Privacy Policy for Stoxi

Last Updated: June 22, 2026

This Privacy Policy explains how I ("Stoxi", "I", "me", or "us") collect, use, disclose, and safeguard your information when you use the Stoxi mobile application (the "App").

As a solo developer based in Denmark, I am committed to complying with the European General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven).

1. Data Controller

The Data Controller responsible for your personal data under applicable data protection laws is:

• Name: Jonas Vestergaard Kramer (Solo Developer)
• Address: Egebjergvej 93, 8220 Brabrand, Denmark
• Email: stoxiapp@gmail.com
• Data Protection Officer: Stoxi is not required to appoint a Data Protection Officer under Article 37 GDPR.

If you have any questions about this Privacy Policy or my data practices, you can contact me using the details above.

2. Information I Collect and Process

Stoxi does not require your name or email address to operate, but it does process pseudonymized personal data such as device identifiers, IP addresses, and subscription identifiers, as outlined below:

A. Device and Network Identifiers

• Device Identifiers: I process stable hardware IDs to link your device to your credit ledger and prevent abuse. On Android, the ANDROID_ID is hashed using SHA-256 before storage. On iOS, the identifierForVendor (IDFV) is hashed using SHA-256 before storage. If native iOS hardware attestation is unavailable, a persistent fallback identifier generated locally is used instead.
• IP Addresses: Your IP address is transiently processed by my backend servers (hosted on Heroku) to enforce rate limits, mitigate DDoS attacks, and route traffic.
• Mobile Advertising Identifiers: If you consent to personalized ads, I process Apple's IDFA or Google's Advertising ID to serve tailored advertisements via Google Mobile Ads (AdMob).

B. User-Generated Content and Sync Data

• AI Image and Text Scanning: If you upload an image (e.g., grocery receipts or ingredient photos) or enter/paste text to be formatted, these payloads are temporarily processed in server RAM. Stoxi uses artificial intelligence (specifically Google Gemma open-weights models, served via the Google Generative Language API) to parse the inputs—performing Optical Character Recognition (OCR) on images and natural language processing on text inputs—to identify, extract, and format ingredients, quantities, and units into structured list items.
• AI Smart Sort: If you use the category organization features (Smart Sort), the item names on your shopping list are processed by artificial intelligence (Google Gemma models via the Google Generative Language API) to categorize them into supermarket aisles.
• Sync & Profile Data: If you use the Pro tier Cloud Sync feature, I process and store your favorites lists, stock inventory items, shopping lists, and custom categories.

C. Transactional and Billing Data

• Billing Data: Subscription details, transaction IDs, product IDs, and payment expiration dates are processed via RevenueCat webhooks to unlock premium tiers. This data is linked to your stable device identifier.

D. Technical and Diagnostic Data

• Diagnostics and Crash Logs: I do not embed any third-party crash reporting SDKs (such as Sentry or Firebase Crashlytics) in the App. However, if you have enabled diagnostics sharing on your mobile operating system, Apple or Google may provide me with anonymized crash reports containing device models, OS versions, and performance logs to help maintain app stability.

3. Legal Basis for Processing

Under GDPR Article 6, I rely on the following legal bases to process your data:

• Performance of a Contract (Art. 6(1)(b)): To deliver cloud sync, coordinate multi-device groups, manage daily credits, verify subscriptions, and process recipe lookups.
• Consent (Art. 6(1)(a)):
  • To temporarily process ingredient images and text inputs via third-party artificial intelligence to identify, extract, and format grocery items.
  • To process shopping list item names via third-party artificial intelligence to automatically categorize them into supermarket aisles (Smart Sort).
  • To serve personalized advertisements (rewarded ads for unlocking premium features) via Google Mobile Ads.
• Legitimate Interests (Art. 6(1)(f)): To prevent credit farming/abuse, enforce hardware attestation, authenticate group pairing, apply rate limits, and mitigate DDoS attacks to ensure system security and availability.

4. Advertising and Google AdMob Consent

To serve ads, Stoxi uses Google AdMob. On your first launch of the App, after accepting the Terms of Service, the App will present Google’s native consent module (User Messaging Platform - UMP).

• If you consent: I will collect your Mobile Advertising Identifier (IDFA/AAID) and share it with Google AdMob to serve personalized ads based on your interests.
• If you decline: I will not collect your advertising identifier for personalized targeting, and you will only be shown non-personalized ads. Refusing personalized advertising does not reduce or limit your access to the App's core functionality. Please note that even if you decline personalized advertising, Google AdMob may still store or access strictly necessary cookies or local storage tokens on your device for the purpose of fraud prevention, frequency capping, and ensuring the ad delivery system functions properly, based on our legitimate interests under applicable ePrivacy rules.
• Withdrawing Consent: You can change your ad consent preferences at any time by resetting the ad consent in the App's developer tools, or through your device's native privacy settings (e.g., "Reset Advertising Identifier" on Android or "Allow Apps to Request to Track" on iOS).

5. Local Storage on Your Device (ePrivacy Compliance)

Under the ePrivacy Directive and Danish rules on electronic communications, storing information or gaining access to information stored on a user's terminal equipment requires clear disclosure. To enable offline-first capabilities, secure billing, and user preferences, Stoxi stores the following data locally on your device using SecureStore and AsyncStorage:

Strictly Necessary Tokens & Receipts (Retained until uninstall or sign-out)

• stoxi.install-nonce: A randomly generated session nonce to prevent token replay or session hijacking.
• stoxi.stable-fallback-ios-id: A persistent fallback device token generated locally on iOS devices when hardware-bound attestation (DeviceCheck) is unavailable or errors, linking your device to its credit balance.
• stoxi.premium-receipt: A cryptographically signed local receipt verifying your active premium tier.
• stoxi.solo-device-token: The local hardware attestation token mapping your device to its credit balance.
• stoxi.device-token: The active token header (either solo or group-linked) used for API authentication.
• @stoxi/sync-enabled, @stoxi/sync-timestamp, @stoxi/sync-version, @stoxi/last-sync-check-time: Caches sync configuration parameters and state variables to manage database version integrity.
• @stoxi/manual-sync-timestamps: Cache of manual sync requests used to enforce client-side rate limits.

User-Generated Content & Preferences (Offline Caches)

• @stoxi/stock, @stoxi/item-history, @stoxi/frequent-items: Persists your pantry inventory and frequently used items.
• @stoxi/shopping-list, @stoxi/shopping-removed, @stoxi/shopping-custom-categories: Persists your shopping list state and custom categories.
• @stoxi/favorites: Persists your favorited recipes.
• @stoxi/settings, @stoxi/theme_mode, @stoxi/accent_color: Persists your app preferences, theme, accent colors, and custom ingredient densities.

Note: On first launch, Stoxi does not intentionally initiate analytics, advertising, or non-essential network communications before the required consent has been obtained. Consent for optional processing (e.g., personalized ads via AdMob or AI image/text scanning) is collected separately and is not bundled with the acceptance of these Terms and Privacy Policy.

6. How I Use Your Data

I use the collected data exclusively for the following purposes:

• To operate the App's core features (recipe search, pantry management, AI image and text scanning, and Smart Sort).
• To enforce daily credit limits and prevent unauthorized farming of free credits.
• To securely link up to 4 devices via Cloud Sync (Pro tier exclusive).
• To verify subscription statuses and process in-app purchases.
• To serve ads (personalized or non-personalized) to free-tier users.
• To maintain the security, integrity, and performance of my backend infrastructure.

