Privacy Policy

Last Updated: 11 March 2026

This Privacy Policy explains how TastyBytes Oy (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the BonApp! mobile application (“App”). We comply with the General Data Protection Regulation (GDPR), the Finnish Data Protection Act, and the EU Digital Services Act (DSA).

1. Data Controller

TastyBytes Oy
Email: hello@tastybytes.io

2. Personal Data We Collect

2.1 Authentication Data

When you sign in using Google or Apple, we receive authentication tokens used only to verify your account. We do not access token contents beyond authentication. These tokens are governed by the respective platform privacy policies.

2.2 Profile Data

Information you choose to include in your App profile, such as nickname, age, sex, or settings.

2.3 Food Preference & Nutrition Data

Dietary preferences, allergies, nutritional goals, and similar data used to personalize your experience.

2.4 Usage Data

Interactions with the App, including saved recipes, viewed content, and feature usage patterns.

2.5 Device & Technical Data

Device type, OS version, App version, crash logs (if permitted), and unique identifiers.

2.6 Location Information

• Approximate location via IP address
• Country/language selected
• Precise location, only if you grant permission

2.7 Scanned Content (OCR)

When scanning images or PDFs, files are processed through a secure third‑party OCR service solely to extract text. Files are deleted after processing.

2.8 User Content

Recipe text, meal plans, notes, and any content you create or upload in the App.

3. Legal Basis for Processing

• Contract: Account creation, authentication, syncing, personalization.
• Legitimate Interest: Analytics, security, fraud prevention, service improvement.
• Legal Obligation: Compliance with applicable law.
• Consent: Marketing communications, optional features requiring permission.

4. How We Use Your Personal Data

• Operate and provide core App functionality.
• Personalize meal plans and recommendations.
• Sync your data across devices.
• Improve App features and performance.
• Provide localised content.
• Ensure system security and prevent misuse.
• Comply with legal obligations.
• Support content moderation under the DSA.

5. Content Moderation (DSA Compliance)

We may process data to detect and manage illegal or harmful content. Automated tools may be used for initial detection, always followed by human review. You will receive a “reasoned statement” if your content is removed or restricted.

6. Sharing Your Information

We only share your personal data with:

• Service providers such as hosting, analytics, authentication, and OCR partners.
• Authorities when required by law.
• With your explicit consent when you choose to share content.

We do not sell or rent personal data.

7. Payment Information

We do not collect, process, or store your payment details (such as credit card numbers or bank account information). All financial transactions related to subscriptions are handled exclusively by Apple Inc. (via the Apple App Store) or Google LLC (via the Google Play Store). We only receive confirmation from these providers that a purchase has been successfully processed, allowing us to unlock premium features within the App. Please refer to the privacy policies of Apple or Google for more information regarding how they handle your payment data.

8. International Data Transfers

If data is transferred outside the EU/EEA, we use lawful safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions.

9. Data Security

We apply industry‑standard security measures including encryption, access controls, and regular audits. While no system is perfectly secure, we continuously work to protect your data.

10. Your GDPR Rights

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to object
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

To exercise any rights, contact: hello@tastybytes.io

11. Retention of Personal Data

We retain personal data only as long as needed for service operation, legal obligations, fraud prevention, and dispute resolution. When you delete your account, active data is deleted, with limited retention for legal obligations. Aggregated, anonymized data may be retained indefinitely.

12. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided data, contact us and we will delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated in the App. Please review this Policy regularly.

14. Contact Us

For any questions or concerns, contact us at:
hello@tastybytes.io