This Privacy Policy explains how KheniTech (“we,” “us,” or “our”) collects, uses, stores, and shares information when you use the GreenMark mobile application (“the App”) on iOS and Android. Please read this policy carefully. By creating an account or using the App, you acknowledge that you have read and understood this policy.
If you do not agree with this policy, please do not use the App. If you have questions, contact us at contact@khenitech.com.
GreenMark is intended for users who are 13 years of age or older (or the applicable age of digital consent in your country, which may be higher— for example, 16 in certain EU member states). We do not knowingly collect personal information from children under 13. If we learn that a user under 13 has created an account, we will delete their account and all associated data promptly. If you believe a child under 13 has provided us with personal information, please contact us at contact@khenitech.com.
When you create an account or sign in, we collect:
When you use the App, we store in your account:
This data is stored in your account in Firebase Cloud Firestore so that it syncs across your devices and persists when you reinstall the App.
If you photograph a product within the App for identification or record-keeping purposes, that image is uploaded to Firebase Cloud Storage and linked to your account. Images are stored solely to provide the App’s product-identification feature. You can delete uploaded images by deleting the associated product record or by requesting account deletion (see Section 7).
The App requests access to your device camera to scan product barcodes. The camera feed is processed entirely on your device; no photograph is captured or transmitted to our servers during barcode scanning. Only the decoded barcode number (a string of digits) leaves your device. Camera access is used for no other purpose.
If the App crashes or experiences an error, diagnostic information may be collected automatically, including stack traces, device type, OS version, and application state at the time of the crash. This data is not linked to your personal identity and is used solely to identify and fix software bugs.
GreenMark uses the Meta (Facebook) SDK to measure whether users installed
the App after seeing a GreenMark advertisement on Facebook or Instagram. When you first
launch the App, the Meta SDK automatically sends an fb_mobile_activate_app
event to Meta's servers. To match this event to an ad impression, the SDK may collect:
This data is shared with Meta Platforms, Inc. solely for install attribution — to measure the effectiveness of our advertising campaigns. We do not use this data to display ads within GreenMark, and Meta does not receive your name, email address, scan history, or any other personal data from your GreenMark account.
On iOS, your IDFA is only shared if it is available and non-zero. On Android 13+, the
App declares the AD_ID permission to access GAID; on earlier Android versions
GAID is available without an explicit permission. You can reset or limit your advertising
identifier at any time in your device settings (iOS: Settings → Privacy & Security →
Tracking; Android: Settings → Privacy → Ads).
The eco grades, carbon footprint estimates, water usage figures, and lifecycle breakdowns displayed in GreenMark are generated by artificial intelligence (Google Gemini via Vertex AI and OpenAI GPT-4o) using standard lifecycle assessment databases (Agribalyse, ecoinvent, ADEME, USDA). These are estimates based on product category, ingredients, and country of origin — they are not measured values. Results may vary by product batch, supplier, region, and model version. Do not rely on these estimates for regulatory, scientific, or commercial purposes.
To generate eco analysis, we send the following product attributes to our AI providers: product name, brand, category, country of origin, ingredients list, and (when you scan a label photo) the image itself. We do not send your name, email address, account ID, or any other personal information to AI providers.
To deliver the App’s features we send requests to the following third-party services. We do not send your name, email address, or account credentials to any of these services unless explicitly stated.
| Service | Provider | Data sent | Purpose | Privacy policy |
|---|---|---|---|---|
| Firebase Authentication | Google LLC | Email, display name, OAuth tokens | Account creation and sign-in | policies.google.com/privacy |
| Firebase Cloud Firestore | Google LLC | Your activity data (scan history, saved items) | Cloud storage and sync of your app data | policies.google.com/privacy |
| Firebase Cloud Storage | Google LLC | Product images you upload | Storing product photos linked to your account | policies.google.com/privacy |
| Open Food Facts API | Open Food Facts (non-profit) | Barcode number | Retrieve product nutrition and ingredient data | openfoodfacts.org/privacy |
| USDA FoodData Central API | U.S. Department of Agriculture | Barcode number or product name | Retrieve nutritional data for U.S. food products | usda.gov/privacy-policy |
| UPC Item DB API | UPC Item DB | Barcode / UPC number | Retrieve general product information | upcitemdb.com/privacy |
| OpenAI API (GPT-4o) | OpenAI, LLC | Product name, category, ingredient data (no account PII) | Generate eco-impact analysis and sustainability insights | openai.com/policies/privacy-policy |
| Google Gemini via Vertex AI | Google LLC | Product name, category, ingredient data (no account PII) | Generate eco-impact analysis and sustainability insights | policies.google.com/privacy |
| Google Sign-In | Google LLC | OAuth token exchange | Sign in with your Google account | policies.google.com/privacy |
| Sign in with Apple | Apple Inc. | OAuth token exchange | Sign in with your Apple ID | apple.com/legal/privacy |
| Meta SDK (Facebook) | Meta Platforms, Inc. | Device advertising ID (IDFA/GAID), device signals | Measure whether App installs resulted from Facebook/Instagram ads (install attribution) | facebook.com/privacy/policy |
All Firebase services run on Google Cloud infrastructure. Data is primarily stored and processed in United States data centres unless your Firebase project is configured for a specific region. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, data transfers to the United States are made pursuant to Google’s Standard Contractual Clauses or equivalent data-transfer mechanisms under applicable law.