7. Data Sharing and International Transfers

To deliver AI image and text scanning services, advertisements, recipe services, and database infrastructure, your data is shared with the following third-party processors located outside the EU/EEA (specifically in the United States):

• Salesforce / Heroku: Hosts my Node.js backend proxy.
• Google LLC (Firebase / Cloud Firestore): Hosts the Cloud Firestore database storing sync data, credit ledgers, and receipts.
• Google (Gemma open-weights models via the Google Generative Language API): Processes ingredient images and text inputs via artificial intelligence to identify, extract, and format grocery items, and processes shopping list item names to automatically organize them into aisles. (Note: Images are sanitized on the server to strip all EXIF metadata before being sent to Google).
• Google Mobile Ads (AdMob): Serves advertisements.
• APILayer / Spoonacular: Executes ingredient-based recipe searches and nutrition lookups.
• RevenueCat: Validates subscription state changes and processes purchase entitlements.
• Apple Inc. (Apple DeviceCheck): Processes device attestation tokens to verify device authenticity (iOS only).
• Google LLC (Google Play Integrity API): Processes device attestation tokens to verify device authenticity (Android only).

Safeguards for International Transfers: I ensure appropriate data processing agreements are in place with these third-party processors. Data transfers to the United States are secured through Standard Contractual Clauses (SCCs) approved by the European Commission and/or reliance on the EU-U.S. Data Privacy Framework. You may request a copy of the safeguards used for these international transfers by contacting me at the email address provided in Section 1.

8. Data Retention

I retain your data only for as long as necessary to fulfill the purposes outlined in this policy:

• In-Memory Caches (L1): Uploaded images are processed entirely in server memory and are never written to persistent storage. Recipe details and nutrition data are held in server RAM for a maximum of 1 hour, after which they are evicted.
• Database Caches (L2): Recipe details and nutrition data are also persisted to Cloud Firestore with a maximum time-to-live (TTL) of 1 hour, after which they are automatically pruned by a background process. Search query mapping caches (which store only recipe IDs and titles, not full recipe content or user data) are retained indefinitely in Firestore to reduce redundant third-party API calls.
• Firestore Caches: Expired recipe and nutrition cache records are cleaned up automatically via background pruning.
• Sync & Group Data: If you leave or unlink a device from a sync group, group membership records are deleted immediately.
• Device Identifiers & Tokens: Attestation tokens and device hashes are stored for a maximum of 24 months from the date your device last successfully communicated with our API, after which they are automatically pruned.

9. Security Measures

I implement a defense-in-depth security model to protect your data:

• Image Sanitization: All uploaded images pass through a background worker that strips all EXIF metadata (which may contain location data) and downscales the image before processing.
• Hardware Attestation: I use Apple DeviceCheck and Google Play Integrity to verify device authenticity.
• Rate Limiting: Strict rate limits are applied at the IP and device level to prevent DDoS attacks and brute-force pairing attempts.
• Cryptographic Binding: Premium receipts are cryptographically bound to your specific device ID to prevent receipt-sharing attacks.

10. Your GDPR Rights

Under the GDPR and the Danish Data Protection Act, you have the following rights regarding your personal data:

• Right of Access (Art. 15): You can request a copy of the personal data I hold about you.
• Right to Rectification (Art. 16): You can request the correction of inaccurate data.
• Right to Erasure / Right to be Forgotten (Art. 17): You can request the deletion of your sync data, device tokens, and associated records.
• Right to Restrict Processing (Art. 18): You can request that I restrict the processing of your data under certain conditions.
• Right to Data Portability (Art. 20): You can request a machine-readable copy of your sync data to transfer to another service.
• Right to Object (Art. 21): You can object to processing based on my legitimate interests. Please note that I may continue to process your data if I can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms (such as for system security, rate limiting, abuse prevention, or the defense of legal claims).
• Right to Withdraw Consent (Art. 7): You can withdraw your consent for AI image and text payload processing, AI Smart Sort categorization, and personalized advertising at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawing consent for AI features will disable those optional features but will not affect your access to the App's core functionality.
• Automated Decision-Making: Stoxi does not make decisions producing legal or similarly significant effects solely by automated means under Article 22 GDPR.

How to Exercise Your Rights

You can exercise these rights by sending an email to stoxiapp@gmail.com. To protect your privacy, I may ask you to verify your identity before processing your request (e.g., by providing your device identifier). I will respond to your request within one month, as required by GDPR. If your request is particularly complex or I receive a large number of requests, I may extend this period by up to two additional months, but I will inform you of any extension within the first month. The first copy of your data will be provided free of charge; additional copies may be subject to a reasonable administrative fee.

If you are unsatisfied with how I handle your data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

• Website: www.datatilsynet.dk
• Email: dt@datatilsynet.dk

11. Children's Privacy

Stoxi is not directed at children under the age of 13, or the minimum age of digital consent in your country of residence (whichever is higher). In compliance with GDPR and Danish data protection regulations, I do not knowingly collect personal data from children under this minimum age. If you believe a child under this age has provided personal data, please contact me so I can immediately delete it.

12. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or legal requirements. I will notify you of any significant changes by posting the new Privacy Policy within the App and updating the "Last Updated" date at the top of this page.

Terms of Service for Stoxi

Last Updated: June 22, 2026

Welcome to Stoxi ("Stoxi," "I," "me," or "us"). By downloading, accessing, or using the Stoxi mobile application (the "App"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, please do not use the App.

Stoxi is developed and operated by Jonas Vestergaard Kramer (the "Developer"), a solo developer based in Denmark.

1. Eligibility

You must be at least 13 years old, or the minimum age of digital consent in your country of residence (whichever is higher), to use Stoxi. Users under this minimum age are not permitted to use the App. I do not knowingly collect personal data from children under this age.

2. Nature of the Service

Stoxi is a utility application designed to help users manage pantry inventory, generate shopping lists, discover recipes based on available ingredients, and automatically categorize shopping items. The App utilizes third-party Application Programming Interfaces (APIs), machine learning models, and cloud infrastructure to provide its features.

3. AI, OCR, and Third-Party Data Disclaimers (CRITICAL)

You acknowledge and agree that Stoxi relies on experimental, probabilistic, and third-party technologies. I provide no guarantees regarding the accuracy, reliability, or safety of the data generated by these systems.

• AI, OCR, and Text Sorting Inaccuracies: The App utilizes artificial intelligence and machine learning technologies provided by third-party providers (such as Google Gemma open-weights models served via the Google Generative Language API) to process data. You may upload images (e.g., grocery receipts or ingredient photos) for Optical Character Recognition (OCR), or you may send text directly to these models. The AI attempts to parse this input and sort it into structured JSON items (e.g., extracting item names, quantities, and units) and perform "Smart Sort" (automatically categorizing shopping list items into supermarket aisles). AI models are prone to "hallucinations," misinterpretations, and miscategorizations. Stoxi does not guarantee that scanned images, inputted text, extracted quantities/units, or aisle categorizations will be recognized or sorted correctly. You must manually verify all AI-generated data and categorizations before relying on them.
• Recipe and Culinary Markings: Recipe search, instructions, nutrition widgets, and dietary/culinary tags (e.g., "vegan," "gluten-free," "dairy-free") are fetched dynamically from third-party APIs (such as the Spoonacular API via APILayer). This third-party data may be inaccurate, outdated, or incorrectly categorized. I do not verify, curate, or guarantee the correctness of any recipe, dietary tag, or nutritional information displayed.
• Health, Allergen, and Food Safety: Stoxi is not intended to provide medical or dietary advice, and is not a medical, nutritional, or food safety tool. You must not rely on Stoxi's dietary markings or nutritional data for medical, allergen, or dietary restrictions. Always inspect actual food labels and consult with a medical professional or registered dietitian before consuming any food, especially if you have food allergies or sensitivities. Any liability for adverse health reactions, allergic reactions, or foodborne illnesses is limited to the maximum extent permitted by applicable law.
• Unit Conversions: The App performs automated mass-to-volume conversions based on average ingredient densities. These conversions are approximations and may not be scientifically exact for specific brands or ingredient preparations.

4. Credits System and Virtual Utility

Stoxi utilizes a virtual credit system to regulate API usage and feature access.

• No Cash Value: Daily credits, ad-earned credits, and promotional credits are purely utility tokens. They have zero monetary value, are non-transferable, cannot be sold, and are non-refundable.
• Reset Boundaries: Free tier users receive a limited daily allocation of credits. Credits reset daily based on server logic; unused credits do not roll over.
• Pre-Deduction & Refunds: Due to the infrastructure costs of querying external APIs, credits are deducted from your balance before the App executes the search or scan. If a downstream API request fails due to transient server-side errors (HTTP 5xx), rate limiting (HTTP 429), or network timeouts, credits will be automatically refunded, subject to rate limits (e.g., maximum 3 refunds per hour) to prevent abuse or DDoS attacks. This limit does not apply to system-wide failures directly caused by our backend server. Credits will not be refunded for client-side errors (e.g., invalid input, unsupported image formats, or malformed requests).

5. Subscriptions and Billing

Stoxi offers recurring subscription tiers ("Stoxi Plus" and "Stoxi Pro").

• Billing: All billing, payment processing, renewals, and cancellations are handled exclusively by Apple App Store or Google Play Store as the merchants of record. I do not process or store your credit card information.
• Auto-Renewal: Subscriptions automatically renew unless cancelled at least 24 hours prior to the end of the current billing cycle.
• Subscription Pricing: The total price for recurring subscription tiers (including any applicable taxes and currency) will be presented clearly within the App on the subscription purchase screen before you confirm your purchase.
• Subscription Cancellation: You may cancel your subscription at any time through your App Store (iOS) or Google Play (Android) subscription settings.
• Right of Withdrawal (Fortrydelsesret): Under Danish and EU consumer protection rules (Forbrugeraftaleloven), you have a 14-day right of withdrawal for digital purchases. You may exercise this right by sending a clear, unambiguous statement (e.g., an email to stoxiapp@gmail.com) within 14 days of purchase. A model withdrawal form is available upon request by emailing stoxiapp@gmail.com.
  • Because purchases are completed via Apple App Store or Google Play Store, refund processing will be handled by Apple or Google in accordance with their respective terms. If the app store is unable or unwilling to process your refund, you may contact me directly at stoxiapp@gmail.com.
  • If you explicitly request immediate performance of the subscription at the time of purchase and acknowledge that you thereby lose your 14-day right of withdrawal, and this consent is recorded, you will lose your right of withdrawal once access to the digital content begins, in accordance with applicable consumer laws and the store operators' policies.
• Device Binding: Premium receipts are cryptographically bound to your specific hardware device (using Apple DeviceCheck or Google Play Integrity). You cannot share your premium status with other devices unless utilizing the Pro-tier Cloud Sync/Group Pairing feature.
• Discontinuation or Termination by Developer: I reserve the right to modify, suspend, or discontinue the App or subscription services at any time. In the event of a permanent shutdown of the subscription services, active subscribers will be entitled to a pro-rata refund for the remaining unused period of their active subscription, processed through the respective app store (Apple App Store or Google Play Store). If the app store is unable or unwilling to process the refund, I will process it directly upon request to stoxiapp@gmail.com.

6. Acceptable Use and Anti-Circumvention

To protect infrastructure costs and prevent abuse, you agree not to:

• Script, scrape, or automate requests to the Stoxi backend.
• Attempt to farm unlimited free credits by clearing app data, rotating device identifiers, or spoofing hardware attestation tokens.
• Rotate IP addresses or use proxies to bypass rate limits or DDoS protections.
• Attempt to forge, reverse-engineer, or replay cryptographic payment receipts or device tokens.
• Upload malicious files or polyglot payloads disguised as images to the OCR scanner.

I reserve the right to suspend your device token, reset your credit balance to zero, or temporarily restrict access where I have reasonable evidence of abuse or circumvention. Before permanently restricting access, I will, where reasonably practicable, provide you with notice describing the violation and a 7-day window to respond by emailing stoxiapp@gmail.com. This notice requirement does not apply in cases involving active, ongoing abuse or security threats requiring immediate protective action.

