Stoxi Logo
Stoxi
Download App
Back to Home

Privacy Policy for Stoxi

Last Updated: June 22, 2026

This Privacy Policy explains how I ("Stoxi", "I", "me", or "us") collect, use, disclose, and safeguard your information when you use the Stoxi mobile application (the "App").

As a solo developer based in Denmark, I am committed to complying with the European General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven).

1. Data Controller

The Data Controller responsible for your personal data under applicable data protection laws is:

  • Name: Jonas Vestergaard Kramer (Solo Developer)
  • Address: Egebjergvej 93, 8220 Brabrand, Denmark
  • Email: stoxiapp@gmail.com
  • Data Protection Officer: Stoxi is not required to appoint a Data Protection Officer under Article 37 GDPR.

If you have any questions about this Privacy Policy or my data practices, you can contact me using the details above.

2. Information I Collect and Process

Stoxi does not require your name or email address to operate, but it does process pseudonymized personal data such as device identifiers, IP addresses, and subscription identifiers, as outlined below:

A. Device and Network Identifiers

  • Device Identifiers: I process stable hardware IDs to link your device to your credit ledger and prevent abuse. On Android, the ANDROID_ID is hashed using SHA-256 before storage. On iOS, the identifierForVendor (IDFV) is hashed using SHA-256 before storage. If native iOS hardware attestation is unavailable, a persistent fallback identifier generated locally is used instead.
  • IP Addresses: Your IP address is transiently processed by my backend servers (hosted on Heroku) to enforce rate limits, mitigate DDoS attacks, and route traffic.
  • Mobile Advertising Identifiers: If you consent to personalized ads, I process Apple's IDFA or Google's Advertising ID to serve tailored advertisements via Google Mobile Ads (AdMob).

B. User-Generated Content and Sync Data

  • AI Image and Text Scanning: If you upload an image (e.g., grocery receipts or ingredient photos) or enter/paste text to be formatted, these payloads are temporarily processed in server RAM. Stoxi uses artificial intelligence (specifically Google Gemma open-weights models, served via the Google Generative Language API) to parse the inputs—performing Optical Character Recognition (OCR) on images and natural language processing on text inputs—to identify, extract, and format ingredients, quantities, and units into structured list items.
  • AI Smart Sort: If you use the category organization features (Smart Sort), the item names on your shopping list are processed by artificial intelligence (Google Gemma models via the Google Generative Language API) to categorize them into supermarket aisles.
  • Sync & Profile Data: If you use the Pro tier Cloud Sync feature, I process and store your favorites lists, stock inventory items, shopping lists, and custom categories.

C. Transactional and Billing Data

  • Billing Data: Subscription details, transaction IDs, product IDs, and payment expiration dates are processed via RevenueCat webhooks to unlock premium tiers. This data is linked to your stable device identifier.

D. Technical and Diagnostic Data

  • Diagnostics and Crash Logs: I do not embed any third-party crash reporting SDKs (such as Sentry or Firebase Crashlytics) in the App. However, if you have enabled diagnostics sharing on your mobile operating system, Apple or Google may provide me with anonymized crash reports containing device models, OS versions, and performance logs to help maintain app stability.

3. Legal Basis for Processing

Under GDPR Article 6, I rely on the following legal bases to process your data:

  • Performance of a Contract (Art. 6(1)(b)): To deliver cloud sync, coordinate multi-device groups, manage daily credits, verify subscriptions, and process recipe lookups.
  • Consent (Art. 6(1)(a)):
    • To temporarily process ingredient images and text inputs via third-party artificial intelligence to identify, extract, and format grocery items.
    • To process shopping list item names via third-party artificial intelligence to automatically categorize them into supermarket aisles (Smart Sort).
    • To serve personalized advertisements (rewarded ads for unlocking premium features) via Google Mobile Ads.
  • Legitimate Interests (Art. 6(1)(f)): To prevent credit farming/abuse, enforce hardware attestation, authenticate group pairing, apply rate limits, and mitigate DDoS attacks to ensure system security and availability.

4. Advertising and Google AdMob Consent

To serve ads, Stoxi uses Google AdMob. On your first launch of the App, after accepting the Terms of Service, the App will present Google’s native consent module (User Messaging Platform - UMP).

