LEGAL
Privacy Policy
Last Updated: February 15, 2026
Expired Solutions, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Xpired mobile application ("App") and related services.
By using the App, you consent to the data practices described in this policy. If you do not agree with the data practices described in this Privacy Policy, you should not use the App.
1. Information We Collect
1.1 Personal Information You Provide
- Account Information: Email address, username, and password (stored securely via Firebase Authentication)
- Profile Information: Optional display name and dietary preferences
- User Content: Photos of produce you scan, saved inventory items, and notes you create
1.2 Automatically Collected Information
- Device Information: Device type, iOS version, unique device identifiers, and app version
- Usage Data: Scan history, feature usage, session duration, and app interactions
- Camera Data: Images captured for produce scanning, processed for freshness analysis by our AI systems and by OpenAI (a third-party AI provider) via their API -- see Section 3 and Section 6 for detail
- Location Data: Optional approximate location for price comparison features (only with your permission)
1.3 Transaction Information
Xpired is currently free during beta -- there is no paid subscription yet, so nothing in this section applies today. It's included so it's accurate the moment Pro ships.
- Subscription Data: Once a paid Pro tier is available, purchase history and subscription status will be handled by Apple StoreKit
- Receipt Data: Information about your subscription tier and renewal dates, once applicable
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the App's functionality
- Analyze produce images and generate freshness scores using our AI systems
- Send you push notifications about expiration alerts and inventory reminders
- Process and manage your subscriptions and payments through Apple
- Personalize your experience with recipe recommendations based on dietary preferences
- Respond to your inquiries and provide customer support
- Monitor and analyze usage patterns to improve our AI models
- Detect, prevent, and address technical issues and fraudulent activity
- Comply with legal obligations and enforce our Terms of Service
3. AI and Machine Learning
Our App uses artificial intelligence and machine learning to analyze produce images and generate freshness scores. Here's how we handle your data in this process:
- Images are processed on our secure cloud servers using encrypted connections (HTTPS/TLS)
- Third-party AI provider: to generate your freshness score, your produce photo is sent to OpenAI via their API for analysis. This happens for every scan -- see Section 6 for how OpenAI handles that data.
- Scan images (your own history): kept so you can see your own scan history and inventory; see Section 5 for how long.
- Training images are opt-in only: we do NOT use your scan photos to train or improve our AI models unless you explicitly turn on "Help Improve Xpired's AI" in App Settings. If you never opt in, your photos are never added to a training dataset. If you do opt in, those images are anonymized and stripped of personally identifiable information before use, and you can withdraw consent (and request those specific images be removed) at any time in App Settings.
- Our AI systems do not store or recognize faces or other personally identifying visual elements
4. Data Storage and Security
We implement appropriate technical and organizational security measures to protect your personal information:
- Encryption: All data in transit is protected using HTTPS/TLS 1.3 encryption
- Secure Storage: Images and data are stored with our infrastructure providers (Fly.io for application hosting, Tigris for encrypted object storage, MongoDB Atlas for the database) with encryption at rest
- Authentication: Secure token-based authentication stored in iOS Keychain
- Access Controls: Strict access controls and monitoring for internal systems
- Regular Audits: Security assessments and penetration testing
Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your data.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active
- Scan Images (your own history): Retained for up to 12 months so you can see your own scan history, or until you delete them or your account -- whichever comes first
- Training Images (opt-in only): Only exist if you explicitly opted in (see Section 3). Retained only as long as needed to improve our models; you can revoke consent and request removal of your images at any time in App Settings
- Inventory Data: Retained until you delete items or your account
- Subscription Records: Retained for 3 years for tax and accounting purposes
- Deleted Accounts: When you delete your account (App Settings → Delete Account, or by emailing us), we permanently delete your account data AND purge your stored photos -- including scan images and, if you opted in, training images -- within 30 days
6. Third-Party Services
We use the following third-party service providers:
OpenAI
AI-powered produce classification and freshness analysis. Images are processed via OpenAI's API in accordance with their Data Usage Policy. OpenAI does not use your data to train their models.
Fly.io, Tigris, and MongoDB Atlas
Application hosting, encrypted object storage for photos, and database hosting, respectively. Data is processed in accordance with each provider's privacy policy.
Apple Inc.
In-app purchases, subscriptions, and App Store services. Apple handles all payment data.
Firebase (Google)
Authentication, analytics, and crash reporting.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
7.1 GDPR Rights (EU/EEA Users)
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data in a usable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
7.2 CCPA Rights (California Residents)
- Right to Know: Information about data collection and use
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
7.3 How to Exercise Your Rights
- In-App: Settings → Export My Data or Delete Account
- Email: Contact us at privacy@expiredsolutions.com
- Response Time: We will respond within 30 days
8. Children's Privacy
The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@expiredsolutions.com and we will delete such information.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information when transferred internationally.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide notice through the App or by email.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: