SousEye Privacy Policy

§1. Summary of key points

The short version. Every point links to the section with full detail.

Daps Dev ("we," "us," or "our") operates SousEye. SousEye is a hands-free cooking companion for iOS. It identifies ingredients from photos of your fridge or pantry, scales recipes to the portions you actually have, and turns recipe videos from public TikTok, Instagram, and YouTube links into followable, voice-guided cooking steps.
What personal information do we process? Account information you provide (where applicable), the content you submit (photos, text, audio, URLs), purchase records, and technical/diagnostic data about your device. We process only what's necessary to deliver the Services.
Do we use AI? Yes. SousEye uses third-party AI providers, primarily OpenAI, to generate ingredient identification, recipe extraction from videos, scaled recipe steps, voice-guided instructions, and other cooking-related suggestions. Your inputs are sent to those providers solely to produce the response we then show you. They do not train their models on API content by default. See Section 5 (AI processing of your content).
Do we process sensitive personal information? We try not to. SousEye is not designed to collect special-category data (race, religion, health, sexual orientation, biometrics, precise geolocation, government IDs, financial-account numbers). If you submit such data inside content you upload, you do so at your own risk.
Do we collect information from third parties? Outside of the sub-processors and platform-provided data described in this Privacy Notice, no.
How do we share your information? Only with the sub-processors that operate the Services on our behalf (listed in Section 7 (Sub-processors)), service providers under contract, or where legally required. We do not sell your personal information and we do not share it for cross-context behavioural advertising.
What about international transfers? SousEye is operated from the United States. Where we transfer EEA/UK/Swiss data to the U.S., we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
What are your rights? Depending on where you live, you may have rights to access, correct, delete, port, or restrict our processing of your personal information, and to object or withdraw consent. See Section 12 (Your privacy rights) and Section 13 (U.S. state privacy rights).
How do you contact us? Email dapsdev.support@gmail.com from the email associated with your SousEye account (or, for guests, the device used).

§2. Information we collect

We collect only what we need to make the Services work.

Account information: When you create an account we collect your email address and a unique account identifier. We do not request your real name or date of birth. If you sign in with Apple, you may choose to share your real email or use Apple's private relay; we receive whichever you choose. We also receive an Apple-issued user identifier so we can recognize your account on future sign-ins. We do not receive your Apple ID password or your real name unless you explicitly share it.
Photos and camera input: SousEye can use your device's camera or photo library when you choose to add an image. We only access photos you explicitly select; we never scan your library in the background. Images are uploaded to our infrastructure so the Services can process them.
Text you submit: Text you type into SousEye (descriptions, prompts, captions, free-form notes, search queries) is sent to our servers so we can return a response.
Audio: When you import a video or use a feature that requires speech recognition, SousEye extracts the audio track and sends it to a transcription service so we can return a text transcript. We do not use the microphone for ambient listening; recording is initiated only when you tap a record control.
URLs you provide: When you paste a public URL (for example a TikTok, Instagram, or YouTube link), we fetch publicly available metadata and media for that URL so we can extract the relevant content. We do not collect any private information from those platforms, and we do not retain a long-term copy of the source video once we have extracted what we need.
Purchase information: If you purchase a subscription, Apple processes the payment and shares with us your subscription status (active, expired, refunded), purchase date, and a Receipt token. We do not see or store your payment card, Apple ID password, or billing address.
Device and usage information: We automatically collect technical information about your device (model, operating system, language, time zone, app version), a randomly generated installation identifier, an IP address (used at the moment of the request and not stored long-term), and basic usage events (which screens you visit, when you tap a feature). This helps us debug issues and understand which features are useful.
Diagnostics and crash reports: If SousEye crashes or hits an error, we may collect a stack trace, the OS version, and the app state at the time of the crash so we can fix the bug. These reports do not include the contents of your photos, audio or text inputs.
Sensitive personal information: SousEye is not designed to collect "special category" data under GDPR (Article 9) or "sensitive personal information" under the CPRA — including racial or ethnic origin, religious or philosophical beliefs, genetic or biometric data for unique identification, health data, sex life or sexual orientation, government IDs, precise geolocation (within 1,750 feet), or financial-account numbers. We will not knowingly process such data, and we ask that you not include it in your inputs.

§3. How we use your information

We use the information described above to:

Provide, operate, and maintain SousEye, including delivering the core feature you asked for (analyzing an image, generating a recommendation, splitting a bill, etc.).
Authenticate you, secure your session, and remember your preferences across devices.
Communicate with you about your account, your subscription, security alerts, and customer support requests.
Detect, investigate, and prevent fraudulent, abusive, or unsafe activity, and to enforce our Terms of Service.
Improve the Services — for example, by analyzing aggregate usage to decide which features to prioritize and to fix bugs.
Manage your subscription, restore purchases across devices, and apply your entitlements.
Comply with our legal obligations, including responding to lawful requests from public authorities.
With your express consent, for any other purpose disclosed at the time we ask for that consent.

§4. Legal bases for processing

If you are in the EEA, UK, Switzerland, Canada, Quebec, Australia, New Zealand, or Brazil, this section explains the legal grounds on which we process your personal information.

Where the GDPR or UK GDPR applies, we rely on the following legal bases under Article 6 GDPR:

Performance of a contract — to provide SousEye once you have downloaded it and accepted our Terms of Service (Article 6(1)(b)).
Legitimate interests — to keep the Services secure, prevent abuse, debug issues, and improve features in ways you would reasonably expect (Article 6(1)(f)). We balance our interests against your rights and freedoms in each case.
Consent — for any processing where we ask for it (e.g. push notifications, optional analytics in jurisdictions that require opt-in). You can withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal (Article 6(1)(a)).
Legal obligation — to respond to lawful requests, retain financial records, and meet other regulatory duties (Article 6(1)(c)).
Vital interests — in the rare case we process information to protect someone's life or physical safety (Article 6(1)(d)).

Canada (PIPEDA / Quebec Law 25)

If you are in Canada, we process your personal information with your express or implied consent, except where we are permitted or required by law to do so without consent (for example, to investigate fraud, comply with a subpoena, or in an emergency affecting someone's safety). You may withdraw consent at any time by emailing dapsdev.support@gmail.com; some withdrawals will mean we can no longer provide the Services to you.

If you are in Quebec under An Act respecting the protection of personal information in the private sector (Law 25), you have additional rights to know whether your information has been disclosed outside Quebec, to be informed about automated decisions made about you, and to data portability where required by law. Our person in charge of the protection of personal information is reachable at dapsdev.support@gmail.com.

Australia, New Zealand, Brazil

If you are in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. If you are in New Zealand, we comply with the Privacy Act 2020. If you are in Brazil, we process your personal data in accordance with the Lei Geral de Proteção de Dados (LGPD) on the bases of consent, contract performance, legitimate interest, regular exercise of rights, and our other legal bases under Article 7 LGPD. Brazilian residents have all rights granted by Article 18 LGPD.

§5. AI processing of your content

When you ask for an AI-generated result, we share the inputs you submit with our AI provider so it can produce that result.

SousEye uses OpenAI's API (including GPT-4o, GPT-4o-mini, and Whisper, depending on the feature) to generate responses. Inputs that you submit — for example images, text, or audio — are sent to OpenAI for the sole purpose of producing the response we then show you.

OpenAI states that data submitted via its API is not used to train its models by default, and we have not opted in to any training. OpenAI may retain API content for up to 30 days for abuse and misuse monitoring, after which it is deleted, except where retention is required by law.

You should not submit information you would not want sent to a third-party AI service. In particular, do not submit other people's private information, payment cards, government IDs, health records, or anything you are not legally permitted to share.

If you would prefer not to use AI features, you can avoid taking the actions that trigger them (e.g. avoid uploading a photo or pressing the analyze button); the rest of the app will still work for you. To request a copy or deletion of inputs and outputs we have stored about you, contact us at dapsdev.support@gmail.com.

§7. Sub-processors

The third-party services that operate behind SousEye on our behalf.

We engage the following sub-processors. Each is bound by a written contract that limits the use of your personal information to the purposes described in this Privacy Policy and requires appropriate technical and organizational security measures.

Supabase, Inc. — backend, database, auth, storage: Hosts your account, content, and metadata in PostgreSQL with row-level security. Data centres in the United States. Privacy policy: https://supabase.com/privacy.
OpenAI, OpCo, LLC — large language and speech models: Receives the inputs you submit so it can produce the response we show you. Data is not used to train OpenAI models on API traffic by default and may be retained up to 30 days for abuse monitoring. United States. Privacy policy: https://openai.com/policies/privacy-policy.
Apple Inc. — payments, App Store distribution, Sign in with Apple: Processes payments for subscriptions and distributes the iOS app. When you choose Sign in with Apple, Apple shares with us either your real email or an Apple-issued private-relay address, plus a stable Apple user identifier so we can recognise your account on future sign-ins. Apple does not share your Apple ID password and does not share your real name unless you explicitly elect to. United States. Privacy policy: https://www.apple.com/legal/privacy/.
RevenueCat, Inc. — subscription management: Mediates between Apple and SousEye so we can verify subscription status across your devices. Receives a hashed user ID and your subscription state (active/expired/refunded). United States. Privacy policy: https://www.revenuecat.com/privacy/.
Vercel, Inc. — web hosting for https://dapsdev.vercel.app: Hosts the public Daps website (the page you are reading). Receives standard web-server logs (request URL, IP, user-agent) for security and abuse prevention. United States. Privacy policy: https://vercel.com/legal/privacy-policy.
Email service providers: If we email you about your account, the email is delivered via a transactional email provider that processes your address solely to deliver our message and does not use it for any other purpose.

§8. Cookies and tracking technologies

SousEye is an iOS application and does not use HTTP cookies for in-app functionality. We use Apple-provided device identifiers (the IDFV — vendor identifier) and randomly generated installation identifiers to keep you signed in and to debug issues; these reset when you reinstall the app.

SousEye does not include the App Tracking Transparency tracking domain pattern, does not use the IDFA (advertising identifier), and does not call `requestTrackingAuthorization`. We do not engage in cross-app or cross-website tracking, and our App Privacy Manifest declares no third-party "tracking" SDKs as defined by Apple.

Our website at https://dapsdev.vercel.app sets only the minimum cookies necessary to operate the site. We do not run ad networks, retargeting pixels, or third-party analytics that share data with advertising networks. If we ever introduce non-essential cookies, we will surface a consent banner to users in jurisdictions that require opt-in (EEA, UK, Switzerland, Brazil) before they are set.

§9. How long we keep information

We keep information only as long as necessary to deliver the Services, comply with law, or protect our rights — and never longer than the periods listed below.

Photos and other media you upload are retained only as long as needed to deliver the response and, if applicable, to keep it in your in-app history. You can delete saved items from within the app at any time, after which they are removed from our active systems within 30 days and from backups within an additional 30 days.
Text inputs and AI responses are retained in your account history (where applicable) until you delete them or close your account.
Account information is retained for as long as your account is active. When you delete your account we delete or de-identify it within 30 days, except where we are required to keep it for legal, accounting, or fraud-prevention purposes.
Records of customer support communications are retained for as long as needed to address your request and for a reasonable period afterward (up to 24 months).
Diagnostics, crash reports, and aggregate usage data are retained for up to 12 months for engineering and product purposes.
Purchase records and tax-relevant data are retained for as long as required by tax, accounting, and consumer-protection law (typically 7 years).
Backup copies on encrypted, isolated storage may persist for up to 60 days after deletion before being permanently overwritten.

§10. Security and breach notification

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS 1.2+), encryption at rest, scoped database access controls (Row-Level Security and the principle of least privilege), audit logging, multi-factor authentication for our internal tools, and routine review of our infrastructure dependencies.

No method of transmission over the internet, however, is 100% secure, and we cannot guarantee absolute security. You use the Services at your own risk, and we encourage you to use a strong, unique password and to keep your device's operating system up to date.

If we become aware of a security incident affecting your personal information, we will notify you and any required regulator without undue delay and, where feasible, within the timeframes required by applicable law (e.g. 72 hours under GDPR/UK GDPR Article 33). Notification will describe the nature of the incident, the categories of data affected, and the steps we are taking in response.

§11. International data transfers

SousEye is operated from California, USA. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or in any other country where our service providers maintain facilities.

Where we transfer personal data of EEA, UK, or Swiss residents to a country that has not been recognised by the European Commission as providing an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (Module 2 or 3 as applicable), the UK Addendum to the SCCs, and/or the Swiss FDPIC's standard contractual clauses, supplemented by additional technical and organizational measures (encryption, access controls, transparency reporting). A copy of the relevant clauses is available on request to dapsdev.support@gmail.com.

For users in Brazil, we transfer personal data outside Brazil only on a basis permitted by Article 33 LGPD.

§12. Your privacy rights

Depending on where you live, you may have rights under privacy laws such as the EU GDPR, UK GDPR, Swiss FADP, Canadian PIPEDA, Quebec Law 25, the Australian Privacy Principles, the New Zealand Privacy Act 2020, and Brazil's LGPD. These rights may include:

The right to access the personal information we hold about you, and to receive a copy.
The right to correct inaccurate or incomplete personal information.
The right to delete your personal information, subject to certain exceptions.
The right to object to or restrict certain processing, including processing based on legitimate interests.
The right to data portability — to receive your information in a structured, commonly used, machine-readable format and to transmit it to another controller.
The right to withdraw consent where we rely on consent as our legal basis (this does not affect the lawfulness of prior processing).
The right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 15 (Automated decision-making and profiling)).
The right to lodge a complaint with a supervisory authority — for example, your EEA Member State data protection authority, the UK Information Commissioner's Office (ICO), the Swiss Federal Data Protection and Information Commissioner (FDPIC), the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, the Office of the Australian Information Commissioner (OAIC), the Office of the Privacy Commissioner of New Zealand, or Brazil's ANPD.

How to exercise your rights

To exercise any of these rights, email dapsdev.support@gmail.com from the email address associated with your account, or use the in-app account-deletion option (where provided). We may need to verify your identity before responding — typically by confirming control of the email used to register or by asking you to confirm a one-time code sent to that email.

We will respond within the time required by applicable law (typically 30 days, extendable by another 60 days for complex requests with notice to you), and we will not discriminate against you for exercising your rights. If we decline a request in whole or part, we will explain why and tell you how to appeal.

Authorized agents

Where applicable law allows, you may use an authorized agent to make a privacy request on your behalf. We may ask the agent for written, signed permission from you and may verify your identity directly. We will reject agent requests that are not properly authorized.

§13. U.S. state privacy rights

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have specific rights under your state's privacy laws.

The table below describes the categories of personal information that SousEye has collected over the preceding 12 months under the California Consumer Privacy Act (as amended by the CPRA). The categories track the CCPA's enumerated list. Your state's law may use slightly different category labels, but the substance is the same.

A. Identifiers: Email address (if you have an account), randomly generated user identifier, device identifier (IDFV), IP address used at the moment of a request. Collected: Yes.
B. Customer records (Cal. Civ. Code §1798.80(e)): Name, contact information, financial details. Collected: No (we do not collect a real name or financial-account information).
C. Protected classifications: Age, race, religion, sexual orientation, etc. Collected: No.
D. Commercial information: Subscription tier, purchase history. Collected: Yes (subscription state from Apple).
E. Biometric information: Fingerprints, voiceprints, faceprints. Collected: No.
F. Internet or network activity: App screens visited, features used, error events. Collected: Yes (in-app only; we do not track you across other apps or websites).
G. Geolocation data: Approximate location derived from IP for security; precise geolocation. Collected: Approximate IP-based only. Precise (GPS) geolocation: No.
H. Audio, electronic, sensory information: Audio extracted from videos you import for the purpose of speech-to-text. Collected: Yes, when you trigger that feature.
I. Professional / employment information: Employer, job title, work history. Collected: No.
J. Education information: Student records, grades, transcripts. Collected: No.
K. Inferences: Profiles drawn from the data above to predict your preferences. Collected: We use aggregated, de-identified usage information to improve features; we do not build behavioural profiles about identifiable users.
L. Sensitive personal information: Government IDs, account log-in credentials, precise geolocation, racial/ethnic origin, religious beliefs, mail/email/text contents, genetic/biometric data, health, sex life or sexual orientation. Collected: No. SousEye does not collect or use sensitive personal information for purposes other than those permitted by Cal. Civ. Code §1798.121(a) (delivering the Service requested).

Sources of personal information

Directly from you, when you create an account, submit content, or contact us.
Automatically from your device, as described in Section 2 (Information we collect).
From our sub-processors (e.g. subscription state from Apple/RevenueCat) and from people who share a SousEye link with you.

Sale, sharing, and targeted advertising

We do NOT sell or share your personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, or any similar state law. We do not engage in profiling that produces legal or similarly significant effects about you. We have not sold or shared personal information in the preceding 12 months and have no current plans to do so.

Your rights as a U.S. state resident

Right to know whether we are processing your personal data.
Right to access your personal data and obtain a copy in a portable format.
Right to correct inaccuracies in your personal data.
Right to delete personal data about you, subject to permitted exceptions.
Right to opt out of the sale, sharing, or processing for targeted advertising of personal data (we do not engage in any of these — see above).
Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (we do not engage in such profiling).
Right to limit use and disclosure of sensitive personal information, where collected (we do not collect SPI for purposes outside §1798.121(a)).
Right to non-discrimination for exercising any of these rights.
Right to obtain the categories of third parties to whom we have disclosed personal data (Connecticut, Delaware, Maryland, Minnesota, Oregon).
Right to question and, where allowed, correct profiling decisions (Connecticut, Minnesota).
Where required by Florida law, right to opt out of the collection of sensitive data and personal data collected through voice/facial-recognition features.

How to exercise U.S. state rights

Email dapsdev.support@gmail.com with the subject line "Privacy Request – [your state]" from the email associated with your SousEye account, or use the in-app account-deletion option. We will verify your identity by confirming control of that email or by sending you a one-time code, and we will respond within the timeframes required by your state's law (typically 45 days, extendable by another 45 days with notice).

Authorized-agent requests must include written, signed permission from the consumer; we may verify directly with you in any case.

Right to appeal

If we decline to take action on your request, you may appeal that decision by replying to our response email or sending a new email to dapsdev.support@gmail.com with the subject "Privacy Appeal". We will respond to the appeal within the time required by your state's law (typically 60 days). If your appeal is denied, you may file a complaint with your state attorney general — the Texas, Virginia, and Colorado attorneys general publish complaint pages, and the California Privacy Protection Agency accepts complaints at https://cppa.ca.gov.

California Shine the Light

California Civil Code §1798.83 entitles California residents who have an established business relationship with us to request, once per calendar year and free of charge, information about the personal information (if any) we have shared with third parties for those parties' direct marketing purposes. We do not share personal information for third-party direct marketing.

Notice of Financial Incentive

SousEye does not offer a financial incentive (such as a price or service difference) in exchange for the collection, retention, sale, or sharing of personal information. If we ever introduce one, we will provide a separate Notice of Financial Incentive that complies with Cal. Civ. Code §1798.125.

§14. Children's privacy

SousEye is not directed to children under 13 (or under 16 in the European Economic Area, the United Kingdom, Switzerland, Brazil, and any other jurisdiction where that is the applicable digital-consent age), and we do not knowingly collect personal information from children below those ages. The App Store age rating for SousEye is set accordingly.

If you believe a child has provided us with personal information, please contact us at dapsdev.support@gmail.com. We will delete the information, terminate the associated account, and take reasonable steps to prevent further collection. Parents and guardians who would like to review or delete a child's information may also contact us at the same address.

Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), the EU GDPR (Article 8), the UK Age Appropriate Design Code, and the California Age-Appropriate Design Code, we have considered the categories of data we collect, the way we present choices, and the absence of behavioural-advertising and targeting features in light of the possibility that some users may be under the relevant age threshold despite our age-gating.

§15. Automated decision-making and profiling

SousEye uses AI to generate ingredient identification, recipe extraction from videos, scaled recipe steps, voice-guided instructions, and other cooking-related suggestions. These outputs are recommendations and informational; they are not used to make decisions about you that produce legal or similarly significant effects (such as denial of credit, employment, housing, education, insurance, or essential government services).

Where AI features are involved, you can request a copy of the inputs and outputs we have stored about you, ask us to correct an output you believe is wrong, or stop using AI features entirely without losing access to the rest of the Services. To do any of these, contact dapsdev.support@gmail.com.

If you are in the EEA, UK, or Quebec, you have the right under Article 22 GDPR (and the equivalent provisions of UK GDPR and Quebec Law 25) not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. We do not engage in any such processing today, and we will give you advance notice and a meaningful opt-out before we ever do.

§16. Do-Not-Track and Global Privacy Control signals

Some browsers transmit a "Do-Not-Track" (DNT) header. Because there is currently no industry-wide consensus on how to interpret DNT, our website does not currently respond to DNT signals.

Where required by law (including the California Privacy Rights Act regulations), we treat the Global Privacy Control (GPC) signal sent by your browser as a valid request to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising. Because we do not engage in either practice, we have nothing to opt you out of — but we will continue to honour the signal in our future operations.

§17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. For material changes — for example, a new category of personal information, a new sub-processor that handles your content, or a change in legal basis — we will provide notice through the app or by email at least 14 days before the change takes effect, and where required by law we will obtain your consent before applying the change to data already collected.

We encourage you to review this page periodically. Continued use of the Services after the effective date of an update constitutes acceptance of the updated Privacy Policy.

§18. Contact us

Daps Dev is the data controller for personal information described in this Privacy Policy. If you have questions about this Privacy Policy or want to exercise any of your privacy rights, contact us at dapsdev.support@gmail.com.

We have not appointed a separate Data Protection Officer; questions formally directed to a DPO will be handled by the same address. EEA and UK residents may also write to the supervisory authority in their country of habitual residence — a list is available on the European Data Protection Board's site (https://edpb.europa.eu) and on the UK ICO's site (https://ico.org.uk).