  • If you consent: I will collect your Mobile Advertising Identifier (IDFA/AAID) and share it with Google AdMob to serve personalized ads based on your interests.
  • If you decline: I will not collect your advertising identifier for personalized targeting, and you will only be shown non-personalized ads. Refusing personalized advertising does not reduce or limit your access to the App's core functionality. Please note that even if you decline personalized advertising, Google AdMob may still store or access strictly necessary cookies or local storage tokens on your device for the purpose of fraud prevention, frequency capping, and ensuring the ad delivery system functions properly, based on our legitimate interests under applicable ePrivacy rules.
  • Withdrawing Consent: You can change your ad consent preferences at any time by resetting the ad consent in the App's developer tools, or through your device's native privacy settings (e.g., "Reset Advertising Identifier" on Android or "Allow Apps to Request to Track" on iOS).

5. Local Storage on Your Device (ePrivacy Compliance)

Under the ePrivacy Directive and Danish rules on electronic communications, storing information or gaining access to information stored on a user's terminal equipment requires clear disclosure. To enable offline-first capabilities, secure billing, and user preferences, Stoxi stores the following data locally on your device using SecureStore and AsyncStorage:

Strictly Necessary Tokens & Receipts (Retained until uninstall or sign-out)

  • stoxi.install-nonce: A randomly generated session nonce to prevent token replay or session hijacking.
  • stoxi.stable-fallback-ios-id: A persistent fallback device token generated locally on iOS devices when hardware-bound attestation (DeviceCheck) is unavailable or errors, linking your device to its credit balance.
  • stoxi.premium-receipt: A cryptographically signed local receipt verifying your active premium tier.
  • stoxi.solo-device-token: The local hardware attestation token mapping your device to its credit balance.
  • stoxi.device-token: The active token header (either solo or group-linked) used for API authentication.
  • @stoxi/sync-enabled, @stoxi/sync-timestamp, @stoxi/sync-version, @stoxi/last-sync-check-time: Caches sync configuration parameters and state variables to manage database version integrity.
  • @stoxi/manual-sync-timestamps: Cache of manual sync requests used to enforce client-side rate limits.

User-Generated Content & Preferences (Offline Caches)

  • @stoxi/stock, @stoxi/item-history, @stoxi/frequent-items: Persists your pantry inventory and frequently used items.
  • @stoxi/shopping-list, @stoxi/shopping-removed, @stoxi/shopping-custom-categories: Persists your shopping list state and custom categories.
  • @stoxi/favorites: Persists your favorited recipes.
  • @stoxi/settings, @stoxi/theme_mode, @stoxi/accent_color: Persists your app preferences, theme, accent colors, and custom ingredient densities.
Note: On first launch, Stoxi does not intentionally initiate analytics, advertising, or non-essential network communications before the required consent has been obtained. Consent for optional processing (e.g., personalized ads via AdMob or AI image/text scanning) is collected separately and is not bundled with the acceptance of these Terms and Privacy Policy.

6. How I Use Your Data

I use the collected data exclusively for the following purposes:

  • To operate the App's core features (recipe search, pantry management, AI image and text scanning, and Smart Sort).
  • To enforce daily credit limits and prevent unauthorized farming of free credits.
  • To securely link up to 4 devices via Cloud Sync (Pro tier exclusive).
  • To verify subscription statuses and process in-app purchases.
  • To serve ads (personalized or non-personalized) to free-tier users.
  • To maintain the security, integrity, and performance of my backend infrastructure.

7. Data Sharing and International Transfers

To deliver AI image and text scanning services, advertisements, recipe services, and database infrastructure, your data is shared with the following third-party processors located outside the EU/EEA (specifically in the United States):

  • Salesforce / Heroku: Hosts my Node.js backend proxy.
  • Google LLC (Firebase / Cloud Firestore): Hosts the Cloud Firestore database storing sync data, credit ledgers, and receipts.
  • Google (Gemma open-weights models via the Google Generative Language API): Processes ingredient images and text inputs via artificial intelligence to identify, extract, and format grocery items, and processes shopping list item names to automatically organize them into aisles. (Note: Images are sanitized on the server to strip all EXIF metadata before being sent to Google).
  • Google Mobile Ads (AdMob): Serves advertisements.
  • APILayer / Spoonacular: Executes ingredient-based recipe searches and nutrition lookups.
  • RevenueCat: Validates subscription state changes and processes purchase entitlements.
  • Apple Inc. (Apple DeviceCheck): Processes device attestation tokens to verify device authenticity (iOS only).
  • Google LLC (Google Play Integrity API): Processes device attestation tokens to verify device authenticity (Android only).

