Privacy Policy
Last updated on January 12, 2024
Welcome to Sesame App (“Sesame”)! Sesame is committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through the Sesame App mobile application and website at www.sesameapp.com (together, the “Services”). For the purposes of these Terms, “we” “our” “us” and “Sesame” refer to Spoonful Inc., the providers and operators of the Services.
For the purposes of these Terms, “we” “our” “us” and “Sesame” refer to Spoonful Inc., the providers and operators of the Services.
Capitalized terms not defined in this Privacy Policy have the meaning as set forth in the Terms of Service for the Services, which can be found here. If you are visiting us from the European Union, European Economic Area, or the United Kingdom, please be sure to read the section entitled “Additional Information for Users in the European Economic Area and United Kingdom” for information on how we comply with privacy laws applicable to you.
1. Consent
By using the Services, you consent to the use of your Personal Information as described in this Privacy Policy. You must be over 18 years of age to use the Services, and individuals under the age of 18 cannot use or register for the Services. Review this Privacy Policy with your parent or legal guardian to make sure you understand it. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. We do not actively collect Personal Information for the purpose of sale of such information in a way that specifically identifies the individual (i.e. we don’t sell customer lists). You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using some or all of the Services.
2. Collection of Information
Personal Information
When registering to use the Services, we may require you to provide certain personally identifiable information (these are referred to below as your “Personal Contact Information”). The Personal Contact Information that we require you to provide in order to access the Services may include, but is not limited to, the following:
- First Name
- Last Name
- Password
When using the Services, you may also voluntarily provide us with personally identifiable information, such as your name, address, profile picture, social sign on information, and phone number. This information, along with any Profile Information listed below, is also referred to as Personal Contact Information.
In addition, when using the Services, you may have the opportunity to scan in, type, and in some cases photograph, food products with your camera. This information is stored together with your Personal Contact Information and is also referred to as Personal Contact Information. While you are not required to provide this food product information to use the Services, your choice to not provide such data limits the extent to which you can access the full functionality of the Services.
When purchasing the Services, we will require you to provide financial and billing information, such as billing name and address, and credit card number (“Billing Information”). Your Personal Contact Information and your Billing Information, together with any other information we gather through the Services that may be used to identify, contact, or locate you individually, are collectively referred to herein as your “Personal Information.”
Profile Information
In using the Services, you may be assigned a profile which will be displayed to other users of the Services. As a default, your nickname (username) and certain product interactions may be visible to other users of the Services, in which case you can elect to make your product interactions private at any time by toggling your interactions to “Private”. You may also, at your election, choose to complete additional profile components. For example, you may choose to provide a display photo, a personal website, and/or a short bio. If you provide any of this elective information, it may be displayed to other users of the Services.
Data, Diagnostic & Login Information
You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Certain Data can be uploaded by allowing the Services to scan in food product data through use of the camera on your mobile device. Providing us with permissions so that the Services can access food data with your mobile device camera is optional. Some of Data may be stored and maintained on our servers and may be linked to your Personal Information. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).
Usage, Purchase and Analytics Information
As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our website (such as the web pages viewed, links clicked, purchases made) or while using the Services, including any Premium Services. Collectively, this information is referred to as “Usage, Purchase and Analytics Information'' and this information may be linked to your Personal Information.
Geo-Location Information
We do not use GPS technology to collect any information regarding your precise real-time geo-location while using the Services. However, we may use elements of your Usage and Analytics Information (such as your IP address) to determine your generalized location. This information is referred to as “Generalized Geo-Location Information.”
3. Use of Information
Information Collected | Use |
---|---|
Personal Contact Information | We use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personal Contact Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information about us or our partners. |
Billing Information | We use Billing Information to manage your account, to provide the Services, and to check the financial qualifications of prospective customers and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf. |
Data, Diagnostic Information and Login Information | We use this information for the purpose of administering and improving our Services to you. We may also use this information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services' technical administration, and to increase the Services' functionality and user-friendliness. |
Usage, Purchase, and Analytics Information | We may use your Usage, Purchase and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services' technical administration, to increase the Services' functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests. |
Generalized Geo-Location Information | We may use this information for the purpose of administering and improving our Services to you, such as by providing you with relevant advertisements and promotions. We may also use your Generalized Geo-Location Information in an anonymized manner in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services' technical administration, and to increase the Services' functionality and user-friendliness. |
If we plan to use your Personal Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled “Amendment of this Privacy Policy”.
4. Disclosures & Transfers
We have put in place contractual and other organizational safeguards with our agents to ensure a proper level of protection of your Personal Information (see further “Security” below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy (see further below).
From time to time we may employ third parties to help us provide and/or improve the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to provide and/or improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our users for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is absolutely necessary to assist us.
We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.
We may also disclose your Personal Information in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.
5. Non-US Users
These Services are hosted in the United States and are intended primarily for visitors located within the United States. If you choose to use the Services from other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you may be transferring your Personal Information outside of those regions to the United States for storage and processing. By providing your Personal Information through the Services, you consent to such transfer, storage, and processing. The foregoing is subject to exceptions as set forth in the section entitled “Additional Information for Users in the European Economic Area and United Kingdom.”
6. Security
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.
