Citron

Privacy Policy

Company: Labforty8 LLC · App name: Citron · Location: Los Angeles, California

Effective date: 2025‑09‑09

Your privacy is important to us. This Privacy Policy explains how Citron ("Citron," "we," "us," or "our") collects, uses, shares, and protects your information when you use our website and mobile application (the “Service”).

Scope

This Policy applies to information collected through the Citron mobile app and the Citron website. Some sections apply only to the app (for example, device permissions).

Information We Collect

  • Personal identifiers: account details you provide (e.g., email), user ID.
  • Authentication data: session tokens and settings stored on‑device (via secure local storage) and in our backend (Supabase).
  • User content: recipe photos/images you upload, audio recordings for voice import, recipe URLs you submit, notes, and preferences (e.g., language, measurement units).
  • Device and app data: device model, OS/version, app version/build, device type, and similar technical information.
  • Usage data: app screens viewed, feature usage (e.g., imports, search), interactions, and diagnostics.
  • Push notification data: push token, device identifier (e.g., iOS IDFV or Android ID) and platform to deliver notifications.
  • Diagnostics: crash reports and performance data.
  • Payment/subscription metadata: subscription status and purchase receipts (processed by Apple/Google and managed via RevenueCat). We do not receive your full card details.

We do not sell personal data.

App Permissions and Media Handling

  • Camera and Photos: Citron requests access when you choose to capture or select images to import recipes. Images are used solely to extract text and recipe details. Processing typically occurs on our servers to perform OCR; where technically feasible, certain processing may occur on‑device. We do not use images for any purpose other than the feature you initiate.
  • Microphone/Audio: If you record audio to import a recipe, Citron requests microphone access. Audio is used only for transcription/extraction and may be uploaded to our servers for processing by our transcription/OCR services. We do not use audio for any other purpose.
  • Push Notifications: If you opt in, we collect a push token and basic device info to send notifications (e.g., recipe updates). You can disable notifications in your device settings at any time.

How We Use Information

  • Provide and improve Citron, including recipe import from images, audio, and URLs.
  • Personalize features (e.g., language, unit settings).
  • Communicate with you about the Service (e.g., updates, support).
  • Maintain safety, integrity, and prevent fraud/abuse.
  • Perform analytics and diagnostics to understand performance and reliability.
  • Manage subscriptions and entitlement access.

Legal Bases (EEA/UK)

Where applicable:

  • Performance of a contract: to provide core app features you request.
  • Legitimate interests: to secure and improve the Service, fix bugs, and understand feature usage (balanced against your rights).
  • Consent: for optional features such as push notifications and, where required, certain analytics.
  • Legal obligations: compliance and record‑keeping.

Storage and Retention

  • Images and audio uploaded for extraction are retained only as long as needed to complete processing and reliability checks, then deleted. Extracted text/recipe data you save in your account is stored until you delete it or request deletion.
  • Push tokens are kept while you remain opted in or until invalidated.
  • Crash and diagnostic logs are kept for a limited period consistent with our providers’ defaults and operational needs.
  • Other personal data is retained only as necessary for the purposes described or as required by law.

Sharing and Service Providers

We share data with contracted service providers that process data on our behalf to operate the Service:

  • Authentication, database, and storage: Supabase.
  • Analytics: PostHog (mobile analytics; session recording is disabled).
  • Crash/error monitoring: Sentry.
  • Subscriptions and in‑app purchases: RevenueCat (works with Apple App Store and Google Play billing).
  • Push notifications: Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), and Expo push infrastructure.
  • OCR/transcription: third‑party providers used strictly to extract text/recipe content from your submitted images and audio (for example, Google Cloud OCR or equivalent). We configure providers and contracts to limit use to providing the requested service.

These providers are bound by contractual obligations and handle data according to their policies. We do not sell personal data or share it for cross‑context behavioral advertising.

Data Transfers

We may process and store information in the United States and other countries where our providers operate. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers.

Your Choices and Rights

  • Permissions: Manage camera, photos, microphone, and notifications in your device settings.
  • Communications: You can opt out of non‑essential communications.
  • Access/Correction/Deletion: You can request access to, correction of, or deletion of your personal data.
  • EEA/UK: You may have rights to object to or restrict processing, and to data portability, and to withdraw consent where processing is based on consent.
  • California (CPRA): You may have the right to know, correct, and delete personal information, and to opt out of “selling” or “sharing” (we do not sell or share personal information as defined by CPRA).

We may request information to verify your identity before acting on a request.

Children’s Privacy

Citron is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us to request deletion.

Security

We use appropriate technical and organizational measures to protect your information, including encryption in transit and access controls. No method of transmission or storage is 100% secure.

Cookies and Similar Technologies (Website)

Our website may use cookies and similar technologies for functionality, analytics, and performance. You can control cookies through your browser settings where available.

Data Deletion Requests

You can follow our Data Deletion Instructions or email hi@citronapp.co. If your request pertains to app data (e.g., recipes, account), please include the email address associated with your account.

Changes to This Policy

We may update this Policy from time to time. We will post changes on this page with an updated effective date. Material changes will be communicated where legally required.

Contact Us

Labforty8 LLC
Los Angeles, California
Email: hi@citronapp.co

  • For EEA/UK residents: You may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.
  • For California residents: You may submit CPRA requests by emailing hi@citronapp.co. We will not discriminate against you for exercising your privacy rights.
← Back to home