Safeguards for International Transfers: I ensure appropriate data processing agreements are in place with these third-party processors. Data transfers to the United States are secured through Standard Contractual Clauses (SCCs) approved by the European Commission and/or reliance on the EU-U.S. Data Privacy Framework. You may request a copy of the safeguards used for these international transfers by contacting me at the email address provided in Section 1.

8. Data Retention

I retain your data only for as long as necessary to fulfill the purposes outlined in this policy:

  • In-Memory Caches (L1): Uploaded images are processed entirely in server memory and are never written to persistent storage. Recipe details and nutrition data are held in server RAM for a maximum of 1 hour, after which they are evicted.
  • Database Caches (L2): Recipe details and nutrition data are also persisted to Cloud Firestore with a maximum time-to-live (TTL) of 1 hour, after which they are automatically pruned by a background process. Search query mapping caches (which store only recipe IDs and titles, not full recipe content or user data) are retained indefinitely in Firestore to reduce redundant third-party API calls.
  • Firestore Caches: Expired recipe and nutrition cache records are cleaned up automatically via background pruning.
  • Sync & Group Data: If you leave or unlink a device from a sync group, group membership records are deleted immediately.
  • Device Identifiers & Tokens: Attestation tokens and device hashes are stored for a maximum of 24 months from the date your device last successfully communicated with our API, after which they are automatically pruned.

9. Security Measures

I implement a defense-in-depth security model to protect your data:

  • Image Sanitization: All uploaded images pass through a background worker that strips all EXIF metadata (which may contain location data) and downscales the image before processing.
  • Hardware Attestation: I use Apple DeviceCheck and Google Play Integrity to verify device authenticity.
  • Rate Limiting: Strict rate limits are applied at the IP and device level to prevent DDoS attacks and brute-force pairing attempts.
  • Cryptographic Binding: Premium receipts are cryptographically bound to your specific device ID to prevent receipt-sharing attacks.

10. Your GDPR Rights

Under the GDPR and the Danish Data Protection Act, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You can request a copy of the personal data I hold about you.
  • Right to Rectification (Art. 16): You can request the correction of inaccurate data.
  • Right to Erasure / Right to be Forgotten (Art. 17): You can request the deletion of your sync data, device tokens, and associated records.
  • Right to Restrict Processing (Art. 18): You can request that I restrict the processing of your data under certain conditions.
  • Right to Data Portability (Art. 20): You can request a machine-readable copy of your sync data to transfer to another service.
  • Right to Object (Art. 21): You can object to processing based on my legitimate interests. Please note that I may continue to process your data if I can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms (such as for system security, rate limiting, abuse prevention, or the defense of legal claims).
  • Right to Withdraw Consent (Art. 7): You can withdraw your consent for AI image and text payload processing, AI Smart Sort categorization, and personalized advertising at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawing consent for AI features will disable those optional features but will not affect your access to the App's core functionality.
  • Automated Decision-Making: Stoxi does not make decisions producing legal or similarly significant effects solely by automated means under Article 22 GDPR.

How to Exercise Your Rights

You can exercise these rights by sending an email to stoxiapp@gmail.com. To protect your privacy, I may ask you to verify your identity before processing your request (e.g., by providing your device identifier). I will respond to your request within one month, as required by GDPR. If your request is particularly complex or I receive a large number of requests, I may extend this period by up to two additional months, but I will inform you of any extension within the first month. The first copy of your data will be provided free of charge; additional copies may be subject to a reasonable administrative fee.

If you are unsatisfied with how I handle your data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

11. Children's Privacy

Stoxi is not directed at children under the age of 13, or the minimum age of digital consent in your country of residence (whichever is higher). In compliance with GDPR and Danish data protection regulations, I do not knowingly collect personal data from children under this minimum age. If you believe a child under this age has provided personal data, please contact me so I can immediately delete it.

12. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or legal requirements. I will notify you of any significant changes by posting the new Privacy Policy within the App and updating the "Last Updated" date at the top of this page.