Privacy Policy

Last updated: 25 April 2026

This Privacy Policy explains how CodeZeo Ltd (“CodeZeo”, “we”, “us”, “our”) collects, uses, and protects information when you use the Suppier mobile application (the “App”). Suppier helps users better understand supplement labels by reading the label and generating an AI-powered overview, score, benefits, effects, and ingredient analysis. Suppier is provided for informational purposes only and is not medical advice.

We have written this policy in plain language. If anything is unclear, contact us via the Support page.

1. Who We Are (Data Controller)

The data controller responsible for your information is:

• CodeZeo Ltd
• London, United Kingdom
• Email: info@codezeo.com

For privacy-related questions or to exercise your rights, contact us at the email above.

2. Information We Process

We process the minimum amount of information needed to make the App work. The categories below describe what may be processed and why.

• Label images and extracted text: When you scan a supplement label, the captured image and/or text extracted from it may be sent securely to our processing service so the AI can generate the overview, score, benefits, effects, and ingredient analysis.
• Scan history (on your device): Past scans and their analyses may be stored locally on your device so you can revisit them. You can delete these at any time from within the App.
• App preferences: Settings such as language, units, theme, and notification preferences. Stored locally on your device.
• Purchase status: Whether you have an active paid plan. Subscription state is verified through Apple’s StoreKit; we do not see your payment card details.
• Diagnostic and crash data (if enabled): Aggregated, non-identifying technical information that helps us detect crashes and improve stability. This is opt-in where required by law.
• Support correspondence: If you contact support, we receive your email address, name (optional), category, message, and basic device/app version info.
• Approximate technical data: Device model, operating system version, and App version, used for compatibility and troubleshooting.

We do not collect: payment card details, contacts, precise location, health-record data from external providers, or biometric identifiers.

3. How We Use Your Information (Purposes)

• Provide the core service: Read your scanned label and generate the AI overview, score, and analyses you requested.
• Maintain and improve the App: Diagnose crashes, fix bugs, and improve label-reading accuracy and analysis quality.
• Manage purchases: Confirm subscription status with Apple’s App Store and unlock paid features.
• Provide support: Respond to your questions, feedback, and bug reports.
• Security and abuse prevention: Detect and prevent misuse, fraud, and violations of our Terms.
• Legal compliance: Meet our legal, regulatory, and tax obligations.

4. Legal Bases (UK GDPR / EU GDPR)

If you are in the UK or EEA, we rely on the following legal bases:

• Performance of a contract: Processing scans, delivering analyses, and managing your subscription so you can use the App you signed up for.
• Legitimate interests: Improving the App, ensuring security, preventing abuse, and communicating about important service changes — provided these interests do not override your rights.
• Consent: For optional features such as analytics, crash reporting, or marketing communications, where required. You can withdraw consent at any time.
• Legal obligation: Where we must process information to comply with applicable law.

5. How Scans Are Handled

• To analyze a label, the captured image and/or its extracted text is transmitted securely (via TLS/HTTPS) to our processing service and AI provider.
• The image is processed to extract the label text and produce the analysis. The image is retained only for as long as needed to perform and (briefly) review the analysis, then discarded according to our retention rules below.
• We do not use your scans to train large public AI models. We may use aggregated, de-identified information to improve our own label-reading accuracy.
• Avoid scanning images that contain personal or sensitive information unrelated to the supplement label.

6. Sharing & Third-Party Service Providers

We share information only with carefully selected service providers who help us run the App. Each provider receives only the data necessary to perform its function and is bound by contracts that require appropriate security and confidentiality. Categories include:

• Cloud hosting and storage — to host the back-end services that route and process your scans.
• AI processing providers — to perform optical character recognition (OCR) and language-model analysis on the extracted label text.
• Apple App Store / StoreKit — to manage subscriptions and receipts.
• Crash reporting and analytics — to monitor stability and aggregate, non-identifying usage trends (where applicable).
• Support tooling — for messaging you back when you contact support (for example, an email/forms provider).

We do not sell or rent your personal information. We do not share it with advertisers, data brokers, or for cross-context behavioural advertising.

We may disclose information if required by law, valid legal process, or to protect the rights, property, or safety of CodeZeo, our users, or the public.

7. International Data Transfers

Some of our service providers may process information in countries outside your country of residence, including outside the UK and EEA. Where such transfers occur, we put appropriate safeguards in place — such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or transfers to jurisdictions recognised as providing an adequate level of protection — to ensure your information is protected to a standard consistent with this policy.

8. Data Retention

• Label images: Retained only as long as needed to perform the analysis and short-term quality review, typically a short period after the scan, and then deleted or de-identified.
• Extracted label text and analysis results: Stored locally on your device until you delete them; aggregated, de-identified versions may be retained for App improvement.
• Subscription / purchase status: Retained for as long as your subscription is active and for the period required by accounting and tax law.
• Support messages: Retained for a reasonable period to provide ongoing support and for legal recordkeeping, then deleted or anonymised.
• Diagnostic / crash data: Retained for the period necessary to investigate and fix issues, typically no longer than 13 months.

When information is no longer needed, we delete or anonymise it.

9. Your Rights

Depending on where you live, you may have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete information.
• Erasure (“right to be forgotten”) — ask us to delete personal data we hold about you, subject to legal exceptions.
• Restriction — ask us to limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Portability — receive a copy of certain data in a structured, machine-readable format.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Lodge a complaint — with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

To exercise these rights, email info@codezeo.com. We may need to verify your identity before responding. We aim to respond within 30 days.

10. App Permissions

• Camera — to scan supplement labels. Used only when you actively scan; no continuous background access.
• Photo library (optional) — only the photos you explicitly select for analysis are processed.
• Notifications (optional) — used only if you enable reminders or analysis-ready notifications.
• Network access — required to send labels to the AI service and to verify your subscription with the App Store.

You can change permissions any time in your device’s Settings app.

11. Cookies and Tracking

The App itself does not use browser cookies. We do not use cross-app advertising identifiers and we do not engage in cross-context behavioural advertising. Where required, the App will request App Tracking Transparency permission and respect your choice.

12. Security

We use industry-standard technical and organisational measures to protect your information, including:

• TLS/HTTPS encryption for data in transit between the App and our services.
• Encrypted storage and access controls on our back-end systems.
• Limited, role-based access for personnel who need it to operate or support the App.
• Regular review of providers, dependencies, and security practices.

No system is perfectly secure. We cannot guarantee absolute security, but we work to protect your data and to notify you and the relevant authorities promptly in the event of a security incident, where required by law.

13. Children’s Privacy

Suppier is not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

14. Health Disclaimer

The information provided by Suppier is for informational purposes only and helps users better understand supplement labels. It is not medical advice and does not diagnose, treat, cure, or prevent any disease. AI-generated outputs may be inaccurate or incomplete. Always consult a qualified healthcare professional before making health decisions, starting a supplement, or changing any treatment.

15. Automated Decision-Making

The App uses automated processing (AI) to read labels and generate overviews, scores, and analyses. These outputs do not produce legal or similarly significant effects on you. They are informational, not decisions that bind you in any way. You remain free to ignore or override anything the App suggests.

16. Region-Specific Notices

UK / EEA: If you are in the UK or EEA, you have the rights described in Section 9 under the UK GDPR and EU GDPR. The supervisory authority in the UK is the Information Commissioner’s Office (ico.org.uk).

California, USA: California residents may have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.

Other regions: Where applicable, you may have similar rights under your local data-protection law.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in-app and update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

18. Contact Us

If you have questions or want to exercise any of your rights, please contact us:

• Support page: suppiersupport.html
• Email: info@codezeo.com
• Company: CodeZeo Ltd, London, United Kingdom