← Back to PrepCheck
Privacy Policy
Last Updated: February 7, 2025
This Privacy Policy describes how PrepCheck ("we", "us", "our") collects, uses, and protects your personal information when you use our meal planning and inventory tracking application.
Your Privacy Matters: We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and applicable Norwegian data protection laws.
1. Controller Information
Data Controller: Kristoffer Tosbakken
Contact Email: info@prepcheck.no
Service: PrepCheck - Meal Planning & Inventory Management Application
2. Information We Collect
2.1 Account Information
- Email Address: Required for account creation, authentication, and essential service communications
- Password: Encrypted and stored securely (we never have access to your plaintext password)
2.2 Application Data
When you use PrepCheck, we store the following data you create:
- Meal Plans: Your planned meals, recipes, and meal schedules
- Inventory Data: Products you track, including names, quantities, categories, and custom notes
- Product Information: Barcode scans and associated product details from external databases
- Usage Logs: Meal completion tracking and inventory consumption records
- User Preferences: App settings, language, currency, unit system, and notification preferences
2.3 Technical Information
- Authentication Tokens: Temporary tokens for maintaining your logged-in session
- Browser Storage: Local storage data for offline functionality and performance
2.4 Information We Do NOT Collect
- We do NOT use analytics, tracking pixels, or third-party advertising services
- We do NOT collect browsing history outside our application
- We do NOT sell or share your data with third parties for marketing purposes
- We do NOT track your location
3. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
| Data Type |
Legal Basis |
| Account Information |
Contract Performance: Necessary to provide you with the service |
| Application Data |
Contract Performance: Core functionality of the service you signed up for |
| Service Emails |
Legitimate Interest: Essential service communications (password resets, account verification) |
| Future Premium Features |
Consent: Explicit opt-in for paid features when available |
4. How We Use Your Information
We use your information solely to:
- Provide the Service: Enable meal planning, inventory tracking, and data synchronization across your devices
- Account Management: Create and maintain your account, authenticate your identity, and handle password resets
- Product Database: Enhance barcode scanning accuracy by storing product information in a shared database (barcodes and product names only - not linked to your account)
- Service Communications: Send essential emails (account verification, password reset, critical service updates)
- Improve the Service: Fix bugs, improve performance, and develop new features based on aggregated, anonymized usage patterns
- Legal Compliance: Comply with applicable laws and legal obligations
5. Data Storage and Security
5.1 Where Your Data is Stored
- Primary Storage: Supabase (PostgreSQL database) hosted in EU-North-1 region (Stockholm, Sweden)
- GDPR Compliance: All data is stored within the European Union, ensuring full GDPR protection
- Local Storage: Optional offline data cached locally on your device for offline access
5.2 Security Measures
We implement industry-standard security practices to protect your data:
- Encryption in Transit: All data transmission uses HTTPS/TLS encryption
- Encryption at Rest: Database encryption provided by Supabase infrastructure
- Password Security: Passwords are hashed and salted using bcrypt algorithm
- Access Controls: Strict authentication and authorization controls
- Regular Security Updates: Infrastructure and dependencies are regularly updated
5.3 Third-Party Services
We use the following trusted third-party services to operate PrepCheck:
- Supabase (Database & Authentication): EU-based, GDPR-compliant infrastructure. Supabase Privacy Policy
- Netlify (Website Hosting): Compliant with GDPR and privacy regulations. Netlify Privacy Policy
- Domain.no (Email Services): Norwegian email provider for transactional emails
- External Barcode APIs: When you scan a barcode, we may query third-party product databases to retrieve product information. Only the barcode number is transmitted - no personal data
6. Data Retention
- Active Accounts: We retain your data for as long as your account remains active
- Deleted Accounts: Upon account deletion, all personal data is permanently deleted within 30 days
- Shared Product Database: Generic product information (barcode + product name) remains in shared database to help other users, but is NOT linked to your account
- Legal Obligations: We may retain certain data longer if required by law (e.g., financial records for tax purposes if you subscribe to premium features)
7. Your Rights (GDPR)
Under GDPR and Norwegian data protection law, you have the following rights:
7.1 Right of Access
You can request a copy of all personal data we hold about you.
7.2 Right to Rectification
You can correct inaccurate or incomplete data directly in the app or by contacting us.
7.3 Right to Erasure ("Right to be Forgotten")
You can delete your account and all associated data at any time through the app settings or by contacting us.
7.4 Right to Data Portability
You can export your data in JSON format directly from the app (Settings → Export Data).
7.5 Right to Restrict Processing
You can request that we limit how we process your data in certain circumstances.
7.6 Right to Object
You can object to processing based on legitimate interests.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
To Exercise Your Rights: Contact us at
info@prepcheck.no. We will respond within 30 days as required by GDPR.
8. Data Sharing and Disclosure
We do NOT sell your personal data.
We only share your data in the following limited circumstances:
- Service Providers: With Supabase and Netlify as necessary to operate the service (covered by data processing agreements)
- Legal Requirements: If required by law, court order, or governmental authority
- Protection of Rights: To protect our legal rights, prevent fraud, or ensure user safety
- Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred (you will be notified in advance)
9. Children's Privacy
PrepCheck is intended for users aged 13 years and older. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@prepcheck.no.
10. International Data Transfers
All data is stored within the European Union (EU-North-1 region). If you access PrepCheck from outside the EU, your data will be transferred to and stored in the EU, which provides equivalent or stronger data protection than most other jurisdictions.
11. Cookies and Local Storage
11.1 Essential Cookies
We use only essential cookies and local storage required for the application to function:
- Authentication Token: Keeps you logged in
- Session Management: Maintains your active session
- Local App Data: Stores your data locally for offline access (optional)
11.2 No Tracking Cookies
We do NOT use:
- Analytics cookies
- Advertising cookies
- Third-party tracking cookies
- Social media cookies
12. Future Premium Features
PrepCheck may offer premium subscription features in the future. If you choose to subscribe:
- We will collect payment information through a secure third-party payment processor (your payment details are NOT stored by us)
- We will retain billing records as required by law
- You will be notified of any additional data processing activities
- All GDPR rights continue to apply
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email to your registered email address for significant changes
- Displaying an in-app notification
Your continued use of PrepCheck after changes take effect constitutes acceptance of the updated Privacy Policy.
14. Supervisory Authority
If you are located in the EU/EEA and have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.
Norway: Datatilsynet (Norwegian Data Protection Authority)
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Email: info@prepcheck.no
Data Controller: Kristoffer Tosbakken
Website: https://prepcheck.no
© 2025 PrepCheck. All rights reserved.