Legal
Privacy Policy
1 Introduction
Fango is a food waste tracking app for personal use, available on iOS and Android. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using Fango, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.
Data controller (GDPR Art. 4(7)): Valtteri Isokorpi, Finland. Contact: support@fango.fi. Fango is operated as an individual project by a natural person established in the European Union; no separate company entity, data protection officer (DPO), or EU representative applies.
2 Data We Collect
Fango does not require registration or a user account. All data you enter — products, prices, expiry dates, settings, and statistics — is stored locally on your device only and is not transmitted to external servers. The developer has no access to your items, settings, or statistics.
Home screen widget. If you add the Fango widget to your home screen, it reads your product expiry data directly from local storage shared between the app and its widget on your device (an App Group container on iOS, and SharedPreferences on Android). No data is copied to external servers. The widget only displays information already stored on your device.
The only exceptions to local-only storage are the optional receipt scanning feature (Section 3) and the optional Report a problem form (Section 4).
Data we receive about you indirectly (GDPR Art. 14). If you purchase a Fango Pro subscription, Apple App Store or Google Play passes a transaction confirmation to RevenueCat (our subscription manager — see Section 5), and RevenueCat returns to the app a minimal subscription state (active / inactive, entitlement identifier "pro", and an opaque RevenueCat App User ID). Fango does not receive your name, email, payment instrument, billing address, or any other personal information from Apple, Google, or RevenueCat. The source of this indirectly-received data is the store transaction you initiated; the lawful basis is contract performance (Art. 6(1)(b), Section 7). The same minimal data flow applies to the refer-a-friend feature (Section 5) when an invited user redeems a code.
3 Receipt Scanning (Optional)
Fango includes an optional receipt scanning feature that uses AI to identify food products from a receipt image or PDF. This is the only part of the app that sends content off the device.
What is sent. When you scan, the image binary (or the text extracted from a text-based PDF) is transmitted briefly via our relay service (Supabase Edge Function) to an AI provider (Anthropic Claude) for product recognition. The content is not stored permanently on either server, and no user identifier or device identifier is attached to the request.
What is returned. The AI returns a structured list of recognised food products. This list is saved only on your device. Fango does not retain the receipt content after the scan completes.
Abuse prevention. To prevent excessive use of the AI service, the relay service maintains a pseudonymous IP-based hourly rate limit counter. Under GDPR, an IP address is treated as personal data (Recital 26); it is processed solely for rate-limit accounting, not linked to any other identifier, and the hourly bucket expires automatically.
Special categories of data (GDPR Art. 9). Receipt content may incidentally include information that, in isolation or in combination, could constitute "special categories of personal data" — for example, a pharmacy receipt containing medication names that may reveal health information, or a receipt containing items associated with religious dietary practice. Fango does not deliberately process such categories and does not infer them from your data. The AI returns a structured list of the items it identified on the receipt (which may include non-food items such as toiletries — those are flagged separately so they are not added to your fridge reminders). Receipt content is not retained after identification: the relay service does not store images or extracted text, and only the structured product list is delivered to your device.
Anonymous telemetry. The relay service writes anonymous scan event logs to its server (scan country setting, mode used, count of products identified). No receipt content, no user identifiers, no IP addresses are logged in this telemetry.
Anthropic policy. Anthropic does not use data sent via the API to train its models. For details, see: Anthropic Privacy Policy.
4 Report a Problem (Optional)
Fango includes an optional in-app feedback form (Settings → Report a problem, the scan error banner, and the receipt review screen). It lets you describe a bug or send feedback to the development team. Submission is always initiated by you — nothing is sent automatically.
What is sent. Only what you type into the form, plus anonymous technical metadata: app version, operating system, device model (e.g. iPhone16,2 (iPhone) or samsung SM-G998B — the raw hardware identifier from the device, not your personalised device name), language and country settings, currency setting, and anonymous metrics from your most recent receipt scan in the same session (mode used, duration in milliseconds, count of products identified, and any error code). The form shows you exactly what will be sent before you submit.
What is NOT sent. Receipt content, images, PDFs, your fridge items, statistics, email, name, IP address as part of the payload, or anything that could identify you. The form does not allow attaching files or photos.
How it is delivered. Your message is transmitted briefly via our relay service (Supabase Edge Function) and forwarded as an email to the development team at support@fango.fi using a transactional email provider (Resend). The relay service keeps no persistent log of report bodies.
Abuse prevention. To prevent spam, the relay service maintains a pseudonymous IP-based hourly counter (10 messages/hour, no persistent log). The same treatment under GDPR applies as described in Section 3.
