Privacy Policy

Last updated: July 2026

1. Who is the data controller

The controller responsible for processing your personal data is:
Name: IntOut
Contact email: support@intout.app

2. What data we collect and why

2.1 Registration data

2.2 Health data (special category)

We use this data exclusively to personalize food analysis according to your specific intolerance profile and to show you a history of your previous scans. We do not use it for any other purpose.

2.3 Usage data

Basic technical information about how you use the app (errors, number of scans) to improve the service. This information is anonymous and aggregated.

2.4 Payment data

IntOut does not directly store your credit card data. Payments are handled by the Apple App Store, Google Play Store, and RevenueCat, each with its own privacy policy.

3. Legal basis for processing

Type of dataLegal basis
Email and accountPerformance of a contract (art. 6.1.b GDPR)
Date of birthPerformance of a contract (art. 6.1.b GDPR)
Intolerances and health dataExplicit consent (art. 9.2.a GDPR)
Scan historyPerformance of a contract (art. 6.1.b GDPR)
Symptom diaryConsent (art. 6.1.a GDPR)
Anonymous usage dataLegitimate interest (art. 6.1.f GDPR)

Health data (intolerances) is only processed with your explicit consent, which you grant during registration. You can withdraw this consent at any time by deleting your account.

4. Who we share your data with

We share your data only with the following trusted providers, necessary for the app to function:

Supabase (database and authentication)

OpenAI (AI-powered photo and label analysis)

Google (AI-powered restaurant menu analysis — Gemini)

RevenueCat (subscription management)

Open Food Facts and Barmanager (public product and menu databases)

Purpose: when you scan a barcode or a restaurant's QR menu, we query the public Open Food Facts or Barmanager database to retrieve ingredients or dishes. These queries do not include any personal data of yours — only the barcode or restaurant identifier. Comparison with your intolerance profile always happens on your own device or on our servers; your profile is never sent to these services.

We never sell your data to third parties. Never. Under no circumstances.

5. International data transfers

Some of our providers (OpenAI, Google, RevenueCat) operate from the United States. These transfers are carried out solely under the guarantees required by GDPR (Standard Contractual Clauses approved by the European Commission) and only with the data strictly necessary to provide the service.

6. How long we keep your data

7. Your rights

As a user in the European Union, you have the following rights over your data:

To exercise any of these rights, write to us at: support@intout.app

8. Minors

IntOut is not directed at children under 14 years of age. The app verifies your date of birth during registration and does not allow anyone who indicates being under 14 to continue. If, despite this verification, we become aware that we have collected data from a child under 14, we will delete that data immediately.

9. Security of your data

10. Important notice about using the app

IntOut is an informational and guidance tool. The results it provides do not constitute or replace the advice, diagnosis, or recommendation of a medical professional, dietitian, or nutritionist.

Food analyses performed by artificial intelligence may not be 100% accurate. Always consult a healthcare professional if you have questions about your diet or health.

11. Changes to this policy

If we make significant changes to this privacy policy, we will notify you through the app or by email at least 15 days in advance. Continued use of the app after such notice implies acceptance of the changes.

12. Contact

For any questions, inquiries, or to exercise your rights:

We respond within a maximum of 30 days.


This privacy policy has been drafted in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights.