Privacy Policy
Effective Date: March 12, 2026
Health Check ("the App") is operated by The New Atlantis Corporation ("we," "us," "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the App. We are committed to transparency and compliance with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy regulations.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name, and password when you create an account.
- Health Assessment Data (Special Category): Dietary preferences, food allergies, health conditions, wellness goals, and household member profiles (ages 13+ only). Under GDPR Article 9, this constitutes special category data requiring explicit consent, which we obtain before collection.
- Community Contributions: Product information you voluntarily submit through the contribution feature.
- Support Communications: Messages you send to our support or privacy team.
1.2 Information Collected Automatically
- Barcode Scan Data: Numeric barcode strings scanned via your device camera. We do not capture, store, or transmit camera images — only the decoded barcode number.
- Scan History: A record of products you have scanned, linked to your account if you are logged in.
- Device Information: Device type, operating system version, app version, and unique device identifiers for crash reporting and performance optimization.
- Expo Push Token: A device-specific token generated by the Expo notification service, used solely to deliver push notifications you have opted into. This token does not contain personal information but is linked to your device.
- Analytics Events (with consent): App usage events such as screens viewed, features used, and scan frequency. Collected only after you grant analytics consent. See Section 3 for details.
- Behavioral Affinity Data: Anonymous scan patterns and category browsing used to generate personalized product recommendations for Pro/Family subscribers.
1.3 Information from Third Parties
- Apple Sign In: If you sign in with Apple, we receive your Apple-provided email (which may be a private relay address) and optionally your name. We do not receive your Apple ID password.
- Product Databases: Ingredient and nutrition data from Open Food Facts, Open Beauty Facts, and Open Pet Food Facts (open-source databases).
1.4 Guest Users
If you use the App without creating an account, we collect no personally identifiable information. Anonymous scan counts and feature usage may be collected in aggregate form for product improvement, but only if you have granted analytics consent.
2. How We Use Your Information
- Core Service: To analyze scanned products, generate health scores, and display ingredient information.
- Personalization: To customize health scores and product recommendations based on your health assessment (Pro/Family subscribers only). Free users receive generic scores without personalization.
- Push Notifications: To send product alerts, assessment reminders, and service updates you have opted into.
- Analytics (with consent): To understand how the App is used and improve its functionality.
- Crash Reporting: To identify and fix technical issues that cause the App to malfunction.
- Subscription Management: To manage your subscription tier, process purchases, and verify entitlements.
- Legal Compliance: To comply with applicable laws and respond to legal requests.
3. Third-Party Services
We use the following third-party services to operate the App:
| Service |
Purpose |
Data Shared |
Privacy Policy |
| PostHog |
Product analytics (with consent) |
Anonymous usage events, user ID (hashed), device type, OS version |
posthog.com/privacy |
| RevenueCat |
Subscription management |
App user ID, purchase receipts, subscription status |
revenuecat.com/privacy |
| Expo (EAS) |
Push notifications, app updates |
Expo push token, device type |
expo.dev/privacy |
| Open Food Facts |
Product ingredient data |
Barcode numbers (no personal data) |
openfoodfacts.org/privacy |
| Apple (Sign In with Apple) |
Authentication |
Identity token (Apple-controlled) |
apple.com/privacy |
| Hostinger |
Server hosting |
All stored data (encrypted at rest and in transit) |
hostinger.com/privacy |
Analytics Consent: PostHog analytics are initialized only after you grant consent. You can opt out at any time via Settings → Analytics in the App. Opting out stops all future event collection immediately. Previously collected events are retained for up to 90 days, then automatically deleted.
4. Health Data — Special Category Processing (GDPR Article 9)
Your health assessment data — including dietary preferences, food allergies, health conditions, and wellness goals — is classified as special category data under GDPR Article 9. We process this data only with your explicit consent, which we obtain through an in-app consent dialog before you submit your health assessment.
- Purpose: Solely to personalize product health scores for your specific dietary needs and health conditions.
