Privacy Policy

Gelato Balancing App — Last updated: May 25, 2026

1. Data Controller

The data controller responsible for your personal data under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") is:

• ICE LAB LTD
• Registered office: Gordiou Desmou 29, 6045 Larnaca, Cyprus
• Company registration: HE320286 · VAT: CY10320386M
• Email: [email protected]

2. Introduction

Gelato Balancing App ("we", "our", "the App") is a recipe management tool for gelato professionals. We respect your privacy and are committed to protecting your personal data. This policy explains what data we collect, the legal basis on which we process it, who we share it with, how long we keep it, and your rights under the GDPR.

3. Data We Collect

When you use the App, we collect:

• Account information: Email address, display name, and authentication provider (email/password or Google Sign-In).
• User-generated content: Ingredients, recipes, brands, and categories you create within the App.
• Usage data: Basic analytics such as login timestamps and error logs.
• Billing data: If you subscribe, our payment processor Stripe collects and processes your payment details. We never see or store your full card number; we only receive the card brand, last four digits, and subscription status.

We do not collect location data or device identifiers, and we do not use third-party tracking cookies or advertising pixels.

4. Legal Basis for Processing (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)) — to provide the App, manage your account, process your subscription, and store the recipes and ingredients you create.
• Legitimate interests (Art. 6(1)(f)) — to keep the service secure, prevent fraud and abuse, and improve the App based on aggregate usage patterns. You can object to processing based on legitimate interests at any time.
• Compliance with legal obligations (Art. 6(1)(c)) — e.g. retaining invoice records for tax purposes.
• Consent (Art. 6(1)(a)) — for any optional processing we ask you to opt in to (currently none).

5. How We Use Your Data

• To provide and maintain the App's functionality.
• To authenticate your identity and manage your account.
• To store your recipes, ingredients, and preferences.
• To process your subscription and bill you through Stripe.
• To improve the App based on aggregate usage patterns and error reports.
• To respond to your support requests.

6. Data Storage & Security

Your data is stored in Google Firebase (Firestore), operated by Google Cloud. Data is encrypted in transit (HTTPS/TLS 1.2+) and at rest. Access to your data is restricted to your authenticated account through Firestore security rules. A limited number of authorised personnel at ICE LAB LTD may access user data for support and abuse-prevention purposes, subject to confidentiality obligations.

7. Sub-processors & International Transfers

To deliver the App we share personal data with the following sub-processors. Each is bound by a data processing agreement and, where data is transferred outside the European Economic Area, by the European Commission's Standard Contractual Clauses (SCCs) under Article 46 GDPR:

Sub-processor	Purpose	Location	Transfer safeguard
Google Ireland Limited / Google LLC (Firebase / Google Cloud)	Authentication, database hosting, Cloud Functions, web hosting	EU + United States	SCCs (Module 2) + Google’s supplementary measures
Stripe Payments Europe Ltd / Stripe Inc.	Subscription billing and payment processing	Ireland (primary) + United States	SCCs + Stripe’s data processing addendum
OpenAI Ireland Ltd / OpenAI LLC	Optional PDF and label parsing for ingredient extraction	Ireland + United States	SCCs + OpenAI’s API data processing addendum (input is not used to train models)
Cloudflare, Inc.	CDN, DDoS protection, and edge caching of the marketing site	Global edge network	SCCs + Cloudflare’s data processing addendum

We do not sell your personal data to any third party.

8. Data Retention

• Account & user content: retained as long as your account is active. After account deletion, all account data and user-generated content is permanently removed from Firestore within 30 days.
• Error and login logs: retained for up to 90 days for security and debugging purposes, then deleted.
• Invoice and billing records: retained by Stripe and in our accounting records for the period required by Cyprus tax law (currently 6 years).
• Backups: backups containing your data may persist for up to 35 days after deletion in standard infrastructure backup cycles, after which they are overwritten.

9. Your Rights (GDPR)

As an EU/EEA resident you have the right to:

• Access — obtain a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your account and personal data. You can do this yourself at any time from the Subscription screen ("Delete my account"), or by emailing us.
• Restriction — ask us to limit processing in certain circumstances.
• Portability — receive your data in a structured, commonly used format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.
• Lodge a complaint — with your local supervisory authority or with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (dataprotection.gov.cy).

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. Cookies & Local Storage

The App uses essential cookies and local storage for authentication session management and to remember your language preference. No third-party tracking cookies, analytics cookies, or advertising pixels are used. Your consent for essential cookies is not required under EU law because they are strictly necessary for the App to function.

11. Children's Privacy

The App is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be announced by email or by a notice in the App at least 14 days before they take effect. The "Last updated" date above always reflects the current version.

14. Contact

For privacy-related questions, data-subject requests, or to exercise any of the rights described above:

• ICE LAB LTD
• Gordiou Desmou 29, 6045 Larnaca, Cyprus
• Email: [email protected]

Terms of Service · Home