Purelyst

Legal

Privacy Policy

Last updated: June 30, 2026

This Privacy Policy explains what information Purelyst collects, how we use it, the legal bases we rely on, and the rights you have. It applies to this website and the Purelyst iOS app.

1. Who We Are (Data Controller)

Purelyst is operated from Denmark, and we are the data controller responsible for your personal data. For any privacy question or request — including our full postal contact details — email privacy@purelyst.app and we will respond. We will add our registered business name and address here before public launch.

2. Information We Collect

Early-access / waitlist: When you join our waitlist, we collect your email address (and which page you signed up from) so we can confirm your subscription and notify you when the app becomes available.

Account information: When you sign up in the app, we collect your name, email address, and authentication credentials.

Dietary profile: Allergens, intolerances, and dietary preferences you add. Health-related data such as allergies may be considered a special category of data under GDPR; we process it only to provide the core service, on the basis of your explicit consent and your request to use the app.

Scan history: Products you scan are stored to power your history and Safe Circle features.

Usage data:Privacy-friendly, aggregated analytics to improve the service (see Cookies & Analytics below).

3. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

  • Consent — for sending you waitlist and marketing emails, and for processing your dietary (health) data. You may withdraw consent at any time.
  • Performance of a contract — to provide the app and its features once you create an account.
  • Legitimate interests — to keep the service secure, prevent abuse, and understand aggregate usage, balanced against your rights.
  • Legal obligation — where we must retain or disclose data to comply with the law.

4. How We Use Your Information

  • Provide and improve the Purelyst service
  • Check scanned products against your dietary profile
  • Power Safe Circles features
  • Notify waitlist subscribers about launch and product updates
  • Send important service-related notifications

We do not sell your personal data to third parties.

5. Cookies & Analytics

We do not use advertising or cross-site tracking cookies. For usage analytics we use Vercel Web Analytics, which is privacy-friendly and does not use cookies or store personal identifiers on your device. Because no non-essential cookies are set, no cookie consent banner is required. If this changes (for example, if we add advertising pixels), we will update this policy and ask for consent first.

6. Sharing & Sub-processors

We share data only with the service providers needed to run Purelyst, each bound by a data-processing agreement:

  • Supabase — database, authentication, and storage (data hosted in the EU, Ireland)
  • Resend — sending transactional and waitlist emails
  • Vercel — website hosting and cookieless analytics
  • Apple — subscription billing via In-App Purchase
  • Open Food Facts — public product data we look up when you scan a barcode

In Safe Circles, only your verdict (safe / caution / not safe) is visible to circle members — never your underlying dietary profile, unless you choose to share it.

7. International Transfers

Your core account and app data is stored in the EU (Ireland). Some providers — such as our email and hosting services — may process limited data outside the European Economic Area, including in the United States. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your data.

8. Data Retention

We keep waitlist emails until you unsubscribe or until they are no longer needed for the launch, whichever comes first. Account and app data is kept while your account is active and deleted within a reasonable period after you delete your account, except where we must retain it to meet a legal obligation.

9. Your Rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your data; to data portability; and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these, use the Settings → Delete Account flow in the app, or email privacy@purelyst.app. Withdrawing consent does not affect processing already carried out.

10. Children

Purelyst is not intended for children under 13, or under the minimum age of digital consent in your country (up to 16 in some EU member states). We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact us and we will delete it.

11. Security

Your data is stored using Supabase infrastructure with industry-standard encryption in transit and at rest. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via the app or email and update the date above.

13. Contact

Questions or requests? Email us at privacy@purelyst.app.

Get early access