7. Sharing Information with Third Parties
You may be able to share Personal Information with third parties through use of the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.
8. Retention
We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy. Please note that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all of your Personal Information due to technological and legal constraints.
9. Amendment of this Privacy Policy
We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on[https://sesemeapp.com/privacy-policy] or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.
If applicable law requires your opt-in consent to any particular amendment to this Privacy Policy, the amendment will not apply to your Personal Information until we receive such consent from you. To the extent we cannot provide some or all of the Services without your consent to such amendment to the Privacy Policy, your decision not to consent may result in our having to limit your ability to use certain aspects of the Services.
10. Access and Accuracy
You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: support@sesameapp.com.
11. Service Providers
We may employ third-party companies and individuals to facilitate our Services (“Service Providers“), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
A list of our current Service Providers can be found below (the “Service Provider List”). The Service Provider List may be updated from time-to-time, as Service Providers are added and removed.
Analytics
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:https://www.google.com/intl/en/policies/privacy/.
Miscellaneous
Google Firebase
Firebase is an app development platform backed by Google. We use Firebase for app data persistence and user authentication. For more information on Firebase’s privacy practices, please visit: https://firebase.google.com/support/privacy
React Native Google Firebase
RN Firebase is a collection of packages. We use RNFirebase to integrate a native experience with Firebase.
MySQL 8.0
MySql is a data management system. We use MySql 8.0 for data persistence.
Google Cloud
We use Google Cloud for web and mobile application infrastructure and SQL Cloud for data persistence. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://www.google.com/intl/en/policies/privacy/.
Amazon
We use Amazon S3 to store user uploaded data, and Amazon Personalize for user-based recommendations. For more information on Amazon's privacy practices, please visit: https://aws.amazon.com/privacy/
Instabase
Instabase is an applied AI platform. We use Instabase App AI to derive and generate data on product images. For more information on Instabase's privacy policy, please visit: https://instabase.com/privacy-policy/
Expo
We use Expo to create mobile applications in iOS and Android. For more information about Expo's privacy policy, please visit:
React Native
We use React Native to create mobile applications in iOS and Android. For more information about Expo's privacy policy, please visit: https://opensource.fb.com/legal/privacy/
Flask
Flask is a web application framework. We use Flask in our APIs.
RevenueCat
Revenue Cat is a subscription management platform. We use Revenue Cat for in-app purchases and to track purchase data. For more information on Revenue Cat’s privacy policy, please visit: https://www.revenuecat.com/privacy/
12. HIPAA
Please note that we are not a health care provider, and are therefore not an entity that is covered by the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rules apply to health plans, health care clearinghouses, to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA and their service providers. This means that the information that you provide to us is not protected by the HIPAA privacy rules and regulations.
13. Contact Us
You can help by keeping us informed of any changes such as a change of email address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions, if you find any errors in our information about you, or if you have a complaint concerning our compliance with applicable privacy laws, please contact us at support@sesamelapp.com or by mail at:
Sesame App
Spoonful Inc.
2930 Domingo Ave #1121
Berkeley, CA 94705
United States
ADDITIONAL INFORMATION FOR USERS IN THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM
Personal Information
References to “Personal Information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller
Spoonful Inc. is the controller of your personal information for purposes of European data protection legislation.
Lawful Basis for Data Processing
We will only collect, store, and process your personal information where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:
- You, the Data Subject, have given consent to the processing of your personal information for one or more specific purposes, for example by consenting to terms and conditions on our website, and consenting to the terms of this Privacy Policy;
- Processing is necessary for the performance of a contract to which you, the Data Subject, are party;
- Processing is necessary for compliance with a legal obligation to which we as a Controller is subject;
- Processing is necessary for the purposes of the legitimate interests pursued by us as the Controller, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the Data Subject, which require protection of your personal information. The legitimate interests that underlie our processing of personal data include research and development, marketing and promoting the Services, and protecting our legal rights and interests.
Use for New Purposes
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.
Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, we keep account information for as long as the account is active, and for a reasonable period thereafter to ease reactivation if you choose to reactivate your account. If the Services are made available to you through an organization, e.g., your employer, we retain your information as long as required by the administrator of your account on their behalf.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Your Rights
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
"Opt-out"
Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
"Access"
Provide you with information about our processing of your personal information and give you access to your personal information.
"Correct"
Update or correct inaccuracies in your personal information.
"Delete"
Delete your personal information.
"Transfer"
Transfer a machine-readable copy of your personal information to you or a third party of your choice.
"Object"
Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
"Withdraw Consent"
If our processing is based on your consent, you have the right to withdraw such consent at any time.
You can submit these requests by email to: support@sesasmeapp.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described in Section 13 of our Privacy Policy or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on either use of approved standard contractual clauses or one of the safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation. Please note that by agreeing to this Privacy Policy and using the Services, you acknowledge that we may store your Personal Information on servers located outside of the EEA or the United Kingdom and you consent to such transfer. Our obligation set forth in paragraph regarding cross-border data transfers is limited to our transfers of your Personal Information to third parties.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org.
How do we use cookies?
Our Company uses cookies in a range of ways to improve your experience on our website, including:
There are a number of different types of cookies, however, our website uses:
- Analytics and Functionality – Cookies allow a site or service to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.