Privacy Policy

Last updated: February 7, 2026

Introduction

LightPath Apps LLC ("we," "our," or "us") built Carte as a health and nutrition app that uses your device's camera to scan food products and provide health grades. This Privacy Policy explains what data we collect, how we use it, and your rights.

By using Carte, you agree to the practices described in this policy. If you do not agree, please do not use the app.

Information We Collect

Camera and Photo Data

Carte uses your device camera for the following purposes:

  • Barcode scanning: We scan product barcodes to identify food items. The barcode data is sent to our servers to retrieve or generate a health score.
  • Menu scanning: We use on-device OCR to read restaurant menus so you can score menu items. Menu images are processed in real time and are not stored on our servers.
  • AR overlay: We display health grades as augmented reality overlays on your camera feed. This processing happens on your device in real time.
  • Selfie-based health profile (optional): During onboarding, you may choose to take a selfie for body composition estimation. This image is processed locally on your device using AI to estimate body composition for TDEE calculations. Your selfie is never uploaded to our servers and is not stored permanently. The image is discarded immediately after processing. Only the resulting numeric estimates are saved to your local profile.

Photos and camera frames are processed in real time and are not permanently stored on our servers. We do not maintain a library or archive of your images.

Account Information

  • Anonymous authentication: By default, Carte uses Firebase Anonymous Authentication, which assigns a random device-based identifier. We do not require your name, email, or phone number to use the app.
  • Optional Google Sign-In: If you choose to sign in with Google for cross-device syncing, we receive your Google display name, email address, and profile photo URL. We use this solely for account identification and sync functionality.

Food Scoring Data

  • Product scores: When a product is scanned and scored, the resulting grade and nutritional summary are cached in our cloud database (Google Firestore). These cached scores are anonymized and shared across all users to improve response times. Cached scores are not linked to any individual user.
  • Your scan history: Your personal scan history and meal logs are stored locally on your device using a local database. If you sign in with Google, your history may sync to your account in Firestore.

Analytics and Crash Data

We use Firebase Analytics and Firebase Crashlytics to understand how the app is used and to diagnose crashes. This data is collected anonymously and includes:

  • App usage patterns (screens visited, features used, session duration)
  • Crash logs and performance metrics
  • Device type, OS version, and app version

This data is not linked to your identity and is used solely to improve app quality and performance.

What We Do NOT Collect

  • Location data: Carte does not request or access your location.
  • Contacts: We never access your contacts or address book.
  • Advertising identifiers: We do not collect advertising IDs or use ad tracking. Carte contains no ads.
  • Microphone or other sensors: We only access your camera, and only when you actively use scanning features.

How We Use Your Information

We use the data we collect to:

  • Provide and improve food health grades and nutritional scoring
  • Cache product scores to speed up results for all users
  • Maintain your local scan history and meal logs
  • Authenticate your account and enable cross-device sync (if you opt in)
  • Analyze app performance, fix bugs, and improve features
  • Process subscription purchases and manage your account status

We do not sell your data to third parties. We do not use your data for advertising.

How We Share Your Information

We share data only in the following limited circumstances:

  • Anonymized product scores are cached in Firestore and shared across all users. These scores contain no personal information.
  • Service providers: We use Google Cloud (Firebase, Cloud Run, Vertex AI) to operate the app. These providers process data on our behalf under their own privacy policies and data processing agreements.
  • Legal requirements: We may disclose information if required by law, legal process, or government request.

Data Storage and Security

  • Personal scan history is stored locally on your device.
  • Anonymized product scores are stored in Google Firestore (Google Cloud).
  • If you use Google Sign-In, your synced data is stored in Firestore and associated with your Google account identifier.
  • We use industry-standard security measures, including encryption in transit (TLS) and Firebase security rules to protect your data.

Your Rights and Choices

Data Deletion

You can delete your data at any time:

  • Local data: Clear app data or uninstall the app to remove all locally stored history.
  • Account data: If you signed in with Google, you can request full account deletion by emailing us at [email protected]. We will delete your account data within 30 days.
  • Anonymized cached scores cannot be attributed to you and are retained to benefit all users.

Opt-Out of Analytics

You can opt out of Firebase Analytics by disabling analytics in the app settings.

Access and Portability

You may request a copy of your personal data by contacting us at [email protected].

GDPR (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request corrections to inaccurate data.
  • Right to erasure: You may request deletion of your personal data.
  • Right to restrict processing: You may request that we limit how we use your data.
  • Right to data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.

Our legal basis for processing data is legitimate interest (providing and improving the app) and consent (optional Google Sign-In, optional selfie onboarding).

To exercise any of these rights, contact us at [email protected].

CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights:

  • Right to know what personal information we collect, use, and share.
  • Right to delete your personal information.
  • Right to opt out of the sale of personal information: We do not sell your personal information.
  • Right to non-discrimination: We will not treat you differently for exercising your CCPA rights.

To exercise these rights, contact us at [email protected].

Children's Privacy

Carte is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us at [email protected].

Health Information Disclaimer

Carte provides general nutritional information and health grades for educational purposes only. Carte is not a medical device and does not provide medical advice, diagnosis, or treatment. Health grades and scores are AI-generated estimates and may contain errors. Always consult a qualified healthcare provider before making dietary or health decisions.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app or on our website at lightpathapps.com. Your continued use of the app after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, contact us:

LightPath Apps LLC
Email: [email protected]
Website: lightpathapps.com