privacy Policy
Firebase Auth / Firestore / Storage / Crashlytics Google LLC Authentication, database, file storage, crash reporting firebase.google.com/support/privacy
OpenFoodFacts / OpenBeautyFacts / OpenProductsFacts Open Food Facts Product lookup by barcode (read-only) openfoodfacts.org/privacy
UPCitemdb UPCitemdb Inc. Product lookup by barcode (read-only) upcitemdb.com/privacy
Barcode Monster / Datakick / Wikidata / USDA Various open-data providers Product lookup by barcode (read-only, no personal data sent) See individual providers
Google Gemini API Google LLC AI analysis for BipAI: product identification from barcode data and — only if you use Photo Check (opt-in) or Deep Search — from the photos/text you provide policies.google.com/privacy
Google AdMob Google LLC Optional ad banners (see Section 8) policies.google.com/privacy

When performing a barcode lookup, only the barcode number is sent to external databases — no personal information is transmitted. If you enable Photo Check or use Deep Search, the photos and text you provide are relayed through our backend to the AI provider for that single analysis and are deleted immediately afterwards. Google Firebase infrastructure is located in the European Union and/or the United States. For transfers outside the EEA, Google relies on Standard Contractual Clauses approved by the European Commission.

7 Product Data, BipAI & Open Data Licensing

Product information in ReBip comes from two sources:

BipAI relies on the following open data sources. We gratefully acknowledge these projects and comply with their licensing terms:

Source Content License
Open Food Facts (incl. Open Beauty Facts, Open Products Facts, Open Pet Food Facts) Product data and photos Data: Open Database License (ODbL) 1.0 · Photos: CC BY-SA 3.0
Wikidata Brand and product metadata CC0 1.0 (public domain)
Wikipedia / Wikimedia Commons Reference images CC BY-SA and per-file licenses
USDA FoodData Central Nutritional data U.S. Government work (public domain)
UPCitemdb Barcode lookup Free API terms of service
Barcode Monster Barcode lookup Free API
Datakick Barcode lookup Open database (see datakick.org)
Open Library Book metadata (ISBN) Open data (see openlibrary.org)
Licensed web-search APIs Supplementary product information and images Commercial API agreements

Data derived from Open Food Facts is available under the Open Database License (ODbL); photos from Open Food Facts are licensed under CC BY-SA 3.0. Within the ReBip app, all product pages link exclusively to rebip.app — this page serves as the complete attribution notice for the sources above.

8 Advertising

ReBip may show two kinds of advertising, both clearly labelled as "Sponsored":

You can change your tracking preference at any time in iOS Settings → Privacy & Security → Tracking. For details on how Google processes ad data, see policies.google.com/technologies/ads.

9 Security

10 Children's Privacy

ReBip is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at info@rebip.app and we will delete it promptly.

11 Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights:

📋 Access

Request a copy of the personal data we hold about you.

✏️ Rectification

Correct inaccurate or incomplete personal data.

🗑 Erasure

Delete your account and all associated data — available directly in the app under Settings → Account → Delete account.

⏸ Restriction

Request that we restrict processing of your data in certain circumstances.

📦 Portability

Receive your data in a structured, machine-readable format.

🚫 Objection

Object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@rebip.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (e.g. the Garante per la protezione dei dati personali in Italy).

12 Account Deletion

You can permanently delete your account and all associated data at any time, directly from the app:

  1. Open the app and tap Settings.
  2. Tap your account name at the top.
  3. Scroll down and tap Delete account.
  4. Enter your password to confirm.

Deletion is immediate and irreversible. All your lists, purchase history, personal products, and account data are permanently removed from our servers. Local data stored on your device is also cleared automatically.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the app or by email. Continued use of ReBip after a policy update constitutes acceptance of the revised policy.

14 Contact Us

Privacy inquiries & data requests
info@rebip.app
We respond within 30 days as required by GDPR.