If you want us to see a specific receipt. Receipts are intentionally never sent through this form. If sharing one would help debug an issue, you can send it from your own email to support@fango.fi — please do not include personal information.
Local error log. In addition to the metadata above, Fango stores up to 20 of the most recent technical error events locally on your device (for example, unexpected app crashes that happened in the background). Each event contains: error type, location in the app code, timestamp, app version, operating system, and language — no personal data, no receipt content, no fridge items, no user-specific identifiers. This local log is never transmitted automatically. It is attached only when you actively choose to submit a Report a problem message, and only as part of that submission. Before you press Send, the form displays the number of errors that will be attached and provides a "Show what you send" link that lets you inspect the exact contents. After successful submission, the local error log is cleared from your device immediately. If you never submit a Report a problem message, the error log is never transmitted to us at all.
5 Third Parties
Fango uses the following third parties:
RevenueCat — manages Fango Pro subscriptions. Processes only the data necessary to maintain your subscription status (subscription state and device identifier) via Apple App Store or Google Play. On Android devices, RevenueCat may also process the Android Advertising ID (AAID) if enabled on your device. RevenueCat does not have access to your food or product data.
Supabase — provides the relay services (Edge Functions) that handle receipt scanning requests and Report a problem submissions transiently. Maintains a pseudonymous IP-based rate limit table. Does not store receipt content or user-specific identifiers.
Anthropic (Claude AI) — identifies food products from receipt content. Does not use data sent via the API to train its models. Standard API retention applies for trust & safety monitoring.
Resend — transactional email provider that delivers Report a problem submissions to the development team. Processes only the anonymous bug report content as email; no user-specific identifiers.
Apple App Store and Google Play — payment transactions and subscription billing under their respective privacy policies. Fango never processes payment information directly.
Fango does not use analytics services, advertising networks, or behavioral tracking technologies of any kind.
For more information, see: RevenueCat Privacy Policy · Supabase Privacy Policy · Anthropic Privacy Policy · Resend Privacy Policy
6 Applicable Law
Fango complies with the EU General Data Protection Regulation (GDPR, Regulation 2016/679), which applies directly in all EU/EEA member states (the 27 EU countries plus Iceland, Liechtenstein, and Norway), and the Finnish Data Protection Act (1050/2018) which supplements the GDPR locally. The substantive rules of the GDPR — purpose limitation, data minimisation, lawful basis, security, and the rights enumerated in Section 9 — apply uniformly to all users in those jurisdictions, regardless of the member state in which they reside or the language they use the app in.
As the app does not collect personal data on its own servers, no personal data register is formed under the meaning of the GDPR. Subscription data processed by RevenueCat, transient receipt scanning content processed by Supabase and Anthropic, and anonymous bug report content delivered by Resend, are subject to those providers' own GDPR compliance.
7 Lawful Basis for Processing
Where any personal data is processed in connection with Fango (whether on-device, by the relay service, or by third-party providers listed in Section 5), the following lawful bases under GDPR Art. 6(1) apply:
Consent (Art. 6(1)(a)). Receipt scanning (Section 3) and submitting a Report a problem message (Section 4) are processed on the basis of your active consent — you explicitly choose to use these features, and you can decline by not using them.
Performance of a contract (Art. 6(1)(b)). Fango Pro subscription state and the device identifier handled by RevenueCat are processed to deliver the subscription you purchased through the App Store or Google Play. The refer-a-friend feature's irreversible SHA-256 device hash is processed on the same basis (to grant promotional access you opted into).
Legitimate interests (Art. 6(1)(f)). Pseudonymous IP-based rate-limit counters on the relay service are processed on the basis of Fango's legitimate interest in preventing abuse of the AI service and the bug report endpoint; this interest has been balanced against your rights, and the data is transient (hourly buckets) and not linked to any user identifier or used for any other purpose. Anonymous server-side telemetry (country setting, mode, product count — containing no IP and no user identifier) is processed on the same basis to monitor service quality.
No processing relies on the "vital interests", "public task", or "legal obligation" bases. Fango does not process "special categories of personal data" (GDPR Art. 9) deliberately — see Section 3 for the limited circumstances in which such data may incidentally appear in receipt content.
8 International Data Transfers
The third-party providers listed in Section 5 may store or process the transient data described in this policy on servers located outside the European Economic Area (EEA), including in the United States and Singapore. Such transfers are permitted under Chapter V of the GDPR through the following safeguards:
Standard Contractual Clauses (SCCs). Transfers to providers operating in the United States (Anthropic, RevenueCat, Resend) and to Supabase data centers in the United States or Singapore rely on the European Commission's Standard Contractual Clauses (Article 46 GDPR) as published in each provider's Data Processing Addendum.
Adequacy decisions. Where the European Commission has issued an adequacy decision under Article 45 GDPR for a destination country, that decision is relied upon instead of SCCs.
Copies of the safeguards may be requested from support@fango.fi or directly from each provider via the privacy policy links in Section 5.
9 Your Rights Under GDPR
Under Articles 15–22 of the GDPR you have the following rights regarding personal data processed about you. Because Fango stores all of your fridge inventory, statistics and settings only on your own device and does not maintain a server-side personal data register (Sections 2 and 6), most of these rights are exercised directly on your device:
Right of access (Art. 15) — You can review all data the app holds about you by opening the app on your device. No additional records exist on Fango's servers.
Right to rectification (Art. 16) — Edit any item, price, expiry date, or setting directly inside the app.
Right to erasure (Art. 17) — Delete all locally stored data via Settings → "Danger zone" → "Clear all app data", or by uninstalling the app. Both methods permanently remove the data; Fango cannot recover it.
Right to restrict processing (Art. 18) — Disable optional features that send data off-device: do not use receipt scanning (Section 3) and do not submit the Report a problem form (Section 4). The rest of the app continues to work entirely on-device.
Right to data portability (Art. 20) — All your data already resides on your device. Fango does not currently offer a structured export, but iOS and Android device backups (iCloud / Google) include the app's local storage and can be used to move it to a new device of the same platform.
Right to object (Art. 21) — Object to any optional processing by simply not using the relevant feature (scanning, reporting). Disabling notification permissions in your device settings stops local reminder processing.
Right not to be subject to automated decision-making (Art. 22) — Fango does not make automated decisions that produce legal or similarly significant effects about you. The AI receipt scan only identifies food products from an image you actively provide; it does not score, profile, or rank users.
Right to withdraw consent (Art. 7(3)) — Where processing is based on your consent (Section 7) — namely receipt scanning and submitting a Report a problem message — you may withdraw your consent at any time by simply not using the relevant feature again. Withdrawal does not affect the lawfulness of processing already carried out before the withdrawal, but no further data will be sent off-device once you stop using the feature.
For data that is processed by third-party providers (RevenueCat, Supabase, Anthropic, Resend — see Section 5), you may exercise your rights directly with each provider via the contact details in their privacy policies linked in Section 5.
If you have questions about these rights or wish to request additional information, contact support@fango.fi.
How requests are handled. Requests are responded to within one month of receipt (GDPR Art. 12(3)); this period may be extended by two further months for complex or numerous requests, in which case we will inform you within the initial month. Responses are provided free of charge (Art. 12(5)); we may charge a reasonable fee or refuse only when a request is manifestly unfounded or excessive, in particular due to its repetitive character. Because Fango does not maintain user accounts, where there is reasonable doubt about your identity we may ask you to provide additional information sufficient to confirm your relationship to the data subject to the request (for example, an IP address, device hash, or RevenueCat App User ID associated with the data in question — Art. 12(6)). If no such identifier can be supplied, we will respond confirming the absence of server-side personal data linked to you.
10 Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or where the alleged GDPR infringement took place (GDPR Art. 77).
Fango operates from Finland; the competent supervisory authority is:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Street address: Lintulahdenkuja 4, 00530 Helsinki
Email: tietosuoja@om.fi
Phone (switchboard): +358 29 566 6700
Website: tietosuoja.fi
Before contacting the supervisory authority, you may wish to raise your concern with us first at support@fango.fi, but you are not required to do so.
Right to a judicial remedy (Art. 79). In addition to lodging a complaint with the supervisory authority, you have the right to an effective judicial remedy against a supervisory authority's binding decision (Art. 78), against a controller or processor that has infringed your rights, and to recover compensation for damage caused by GDPR infringement (Art. 82). Such proceedings may be brought before the courts of the EU member state where the controller or processor has an establishment, or where you have your habitual residence.
11 Security
Since your fridge inventory, statistics and settings reside only on your device, their security depends on your device's own protection (PIN, password, or biometric authentication). Receipt scanning requests and bug report submissions are transmitted over HTTPS. We recommend:
• Keeping your device's operating system up to date
• Using a strong PIN or biometric lock on your device
• Enabling automatic backups if you wish to preserve your data
12 Data Retention
Fango does not retain your fridge inventory, statistics or settings on any server. All data you create within the app is stored exclusively on your device and remains there for as long as you choose to keep it — or until you delete it or uninstall the app.
