GlyScan.AI Privacy Policy

Effective date: 6 June 2026
Last updated: 6 June 2026

GlyScan.AI is operated by Voyager One Labs UK Ltd ("we", "us", or "our"). This Privacy Policy explains what information is stored locally on your device, what information is processed when you use scan features, and how third-party providers help operate the app.

Contact: support@voyager-one-labs.com

Important Medical Disclaimer

GlyScan.AI provides general nutritional information and AI-estimated glycemic impact for educational purposes only. It is not medical advice, not a medical device, and not a substitute for professional healthcare, dietetic, or nutrition advice.

Do not use GlyScan.AI to diagnose, treat, manage, or prevent diabetes or any other medical condition, to dose insulin or medication, or to make emergency or treatment decisions. Always consult a qualified healthcare professional or registered dietitian for personal health decisions, medical conditions, allergies, medication decisions, pregnancy, eating disorders, or dietary changes.

Do not disregard professional medical advice or delay seeking medical advice because of anything shown in GlyScan.AI, on the GlyScan.AI website, or in related communications.

Information Stored Locally

GlyScan.AI does not require an account or login. The app may store the following data locally on your device:

scan history and timestamps;
compressed saved scan images or thumbnails;
food names, product names, verdict categories, estimate quality, reasoning, smart swaps, macro estimates, and notes;
favorites, safe-food lists, and user-selected goals or preferences;
device language/locale, local membership display state, and local scan counters;
an anonymous install identifier used for service operation and fair-use enforcement.

Saved history is local-first and is not account-synced. Local app data is stored within Apple's iOS application sandbox and benefits from Apple's built-in device security protections, including file-system encryption where supported by the user's device configuration. If you delete the app, clear local data, replace your device, or do not restore from a device backup, local history may be lost.

Camera And Photo Permissions

The app uses camera or photo-library access only when you choose to scan or select an image. Permission prompts are controlled by iOS. GlyScan.AI does not access your full photo library unless you grant the relevant iOS permission.

Information Sent For Food Photo Analysis

When you choose to scan a food, drink, meal, or product photo, the app sends the captured image, anonymous install identifier, language/locale, app version, and request metadata through the GlyScan.AI backend. The backend may send the image and prompt to Google AI services for educational image analysis.

GlyScan.AI does not intentionally store original food photos on its servers after processing. Images may pass through temporary processing, security, or provider systems needed to return results, and Google may process AI requests according to its own terms, privacy policies, retention settings, and security practices. Saved scan images are stored locally on your device if you save them to History.

Information Sent For Barcode Lookup

When you scan a packaged-food barcode, the app sends the barcode value, anonymous install identifier, language/locale, app version, and request metadata through the GlyScan.AI backend. The backend may query Open Food Facts for product names, brands, ingredients, categories, and nutrition data.

The backend may cache limited product lookup information to improve reliability, reduce repeated external requests, and control costs.

Purchases And Entitlements

Paid plans are processed by Apple. A purchase-entitlement service provider is used to help validate purchase status, entitlement state, renewal state, and anonymous app purchase identifiers. Purchase status may be restored separately from local scan history.

Support Messages

If you contact us for support, we may receive your email address and any information you choose to include in your message. Please do not include medical records, payment card details, passwords, or other sensitive personal information in support emails.

Privacy-Safe Analytics And Abuse Prevention

GlyScan.AI may record privacy-safe events to monitor reliability and prevent abuse, such as app opened, scan started, scan completed, scan failed reason code, paywall viewed, purchase flow status, restore purchase, export history, and delete history.

These events are designed not to include food photos, barcode values, product names, food names, full verdict text, or saved History content.

Educational Outputs And Automated Processing

GlyScan.AI uses automated AI and rules-based processing to return educational estimates and suggestions. These outputs do not make legal, financial, employment, insurance, medical, or similarly significant decisions about you.

Website Visitors

If you visit the GlyScan.AI website, our hosting or security providers may process basic technical information such as IP address, browser type, requested pages, timestamps, and security logs to deliver the website, prevent abuse, and maintain reliability. The current static website does not intentionally use advertising cookies or third-party marketing trackers.

Third-Party Providers

Backend infrastructure provider: service routing, fair-use enforcement, security records, and reliability monitoring.
Google AI services: educational image analysis for food, drink, meal, and product-photo scans.
Open Food Facts: grocery barcode product lookup and product database information.
Apple and purchase-entitlement service providers: in-app purchase, subscription, and entitlement handling.
Website hosting and security providers: website delivery, basic request logs, and abuse prevention.

These providers process data according to their own terms and privacy policies.

Information We Do Not Collect

GlyScan.AI does not require your name, email address, phone number, postal address, contacts, location, microphone data, HealthKit data, CGM data, medical records, advertising identifier, or payment card details.

Do not scan sensitive personal documents, private photos, faces, medical records, payment cards, or other content you do not want processed by AI service providers.

GlyScan.AI does not use scan content for third-party advertising, ad targeting, or sale to data brokers.

GlyScan.AI does not use your scan content to train its own AI models and does not authorize AI service providers to use your scan content for model training where provider settings or agreements give us that control.

Legal Basis For UK GDPR

Where UK GDPR applies, we process scan requests, barcode lookups, purchase validation, and optional settings primarily to perform the service you request. We process operational, security, reliability, and privacy-safe analytics data based on legitimate interests in operating a secure and reliable app. We process support messages based on legitimate interests and legal obligations where applicable.

International Transfers

Providers used by GlyScan.AI may process data in the United Kingdom, European Economic Area, United States, or other countries. Where required, we rely on appropriate safeguards such as data processing agreements, adequacy decisions, standard contractual clauses, or equivalent provider safeguards.

Data Export And Deletion

You can export structured scan history as CSV or delete local app data from the Profile screen. Deleting local data removes saved scan history, local images, verdicts, favorites, goals, and preferences from that device.

Deleting local data does not automatically delete Apple purchase records, purchase-entitlement records, or operational and security records needed to operate the service, enforce limits, validate purchases, and support restore purchase.

Retention

Local history remains on your device until you delete it, delete the app, clear app data, or replace/restore your device without preserving app data.
Operational, entitlement, security, and analytics records are retained only as long as reasonably needed to operate the service, diagnose issues, prevent misuse, comply with legal obligations, and manage costs.
Barcode cache data may be retained to improve reliability and reduce repeated external requests.
Purchase and subscription records are handled by Apple and purchase-entitlement service providers under their own retention policies.

Your Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal data. Much of your scan history is stored only on your device and can be exported or deleted directly in the app.

For privacy requests, contact support@voyager-one-labs.com. UK users may also contact the Information Commissioner's Office: https://ico.org.uk/make-a-complaint/.

Children

GlyScan.AI is not directed to children under 13. If you believe a child has provided personal information, contact us.

Security

The app uses HTTPS for network requests. Server-side API keys and backend administrative keys are not stored in the iOS app. Local scan data is stored within Apple's iOS application sandbox and benefits from Apple's built-in device security protections, including file-system encryption where supported by the user's device configuration.

Changes

We may update this Privacy Policy as GlyScan.AI changes. The latest version will be available from the app, website, or App Store listing.