- Storage: Encrypted at rest on our secure servers. Never stored in plain text.
- Sharing: Never shared with third parties, advertisers, or data brokers.
- Withdrawal: You may withdraw consent and delete your health assessment data at any time via Settings → Health Profile → Delete Assessment.
5. Information Sharing
We do not sell, rent, or trade your personal information. We do not share your data with advertisers or data brokers. We may share information only in the following circumstances:
- Service Providers: With the third-party services listed in Section 3, strictly for the purposes described.
- Aggregated Data: We may publish anonymized, aggregated statistics (e.g., "X products were scanned this month") that cannot identify individual users.
- Legal Requirements: If required by law, court order, or to protect our legal rights.
- Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
6. Data Storage and Security
- Data is stored on secure servers hosted by Hostinger with SSL/TLS encryption in transit.
- Account passwords are hashed using bcrypt and never stored in plain text.
- Authentication tokens are stored in device Secure Storage (iOS Keychain / Android Keystore).
- Health assessment data is encrypted at rest.
- We implement industry-standard security measures including firewall protection, intrusion detection, and regular security audits.
- No system is completely secure. In the event of a data breach affecting your personal data, we will notify affected users within 72 hours as required by GDPR Article 33.
7. Data Retention
- Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Scan History: Retained while your account is active. Deleted with your account.
- Health Assessment: Retained while your account is active. Can be individually deleted at any time via Settings.
- Analytics Events: Retained for 90 days from collection, then automatically purged.
- Push Tokens: Invalidated immediately upon logout or app uninstall.
- Guest Data: Anonymous aggregate data only; not associated with any identity.
8. Your Rights
8.1 GDPR Rights (EU/EEA Residents)
Under the General Data Protection Regulation, you have the following rights:
- Right of Access (Article 15): Request a copy of all personal data we hold about you.
- Right to Rectification (Article 16): Request correction of inaccurate personal data.
- Right to Erasure (Article 17): Request deletion of your personal data. Available in-app via Account Settings → Delete Account, or by contacting us.
- Right to Data Portability (Article 20): Request your data in a structured, machine-readable format (JSON or CSV).
- Right to Restrict Processing (Article 18): Request that we limit how we use your data.
- Right to Object (Article 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent for analytics or health data processing at any time without affecting the lawfulness of prior processing.
8.2 CCPA Rights (California Residents)
Under the California Consumer Privacy Act (Sections 1798.100–1798.199), California residents have the right to:
- Know what personal information is collected, used, and shared (Section 1798.100).
- Delete personal information held by us (Section 1798.105).
- Opt out of the sale of personal information. We do not sell personal information.
- Non-discrimination for exercising your privacy rights.
8.3 How to Exercise Your Rights
In-App: Account Settings → Delete Account (for deletion), Settings → Analytics (for consent withdrawal), Settings → Health Profile (for assessment deletion).
By Email: Send requests to privacy@newatlantis.store. Include your registered email address for identity verification.
Data Export: To request a copy of your data in JSON or CSV format, email privacy@newatlantis.store with the subject line "Data Export Request." We will fulfill your request within 30 days.
Data Deletion: To request complete deletion of your data, use the in-app Delete Account feature or email privacy@newatlantis.store. All data will be purged within 30 days of a confirmed request.
9. Children's Privacy
Health Check is not directed at children under 13. We do not knowingly collect personal information from children under 13. The App restricts health assessment profiles to users aged 13 and older. If you believe a child under 13 has provided us with personal information, please contact us at privacy@newatlantis.store and we will delete it promptly.
10. International Data Transfers
Your data may be processed in countries outside your own. Our servers are located in the United States and European Union. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification at least 30 days before the changes take effect. The "Effective Date" at the top indicates when the policy was last revised. Continued use of the App after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For privacy inquiries, data requests, or concerns about how your information is handled:
Privacy Contact: privacy@newatlantis.store
General Support: support@newatlantis.store
Website: newatlantis.store
If you are in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.