Receipt scanning content (image binary or PDF text) is processed transiently and not stored on our servers. The pseudonymous IP-based hourly rate limit counter is automatically expired by the bucket window. Anonymous telemetry (country, mode, products count — no IP, no identifier) is retained in server logs.
Bug report submissions are forwarded as email and retained in the development team's email inbox for the time needed to debug the reported issue. The pseudonymous IP-based hourly counter for the report endpoint resets automatically by the hour window and is not persistently logged.
RevenueCat retains subscription-related data (subscription status and device identifier) in accordance with their own data retention policy. Anthropic applies its standard API retention for trust & safety monitoring. Resend retains email delivery metadata in accordance with its own policy. You may contact those providers directly to request deletion of data they hold.
13 Children's Privacy
Fango is not directed at children under the age of 13. We do not knowingly collect personal information from children. Because Fango does not collect personal data from users of any age, there is no risk of inadvertent collection from minors.
If you are a parent or guardian and believe your child has used the app, please note that no personal user data is transmitted or stored outside the device aside from optional, anonymous receipt scanning requests (Section 3) and optional anonymous Report a problem submissions (Section 4). All local data can be deleted by uninstalling the app or using the "Clear all app data" option in Settings.
14 California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.
Categories of information collected. Fango does not collect personal information about you on its own servers (see Sections 2–4). The only categories that may be processed are: (a) commercial information (Pro subscription status, handled by Apple App Store / Google Play and RevenueCat) and (b) identifiers limited to pseudonymous, transient IP addresses used solely for rate-limit abuse prevention.
No sale, no sharing, no targeted advertising. Fango does not sell or share your personal information, and does not use it for cross-context behavioural advertising. No "Do Not Sell or Share My Personal Information" link is required because no such activity takes place.
Your CCPA/CPRA rights. You have the right to know, delete, correct, and limit use of sensitive personal information, and the right to non-discrimination for exercising these rights. Because Fango stores your data only on your own device, you can exercise the right to know and the right to delete directly via Settings → "Clear all app data" or by uninstalling the app. For data held by third-party providers (Section 5), contact each provider directly.
Questions: support@fango.fi.
15 Other Jurisdictions
Fango is available in many countries. The on-device, no-account architecture described in this policy applies uniformly to all users, irrespective of their location. Where local privacy laws grant rights beyond those listed above, those rights are honoured as far as Fango's data practices allow. Notably:
United Kingdom (UK GDPR). The same rights described in Sections 8 and 9 apply; complaints may be lodged with the UK Information Commissioner's Office (ICO).
Switzerland (revised FADP). Equivalent rights apply; complaints may be lodged with the Federal Data Protection and Information Commissioner (FDPIC).
Other U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, and others as they enter into force). Fango does not sell personal data, does not use targeted advertising, and does not engage in profiling that produces legal or similarly significant effects. Deletion and access rights are exercised on-device as described in Section 9.
Turkey (KVKK / Law No. 6698). Fango supports Turkish-language receipt formats. The substantive obligations of the KVKK (data minimisation, purpose limitation, security) are met by the privacy-by-design architecture described above. Where data subject rights under KVKK Article 11 are exercised, the on-device deletion procedure in Section 9 applies; for residual third-party data, contact the providers listed in Section 5 directly.
New Zealand (Privacy Act 2020), Singapore (PDPA), Israel (Protection of Privacy Law 5741-1981). The principles common to these regimes — purpose limitation, data minimisation, security safeguards, and access/correction/erasure rights — are satisfied by Fango's on-device storage model. Israeli residents may exercise rights under Section 13 of the PPL; Singapore residents may contact the providers listed in Section 5 for residual data they may hold.
Canada (PIPEDA), Australia (Privacy Act 1988), Brazil (LGPD), Japan (APPI), South Korea (PIPA), South Africa (POPIA), India (Digital Personal Data Protection Act 2023), Mexico (LFPDPPP), Argentina (PDPA), Thailand (PDPA), and other jurisdictions. Fango's privacy-by-design architecture (no user accounts, no analytics, no behavioural tracking, no sale of data) satisfies the substantive requirements of these regimes. Where local law grants additional rights or remedies beyond those listed in this policy, those rights are honoured to the extent reasonably possible given Fango's no-server-side-personal-data architecture. Contact support@fango.fi if you need additional information specific to your jurisdiction.
16 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top of this page. We encourage you to review this policy periodically, especially before using a new version of the app.
Continued use of Fango after changes are published constitutes your acceptance of the updated policy. If changes are significant, we will make reasonable efforts to notify users (for example, through a notice in the app).
17 Contact
For privacy-related questions or requests, please contact us:
Email: support@fango.fi
We aim to respond to all privacy inquiries within 30 days.