Privacy Policy

Last updated: 2026-05-01

This Privacy Policy explains how MOBILAPP Solutions d.o.o. ("we", "us", "our") handles personal data when you use the Allerwise mobile application (the "App") and the website at allerwise.app (the "Site"). We are committed to a privacy-first design: most of what Allerwise does runs locally on your device.

1. Who we are

MOBILAPP Solutions d.o.o.
Kralja Krešimira 53, 34000 Požega, Croatia
Email: dinko.mobilapp@gmail.com
Phone: +385 34 281 697
Director: Dinko Marinac
Operating since 24 October 2022.

For data protection purposes, we are the data controller for personal data processed in connection with the App and the Site.

2. Data we process

Allerwise is built so that the things you most care about — your allergens, profiles, scan history, favorites — never leave your device.

2.1. Stored only on your device

• Profiles you create (name, list of allergens, severity).
• Scan history (barcode, product name, time of scan, matched allergens).
• Favorites.
• App settings (language preference, premium status flag).

This data lives in a local database on your phone. We do not have access to it. If you delete the App, this data is removed with it.

2.2. Processed by third parties on our behalf

• Open Food Facts — when you scan a barcode, the App requests the corresponding product record from the public Open Food Facts API (world.openfoodfacts.org). The request includes the barcode and standard request metadata (IP address, user-agent). We do not send your profile, allergens, or any identifier we control. Open Food Facts is operated by a French non-profit and acts as an independent controller for the requests it receives.
• RevenueCat — if you purchase the optional Pro subscription, RevenueCat (RevenueCat, Inc., USA) handles entitlement and receipt validation. RevenueCat assigns an anonymous user ID, which we use to determine whether your subscription is active. RevenueCat additionally processes the purchase token / receipt the App Store or Google Play returns. See the RevenueCat Privacy Policy.
• Apple App Store / Google Play — if you make a purchase, the relevant store processes your payment, identity, and tax information directly. We never see your payment details. See Apple's Privacy Policy and Google's Privacy Policy.

2.3. Site data

This Site is statically served by Cloudflare Pages. Cloudflare may process technical request data (IP address, user-agent, requested URL) for the purpose of delivering content and protecting against abuse. We do not run analytics or advertising trackers. We do not set marketing cookies.

3. Why we process this data (legal bases)

• To deliver the App's core function — scanning a barcode and matching it against your local profile (Art. 6(1)(b) GDPR — performance of a contract you initiate by using the App).
• To deliver and bill the optional Pro subscription (Art. 6(1)(b) GDPR).
• To meet our tax, accounting, and consumer-protection obligations (Art. 6(1)(c) GDPR).
• To prevent abuse and keep the Site online (Art. 6(1)(f) GDPR — legitimate interests).

4. Data we do not collect

• We do not require an account.
• We do not run analytics, A/B testing, or advertising SDKs in the App at the time of writing. If we add any in future, we will update this policy and seek your consent where required.
• We do not sell personal data to anyone.

5. International transfers

RevenueCat is based in the United States. Where we transfer personal data outside the EEA, we rely on Standard Contractual Clauses (Art. 46 GDPR) or equivalent safeguards.

6. Retention

Local data on your device is retained until you clear scan history, delete a profile, or uninstall the App. Subscription records held by RevenueCat and the stores are retained according to their own retention policies and applicable tax law.

7. Your rights

Under GDPR and the Croatian Act on the Implementation of the GDPR, you have the right to: access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of past processing.

Because the data we directly process is limited (essentially: an anonymous RevenueCat user ID tied to your purchase, if any), most rights are exercised through the App itself (deleting profiles, clearing history, uninstalling). For requests that fall on us, contact dinko.mobilapp@gmail.com.

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka — AZOP, azop.hr) or your local supervisory authority.

8. Children

Allerwise is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly process data from children.

9. Security

App data is stored on your device and is protected by the operating system's standard sandboxing. Network requests use HTTPS. We take reasonable technical and organizational measures to protect data we directly process.

10. Changes to this policy

We will update this page if our practices change. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be communicated in-app or via the Site.

11. Contact

If you have any question about this policy, write to dinko.mobilapp@gmail.com.