CanABaby - Ingredient Safety Scanner for babies, food, lotions, baby wipes, check ingredients in baby products!!

1. Data Controller

Data Controller:

99Tries OÜ

Location: Estonia

Email: hello@99tries.com

Website: www.canababy.ai

99Tries OÜ is the data controller responsible for your personal data when you use CanABaby. We determine the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR) and Estonian data protection laws.

2. What Data We Collect

2.1 Product Images and Analysis Data

Product Images: Photos you upload or capture of baby product labels
Extracted Text: Ingredient lists and product information from OCR processing
Analysis Results: Safety assessments and ingredient evaluations we generate
Usage Metadata: Timestamps, baby age selections, product usage types

Legal Basis: Legitimate interest in providing ingredient analysis services

2.2 Account and Authentication Data

Email Address: Collected directly during signup (magic link authentication) or from third-party sign-in providers for account creation and communication
Authentication Information: Magic link tokens and data from third-party sign-in providers (Google, Apple)
User Identifier: Unique user ID for associating your scans and preferences
Subscription Status: Premium membership status and billing information
User Preferences: Default baby age, notification settings
Profile Information: Name and profile picture (if provided by sign-in provider)

Legal Basis: Contract performance and legitimate interest in account management

2.3 Technical and Usage Data

Device Information: Browser type, operating system, device identifiers
Usage Analytics: How you interact with CanABaby features
Error Logs: Technical issues and crash reports for service improvement
IP Address: For security, fraud prevention, and geographic analysis

Legal Basis: Legitimate interest in service improvement and security

3. Third-Party AI Processing

Important: Your data is processed by third-party AI providers to deliver our service.

3.1 OpenAI Processing

Product images and extracted text are sent to OpenAI for analysis
OpenAI processes this data to generate ingredient safety assessments
Governed by OpenAI's Privacy Policy: https://openai.com/privacy/
Data retention: Subject to OpenAI's data retention policies

3.2 Google AI/Gemini Processing

Product images and text may be processed by Google's AI services
Used for OCR text extraction and ingredient analysis
Governed by Google's Privacy Policy: https://policies.google.com/privacy
Data retention: Subject to Google's data retention policies

Transfer Basis: These transfers are necessary for contract performance. Both OpenAI and Google have appropriate technical and organizational measures in place and comply with international data transfer requirements.

4. Automated Decision Making and AI Analysis

IMPORTANT: CanABaby uses automated decision-making that may significantly affect you.

4.1 AI-Powered Safety Analysis

We use artificial intelligence to automatically analyze ingredient safety and provide recommendations. This constitutes automated decision-making under GDPR Article 22.

Purpose: Generate ingredient safety assessments for baby products
Logic: AI models evaluate ingredients against safety databases and research
Significance: Results may influence your purchasing and safety decisions
Legal Basis: Necessary for contract performance (providing our service)

Your Rights Regarding Automated Decisions

You have the right to:

Obtain human intervention in the decision-making process
Express your point of view regarding automated analysis results
Contest automated decisions that affect you
Request manual review of AI-generated safety assessments

Contact us at hello@99tries.com to exercise these rights.

5. How We Use Your Data

4.1 Primary Service Delivery

Analyze product ingredients for baby safety
Generate personalized safety assessments based on baby age
Maintain your scan history and preferences
Provide premium features to subscribers

4.2 Service Improvement

Improve AI analysis accuracy through aggregated data analysis
Develop new features and enhance user experience
Monitor service performance and fix technical issues
Conduct research on ingredient safety trends (anonymized)

4.3 Legal and Security

Prevent fraud and abuse of our service
Comply with legal obligations and law enforcement requests
Enforce our Terms and Conditions
Protect the rights and safety of our users

6. Data Sharing and Recipients

We share your data only as described below:

5.1 AI Service Providers

OpenAI: For AI-powered ingredient analysis
Google: For OCR text extraction and AI analysis

5.2 Service Providers

Authentication Providers: Google, Apple (for sign-in services)
Payment Processors: Stripe (for subscription billing)
Hosting Providers: Cloud infrastructure providers
Analytics Services: For usage analysis and service improvement

5.3 Legal Requirements

We may disclose your data if required by law, legal process, or to protect our rights, users' safety, or comply with government requests.

No Sale of Data: We never sell your personal data to third parties for marketing purposes.

7. Marketing Communications and Consent

7.1 Email Communications

We may send you emails for the following purposes:

Service Communications: Account notifications, security alerts, service updates (necessary for contract performance)
Product Updates: New features, safety database updates, app improvements (legitimate interest)
Marketing: Promotional offers, premium upgrades, partner recommendations (consent required)

7.2 Consent Withdrawal

You can withdraw your consent at any time:

Marketing Emails: Click "unsubscribe" in any marketing email
Analytics Cookies: Disable in your browser settings or our cookie banner
Data Processing: Contact hello@99tries.com to withdraw consent
Account Deletion: Request full account and data deletion

Note: Withdrawing consent doesn't affect the lawfulness of processing before withdrawal.

8. Your Rights Under GDPR

Exercise Your Rights

As a data subject under GDPR, you have the following rights. To exercise any of these rights, contact us at hello@99tries.com.

🔍 Right to Access

Request copies of your personal data and information about how we process it.

✏️ Right to Rectification

Request correction of inaccurate or incomplete personal data.

🗑️ Right to Erasure

Request deletion of your personal data in certain circumstances.

⏸️ Right to Restrict Processing

Request limitation of processing in certain situations.

📱 Right to Data Portability

Request your data in a structured, machine-readable format.

🚫 Right to Object

Object to processing based on legitimate interests or for marketing.

Response Time: We will respond to your requests within one month. If you're not satisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate.

9. Data Protection Officer and Legal Basis

9.1 Data Protection Officer (DPO)

DPO Status: As a small Estonian company, 99Tries OÜ is not required to appoint a formal Data Protection Officer under GDPR Article 37. However, data protection inquiries are handled by our management team.

Data Protection Contact: hello@99tries.com

9.2 Legal Basis Summary

We process your personal data based on the following GDPR legal bases:

Contract Performance (Art. 6(1)(b))

Account management, service delivery, AI analysis

Legitimate Interest (Art. 6(1)(f))

Service improvement, security, analytics

Consent (Art. 6(1)(a))

Marketing communications, analytics cookies

Legal Obligation (Art. 6(1)(c))

Tax records, law enforcement requests

9.3 Processing Records

In compliance with GDPR Article 30, we maintain records of processing activities. These records are available to supervisory authorities upon request and include details of all data processing purposes, categories, and safeguards.

10. Data Retention

10.1 Account Data

We retain your account information and scan history while your account is active and for:

Active Users: Until account deletion or service termination
Inactive Users: 3 years after last activity
After Deletion: 30 days for recovery, then permanently deleted

10.2 Product Images

Original Images: Deleted after processing (typically within 24 hours)
Analysis Results: Retained with your account for service delivery
Anonymized Data: May be retained indefinitely for research

10.3 Legal Requirements

Some data may be retained longer if required by law, for legal proceedings, or to protect our legitimate interests (e.g., fraud prevention).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

Encryption in transit and at rest
Secure authentication systems
Regular security updates
Access controls and monitoring
Secure data centers

Organizational Measures

Staff training on data protection
Data processing agreements
Privacy impact assessments
Incident response procedures
Regular security audits

Data Breach Notification: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities within 72 hours.

12. Cookies and Tracking

CanABaby uses cookies and similar technologies to enhance your experience:

9.1 Essential Cookies

Required for basic functionality: authentication, session management, security features. These cannot be disabled as they're necessary for the service to work.

9.2 Analytics Cookies

Help us understand how you use CanABaby to improve our service. These require your consent and can be disabled in your browser settings.

9.3 Preference Cookies

Remember your settings and preferences (like default baby age) to enhance your experience.

Cookie Control: You can manage cookie preferences through your browser settings. Note that disabling certain cookies may limit CanABaby's functionality.

13. International Transfers

Your data may be transferred outside the European Economic Area (EEA) to our AI service providers:

OpenAI (United States)

Transfers are protected by appropriate safeguards including Standard Contractual Clauses and OpenAI's compliance with international data protection standards.

Google (Global)

Google has implemented appropriate technical and organizational measures and complies with international data transfer requirements including adequacy decisions and SCCs.

These transfers are necessary for contract performance and service delivery. Both providers have demonstrated compliance with international data protection standards.

11. Children's Privacy

CanABaby is intended for use by parents and caregivers, not children directly.

Users must be at least 18 years old or have parental consent
We do not knowingly collect personal data from children under 16
If we discover we've collected data from a child, we will delete it promptly
Parents can contact us to request deletion of any child's data

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

We will update the "Last updated" date at the top of this policy
For significant changes, we will notify you via email or app notification
Your continued use of CanABaby constitutes acceptance of the updated policy
You can review the current policy at any time at www.canababy.ai/privacy

Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:

Data Controller: 99Tries OÜ

Email: hello@99tries.com

Subject Line: "Privacy Policy Inquiry" or "GDPR Rights Request"

Response Time: We will respond within one month

Supervisory Authority: If you're not satisfied with our response, you can lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee).