Privacy Policy

Last Updated: March 16, 2026

TOP CONNECT INC ("Company," "we," "us," or "our") operates the ProteinPic mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — provided through your authentication provider (Google Sign-In, Apple Sign-In, or email/password registration)
• Authentication provider — which sign-in method you used
• Unique user identifier — assigned by Firebase Authentication

1.2 Profile Information (User-Provided)

You may optionally provide:

• Restaurant name
• Cuisine type
• Descriptive words ("vibe words") characterizing your restaurant
• Restaurant address (street, city, state)
• Restaurant photos (up to 3)

1.3 Menu Item Data

When you use the App to create menu items, we collect and store:

• Dish name
• Dish photograph (uploaded by you)
• Ingredient information (confirmed by you through AI-assisted chat)
• Nutrition data (protein and fiber content, sourced from USDA data via AI processing)
• AI-generated marketing images (6 variants per item)

1.4 Purchase Information

When you make in-app purchases, we record:

• Apple transaction identifier
• Product purchased and credits granted
• Purchase date
• Transaction environment (production or sandbox)

We do not collect or store your payment method, credit card number, or Apple ID password. All payment processing is handled by Apple through the App Store.

1.5 Information We Do NOT Collect

• Device identifiers (IDFA, AAID)
• Precise geolocation or GPS data
• Contacts, calendars, or other device data
• Browsing history
• Phone number
• Date of birth or age
• Health or biometric data
• Social media profiles

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Create your account, store your menu items, generate nutrition estimates, and produce AI-generated marketing images
• Process Purchases: Track credit balances and verify in-app purchase transactions
• Communicate with You: Respond to support requests sent to our contact email
• Maintain and Improve the Service: Monitor for abuse, enforce rate limits, and ensure service reliability

We do not use your information for advertising, profiling, behavioral targeting, or any purpose unrelated to providing the App's core functionality.

3. Third-Party Services

To provide the App's functionality, your data is processed by the following third-party services:

3.1 Google Firebase (Google LLC)

• Purpose: User authentication, database storage (Firestore), and file storage (Cloud Storage)
• Data shared: Email address, user ID, all profile and menu item data, uploaded and generated photos
• Privacy policy: https://firebase.google.com/support/privacy

3.2 Google Gemini API (Google LLC)

• Purpose: AI-powered dish photo analysis, ingredient confirmation chat, nutrition calculation, and marketing image generation
• Data shared: Dish photographs, restaurant photographs, dish names, ingredient information, restaurant name, cuisine, vibe words, and optional address. Conversation history for ingredient confirmation is managed server-side by Google's Interactions API.
• Important: Your photos and text are sent to Google's AI servers for processing. Google's data handling policies apply to this processing.
• Privacy policy: https://ai.google.dev/terms

3.3 USDA FoodData Central API (U.S. Department of Agriculture)

• Purpose: Looking up protein and fiber content per 100g for identified ingredients
• Data shared: Ingredient names (e.g., "chicken breast," "brown rice")
• Note: This is a U.S. government public API. No personal information is transmitted.

3.4 Apple StoreKit (Apple Inc.)

• Purpose: Processing in-app purchases
• Data shared: We receive a cryptographically signed transaction record from Apple. We do not send personal data to Apple beyond what Apple collects through its own App Store and payment systems.
• Privacy policy: https://www.apple.com/legal/privacy/

We do not sell, rent, or share your personal information with any other third parties.

4. Data Storage and Security

4.1 Where Data Is Stored

Your data is stored on Google Cloud infrastructure (Firebase) in the United States. Our backend service runs on Google Cloud Run.

4.2 Security Measures

• All data transmitted between the App and our servers is encrypted via HTTPS/TLS
• Authentication tokens are verified on every API request using Firebase Admin SDK
• Photo access is controlled through signed URLs that expire after 24 hours
• In-app purchase receipts are cryptographically verified using Apple's certificate chain
• Our backend runs as a non-root process in a containerized environment
• Per-user rate limiting prevents abuse

4.3 Data Retention

• Account and profile data: Retained until you request account deletion
• Menu items and photos: Retained until you delete them through the App or request account deletion
• Generated marketing images: Retained until you delete the associated menu item or request account deletion
• Purchase transaction records: Retained indefinitely for financial record-keeping and fraud prevention
• AI conversation history: Managed server-side by Google's Gemini Interactions API according to Google's retention policies

5. Your Rights and Choices

5.1 Access and Deletion Within the App

You can:

• View all your profile information, menu items, and generated images within the App
• Delete individual menu items (which also deletes associated photos and generated images from our servers)
• Remove restaurant photos from your profile
• Sign out of your account at any time

5.2 Account Deletion

To request complete deletion of your account and all associated data, contact us at support@proteinmenus.com. We will delete your account, profile data, all menu items, all photos, and all generated images within 30 days of your request. Purchase transaction records may be retained for legal and financial compliance purposes.

5.3 California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Delete your personal information (subject to certain exceptions)
• Non-discrimination for exercising your privacy rights

We do not sell your personal information. We do not use or disclose sensitive personal information for purposes other than providing the Service.

To exercise your rights, contact us at support@proteinmenus.com.

5.4 European Residents (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Data portability — receive your data in a structured, commonly used format
• Object to processing of your personal data
• Withdraw consent at any time

Our legal basis for processing your data is the performance of our contract with you (providing the Service) and our legitimate interests in maintaining and improving the Service.

To exercise your rights, contact us at support@proteinmenus.com.

6. Children's Privacy

The App is not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@proteinmenus.com.

7. Tracking and Analytics

We do not:

• Use advertising identifiers (IDFA)
• Implement any third-party analytics or tracking SDKs
• Track you across other apps or websites
• Use cookies or similar tracking technologies
• Collect any data for advertising purposes

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy and, where feasible, through a notice within the App. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us at:

TOP CONNECT INC Email: support@proteinmenus.com

10. AI-Generated Content Disclosure

The App uses artificial intelligence (Google Gemini) to:

• Analyze dish photographs to identify potential ingredients
• Facilitate ingredient confirmation through conversational AI
• Estimate nutrition content (protein and fiber) using USDA data
• Generate marketing images based on your dish photos and restaurant profile

All AI-generated nutrition estimates and marketing images are approximations and should not be relied upon as certified nutritional information. See our Terms of Use for full disclaimers regarding AI-generated content.