7. Cloud Sync and User Data

• Data Ownership: You retain ownership of your pantry stock, shopping lists, favorites, and custom categories ("Sync Data").
• Group Pairing: If you use the Pro-tier group pairing feature, you acknowledge that your Sync Data will be shared with paired devices (up to 4 devices total). You are responsible for managing who you pair with.
• Data Deletion: You can delete your Sync Data at any time within the App. If you leave a sync group, your membership record is deleted immediately. Device identifiers are automatically pruned from the database after 24 months of account inactivity.

8. Privacy and GDPR Compliance

Your use of the App is also governed by my Privacy Policy, which details how I collect, process, and transfer data in compliance with GDPR and the Danish Data Protection Act (Databeskyttelsesloven).

• Consent Gate: The App requires explicit consent to these Terms and the Privacy Policy on first launch. Stoxi does not intentionally initiate analytics, advertising, or non-essential network communications before the required consent has been obtained. Consent for optional data processing—such as personalized advertising or uploading images for OCR processing—is requested separately and is completely voluntary; declining such optional processing does not block access to the App's core functionality.
• No Crash SDKs: Stoxi does not embed third-party crash reporting SDKs. However, anonymized OS-level diagnostic data may be transmitted via Apple or Google if you have enabled diagnostics sharing on your device.
• International Transfers: To provide the service, your data is transferred to third-party processors in the United States (Google, APILayer/Spoonacular, RevenueCat, Heroku, AdMob). These transfers are protected via Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework.

9. Disclaimers and Limitation of Liability

• "As-Is" Service: The App is provided on an "AS IS" and "AS AVAILABLE" basis without warranties of any kind, either express or implied.
• Service Latency: Stoxi utilizes highly cost-efficient infrastructure (Heroku Eco dynos). The server may go to sleep during periods of inactivity, resulting in 30 to 60 seconds of loading time to wake the server. Please note that all users, including premium tier subscribers, are subject to these potential cold-start server delays.
• Limitation of Liability: To the maximum extent permitted by mandatory applicable law (including mandatory Danish consumer protection rules), the Developer shall not be liable for any indirect, incidental, special, or consequential damages, loss of data, loss of credits, or service disruptions. While I strive to provide accurate information and secure storage, I do not guarantee the accuracy of AI-generated content, OCR scans, Smart Sort categorizations, or third-party recipe/nutritional data. Any liability for associated inaccuracies, service downtime, bugs, or data loss is excluded to the extent permissible under mandatory law.
• Mandatory Consumer Protection Carve-out: Nothing in these Terms (including this Section 9) shall limit or exclude my liability for gross negligence (grov uagtsomhed), intentional misconduct (forsæt), fraud, personal injury, or death, or any other liability which cannot be excluded or limited under mandatory Danish consumer protection laws.

10. Changes to Terms

I reserve the right to modify these Terms at any time. If I do, I will notify you through the App and update the "Last Updated" date. For material changes affecting your rights or obligations, I will provide advance notice where required by law.

11. Governing Law, Complaints and Dispute Resolution

• Governing Law: These Terms shall be governed by and construed in accordance with the laws of Denmark, without prejudice to mandatory consumer protection rights applicable in the country where you reside.
• Data Protection Complaints: If you are unsatisfied with how I handle your personal data under GDPR, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
  • Website: www.datatilsynet.dk
  • Email: dt@datatilsynet.dk
• Consumer Service Complaints: If you are a consumer in Denmark and have a complaint regarding billing, services, or contracts that we cannot resolve directly, you can submit a complaint to the Danish House of Complaints (Nævnenes Hus - Center for Klageløsning):
  • Address: Toldboden 2, 8800 Viborg, Denmark
  • Website: naevneneshus.dk
• EU Consumer Redress: If you are a consumer in the EU, you can find a list of certified out-of-court dispute resolution bodies in your member state here: https://consumer-redress.ec.europa.eu/dispute-resolution-bodies.

12. Contact Information

If you have any questions about these Terms or the Stoxi App, please contact me:

• Developer: Jonas Vestergaard Kramer
• Address: Egebjergvej 93, 8220 Brabrand, Denmark
• Email: stoxiapp@gmail.com