Privacy policy

Last updated: 10 April 2026

HalalScope is run as a voluntary, non-commercial project. This policy describes how we handle personal data in line with the EU General Data Protection Regulation (GDPR) where it applies.

This text is not legal advice. If you need certainty for your situation (e.g. as a company or in a specific country), you should have a qualified lawyer review it.

1. Who is responsible?

The person or entity operating HalalScope (the controller under GDPR) is reachable at support@halalscope.app. If your jurisdiction requires a postal address or company registration on file (for example for an imprint), we will publish it here when applicable.

2. Scope

This policy applies to the HalalScope mobile app, the website at halalscope.app, and our backend API that connects them.

3. What personal data we process

Depending on how you use HalalScope, we may process:

Account and authentication

Email address, display name, and (if you register with a password) a password hash — to create and secure your account.
If you use Google sign-in, we receive profile data that Google provides (typically email, name, and profile picture) to identify your account.
Session and security data: tokens or cookies used to keep you signed in, and limited login-attempt records to reduce abuse (e.g. temporary lockouts after failed attempts).
Role and moderation flags (e.g. admin/user, account restrictions) where needed to run the service safely.

App usage tied to your account

Scan history: which products you looked up (e.g. barcode or product identifier) and when, to power features such as history and scan counts.
Community participation: votes or verifications you submit on products, reports you file, and product submissions you send for review — including your user identifier and, where relevant, your email on reports or submissions as stored in our database.
Preferences such as halal strictness settings stored for your account.
Aggregated stats (e.g. scan count, reputation score) derived from the above.

Device and camera

The app may use your device camera only to scan barcodes. Images are processed to read the code; we do not intend to store photos of your camera feed on our servers for this feature. The barcode (or product id) is sent to our API like any other product lookup.

Technical and server data

When you use our API or website, servers and infrastructure may process IP addresses, timestamps, and similar technical data in logs for security, debugging, and stability.
Product information shown in the app may come from public or third-party sources (e.g. open product databases). That data is not “your” personal data unless you contribute it as part of a submission tied to your account.

Marketing website

This site is largely static. We do not use third-party advertising or analytics cookies on these pages at the time of this version. Fonts may be loaded from Google Fonts; Google may receive technical data (such as IP address) according to their policies.

4. Purposes and legal bases (GDPR)

We process data on the following bases, as applicable:

Contract / pre-contract (Art. 6(1)(b) GDPR): providing the app and your account, processing scans and community features you choose to use.
Legitimate interests (Art. 6(1)(f) GDPR): securing the service, preventing abuse, improving reliability, and limited logging — balanced against your rights.
Legal obligations (Art. 6(1)(c) GDPR): where we must retain or disclose information by law.

Where we rely on consent (e.g. for optional features in the future), we will ask separately and you may withdraw consent at any time.

5. Storage, processors, and transfers

Data is stored using our chosen database and hosting providers. Providers may process data in the European Economic Area or, if tools are located elsewhere (for example the United States), we aim to use appropriate safeguards (such as Standard Contractual Clauses) where required by law.

Sign-in with Google involves Google as an independent controller for their part of the authentication flow; see Google’s privacy policy for how they handle your Google account data.

6. Retention

We keep personal data only as long as needed for the purposes above: for example, account data while your account exists, scan and community records for as long as they support the product, and security logs for a limited period. We may delete or anonymise data earlier when possible, or retain longer where the law requires.

7. Sharing

We do not sell your personal data. We may share data with service providers who host or operate infrastructure under contract, or disclose information if legally required or necessary to protect rights and safety.

8. Your rights

Where GDPR applies, you may have the right to:

Access, rectification, erasure, restriction of processing, and data portability;
Object to processing based on legitimate interests;
Lodge a complaint with a supervisory authority in your country.

To exercise your rights, contact support@halalscope.app. You can also delete or stop using the app; account deletion (when we offer it in product) will be processed as described in the app or in our reply to your request.

9. Children

HalalScope is not directed at children under 16. If you believe we have collected a child’s data without appropriate consent, please contact us and we will take steps to delete it.

10. Changes

We may update this policy when the service or the law changes. We will adjust the “Last updated” date and, where appropriate, notify you in the app or by email.

11. Contact

Privacy questions: support@halalscope.app