Each third-party service listed above is used only as a data processor or service provider acting on our behalf. We do not authorise these providers to use your personal data for their own advertising or marketing purposes beyond what is described in their respective privacy policies.
If you are located in the EEA, UK, or Switzerland, we process your personal data on the following legal bases:
| Data category | Retention period |
|---|---|
| Account information (email, display name, profile photo URL) | Until you delete your account or request erasure |
| Scan history, saved products, saved tips | Until you delete individual records, delete your account, or request erasure |
| Product images (uploaded photos) | Until you delete the associated product record or request account deletion |
| Crash and diagnostic logs | Up to 90 days |
| Firebase Authentication tokens | Deleted within 180 days of account deletion |
After the applicable retention period, or within 30 days of receiving a valid deletion request, we will delete or anonymise your personal data. Some aggregated, non-identifiable crash diagnostic data may be retained for longer to improve app stability.
We take reasonable technical and organisational measures to protect your data:
No method of electronic transmission or storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. If you become aware of any security vulnerability or breach, please contact us immediately at contact@khenitech.com.
Depending on where you live, you may have some or all of the following rights. To exercise any of them, email us at contact@khenitech.com with the subject line “Privacy Request — [Right Name]” and the email address associated with your account. We will respond within 30 days (or sooner if required by applicable law).
You have the right to request a copy of the personal data we hold about you, including your account information and activity data stored in Firestore.
You have the right to request deletion of your account and all personal data associated with it. You can initiate this from within the App (Settings → Account → Delete Account) or by contacting us. Upon confirmed deletion:
You can update your display name and other account details directly within the App at any time. If you need to correct other data and cannot do so yourself, contact us.
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON). Contact us at contact@khenitech.com to request an export of your account data and activity records.
You can ask us to temporarily suspend processing of your personal data while a dispute about its accuracy or our use of it is resolved.
You can object to processing of your personal data for crash diagnostics. Contact us at contact@khenitech.com to opt out.
If you are located in the EEA or UK and believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national supervisory authority in the EU).
California residents have the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. We do not sell or share your personal information with third parties for monetary or other valuable consideration. To exercise your California rights, contact us at contact@khenitech.com.
GreenMark uses the Meta (Facebook) SDK for install attribution only — to measure whether users installed the App after seeing a GreenMark advertisement. This involves sharing your device advertising identifier (IDFA on iOS, GAID on Android) with Meta. See Section 2.6 for full details.
GreenMark does not:
Because the Meta SDK uses your advertising identifier solely to attribute App installs
(not to display ads or track cross-app behaviour beyond the install event), Apple’s
App Tracking Transparency (ATT) framework does not require a permission prompt for this
use case under current Apple guidelines. The SDK is configured with
FacebookAutoLogAppEventsEnabled = true and
FacebookAdvertiserIDCollectionEnabled = true to enable install measurement.
GreenMark is operated from the United States. If you access the App from outside the United States—including from the European Economic Area (EEA), United Kingdom, or Switzerland—your personal data will be transferred to and processed in the United States or other countries where Google’s infrastructure operates.
We rely on Google’s data-transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to lawfully transfer personal data from the EEA and UK to the United States. For more information, see Google’s GDPR documentation.
The App may display links to third-party websites or content (such as product manufacturer pages). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If we make material changes, we will notify you through the App or via the email address associated with your account at least 30 days before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
KheniTech
Email: contact@khenitech.com
We aim to respond to all privacy-related inquiries within 30 days. For deletion or data-access requests, please include in your email the subject line “Privacy Request” and the email address registered with your GreenMark account so we can locate and process your data accurately.
This appendix is a reference for your App Store Connect submission. It is not legal text and is not published to end users.
| Data type | Category | Linked to identity | Used to track | Purpose |
|---|---|---|---|---|
| Email address | Contact Info | Yes | No | App functionality, account management |
| Display name | Contact Info | Yes | No | App functionality |
| Profile photo URL | Contact Info — Other | Yes | No | App functionality |
| User ID (Firebase UID) | Identifiers | Yes | No | App functionality, account management |
| Scan history, saved products | Usage Data — Other Usage Data | Yes | No | App functionality |
| Product images (uploaded) | User Content — Photos or Videos | Yes | No | App functionality |
| Device advertising ID (IDFA / GAID) | Identifiers — Device ID | No | Yes — shared with Meta for install attribution | Advertising / marketing (install attribution) |
| Device / OS info, App Instance ID | Identifiers — Device ID | No | No | Diagnostics |
| Crash logs | Diagnostics | No | No | App performance / bug fixes |
This appendix is a reference for your Play Console Data Safety form. It is not legal text and is not published to end users.
| Data type | Collected | Shared with 3rd parties | Required or optional | Purpose |
|---|---|---|---|---|
| Email address | Yes | No | Required | Account management |
| Name (display name) | Yes | No | Optional | App functionality |
| User IDs (Firebase UID) | Yes | No | Required | App functionality |
| Photos (uploaded product images) | Yes | No | Optional | App functionality |
| Other user-generated content (scan history, saved items) | Yes | No | Required (core feature) | App functionality |
| App interactions | Yes | No | Required | Diagnostics |
| Crash logs | Yes | No | Required | App performance |
| Device or other IDs (App Instance ID) | Yes | No | Required | Diagnostics |
| Device or other IDs (GAID — Google Advertising ID) | Yes | Yes — shared with Meta Platforms, Inc. | Required (auto-collected by Meta SDK) | Advertising or marketing (install attribution) |
Security practices to declare in Play Console: