MyShoppr is a connected service. The app only works while connected to our backend, and the data needed for the app to function is stored on our servers. This policy explains what data we collect, why, how it is stored, your rights over it, and what happens in the event of a business transfer.
1. Who We Are
Galeano Software ("we," "us," or "our") operates the MyShoppr application and any associated services (collectively, the "Service"). Our primary contact for privacy matters is legal@galeanosoftware.com.
2. Scope of This Policy
This Privacy Policy applies to:
- The MyShoppr application in all its current and future versions.
- The backend API, cloud storage, and server-side services we operate in connection with MyShoppr.
- Our website at myshoppr.app and any associated web properties.
This policy does not apply to third-party services whose use is governed by their own privacy policies (see Section 7).
3. Data We Collect
The data we collect depends on which features you use. Because MyShoppr only works while connected to our backend, the data required to operate the Service is stored on our servers.
3.1 Data You Provide Directly
| Data Type |
Examples |
Where Stored |
| Grocery & product data |
Product names, barcodes, prices, quantities, store names |
Our servers |
| Receipt data |
Scanned receipt text, item lists, totals, purchase dates |
Our servers |
| Receipt images |
Compressed photos of physical receipts |
Our servers |
| Shopping lists |
List names, items, quantities, associated stores |
Our servers |
| Recipes |
Recipe names, ingredients, steps, scanned recipe images |
Our servers |
| Category & store preferences |
Custom categories, store locations, restock profiles |
Our servers |
| Account credentials |
Email address, authentication identifier |
Our servers |
3.2 Data Collected Automatically
| Data Type |
Purpose |
Where Stored |
| Device identifiers (anonymized) |
Linking sessions across your devices |
Our servers |
| Location data (approximate) |
Store proximity notifications (if permission granted) |
Stays on your device |
| App usage metadata |
Feature usage patterns for product improvement (aggregated, anonymized) |
Our servers |
3.3 Data We Do NOT Collect
- Financial account numbers, credit/debit card details, or banking information.
- Government-issued IDs or Social Security numbers.
- Sensitive health or biometric information beyond what you voluntarily enter.
- Contacts, messages, or social media data.
- Location data is never transmitted to or stored on our servers. Coarse location is used only on your device for store proximity notifications, and only with your explicit permission.
4. How We Use Your Data
We use the data we collect solely for the following purposes:
- Providing the Service: Storing and retrieving your grocery data, receipts, shopping lists, and recipes from our servers so they are available across your devices.
- Receipt & Product Processing: Parsing receipts, matching products, and extracting nutritional information to populate your account.
- Notifications: Sending local and, when opted in, push notifications for restock reminders and proximity alerts.
- Service Improvement: Using anonymized, aggregated usage patterns to prioritize features and fix bugs. Individual user data is never used for this purpose.
- Legal Compliance: Meeting our obligations under applicable law, responding to lawful government requests, and enforcing our Terms of Service.
- Safety & Security: Detecting and preventing fraud, abuse, or unauthorized access to accounts and data.
We will never sell your personal data to advertisers, data brokers, or marketing companies.
5. Where Your Data Is Stored
MyShoppr is a connected service. The app only works while connected to our backend, and all data required for the app to function is stored on our secure servers. There is no offline-only mode.
Because your data lives on our servers, it is available across any device where you sign in. You can export or request deletion of your data at any time (see Section 10).
Your data is associated with your account and protected by the security measures described in Section 13. We do not retain copies of your data outside the systems described in this policy.
6. Backend & Cloud Services
6.1 What We Store
The following data is transmitted to and stored on our secure servers as part of normal operation:
- All user-generated content described in Section 3.1 (products, receipts, lists, recipes, stores, categories).
- Compressed receipt and product images.
- Application preferences and settings.
- An anonymized device identifier to associate your sessions across devices.
6.2 How Your Data Is Protected
- Authentication uses industry-standard protocols with short-lived session tokens.
- We apply the principle of least privilege — our internal teams access only the minimum data necessary to provide support.
6.3 Deleting Your Data
You may request deletion of your account and all associated server-side data at any time (see Section 10). Upon deletion:
- Active sessions are immediately invalidated.
- Your primary data is removed within the timelines described in Section 8.
7. Third-Party Services
MyShoppr integrates with a limited set of third-party services:
| Service |
Purpose |
Data Shared |
| Open Food Facts |
Product lookup by barcode |
Barcode number only (no personal data) |
| App distribution platform |
App distribution & payments |
Subject to the platform's own privacy policy |
| Push notification provider |
Push notifications (optional) |
Device push token only |
We do not embed advertising SDKs, social media tracking pixels, or third-party analytics libraries.
8. Data Retention
8.1 Active Accounts
We retain your data for as long as your account is active and as needed to provide the Service.
8.2 Account Deletion
Upon account deletion or request to delete your data:
- Your primary data is deleted within 30 days.
- Backup copies are purged from all systems within 90 days.
- Anonymized, aggregated analytics derived from your data (with no personally identifiable information) may be retained indefinitely.
8.3 Legal Hold
We may retain data longer if required by applicable law, court order, or to resolve disputes. We will notify you of any such hold to the extent permitted by law.
9. Business Transfers
This section is important. Please read it carefully.
Galeano Software is a growing company. In the event of a merger, acquisition, asset sale, financing, reorganization, dissolution, or other business transaction involving Galeano Software or the MyShoppr application (collectively, a "Business Transfer"), your data — including all user content stored on our servers — may be transferred to, or become the property of, the successor entity as part of that transaction.
9.1 What May Be Transferred
- All user account information and credentials.
- All user content stored on our servers (products, receipts, shopping lists, recipes, etc.).
- Anonymized analytics and aggregated usage data.
- Technical infrastructure including databases, backups, and encryption keys.
9.2 Your Protections
In the event of a Business Transfer, we commit to the following:
- Prior Notice: We will provide you with at least 30 days' notice before your personal data is transferred to a successor entity, via in-app notification and/or email (if we have your address), unless prohibited by law or confidentiality obligations.
- Continuity of Rights: Any successor entity will be contractually required to honor the privacy commitments made in the most recent version of this Policy in effect at the time of transfer, or provide you with materially equivalent protections.
- Right to Delete Before Transfer: Upon notice of a Business Transfer, you may request deletion of your stored data before the transfer occurs. We will fulfill such requests within 14 days, subject to legal holds.
- Data Minimization: Only data reasonably necessary for the continued operation of the Service will be transferred.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honor these rights regardless of your jurisdiction.
10.1 Rights Available to All Users
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated data.
- Portability: Request an export of your data in a machine-readable format (JSON or CSV).
10.2 Additional Rights for EEA / UK Residents (GDPR / UK GDPR)
- Legal Basis: Our legal basis for processing is (a) performance of a contract (providing the Service), (b) legitimate interests (security, fraud prevention, service improvement), and (c) consent (optional features such as analytics and push notifications).
- Restriction: Request restriction of processing in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EU).
- Data Protection Officer: We do not currently have a mandatory DPO appointment obligation but designate legal@galeanosoftware.com as our privacy contact.
10.3 Additional Rights for Canadian Residents (PIPEDA & Provincial Privacy Laws)
- Right to Access: Request access to your personal information and information about how it is used and disclosed.
- Right to Correction: Request correction of inaccurate or incomplete personal information.
- Right to Withdraw Consent: Withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice.
- Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy regulator (such as the OIPC in Alberta or British Columbia, or the Commission d'accès à l'information in Quebec).
- Quebec Residents (Law 25): Right to data portability and the right to be informed about automated decision-making, where applicable.
10.4 Additional Rights for California Residents (CCPA / CPRA)
- Right to Know: Right to know what personal information we collect, use, disclose, and sell (we do not sell).
- Right to Delete: Right to request deletion of personal information we collected.
- Right to Correct: Right to correct inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No action is needed to opt out.
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
10.5 Exercising Your Rights
To exercise any of the above rights, contact us at legal@galeanosoftware.com with the subject line "Privacy Rights Request." We will respond within 30 days (or within the period required by applicable law). We may ask you to verify your identity before fulfilling your request.
11. Children's Privacy
MyShoppr is not directed to children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at legal@galeanosoftware.com and we will delete such information promptly.
If we learn that we have inadvertently collected personal information from a child under the applicable age threshold, we will take steps to delete such information as quickly as possible.
12. International Data Transfers
Galeano Software is based in Canada. If you are accessing MyShoppr from outside Canada, your data may be transferred to, stored, and processed in Canada or other countries where our infrastructure providers operate.
For users in the European Economic Area, United Kingdom, or Switzerland, we ensure that international transfers of personal data are protected by appropriate safeguards, including:
- The European Commission's adequacy decision for Canada (Commercial Organizations), where applicable.
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
You may request a copy of the transfer safeguards by contacting legal@galeanosoftware.com.
13. Security
We implement technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. These include:
- Regular penetration testing and vulnerability assessments.
- Role-based access controls limiting employee access to user data.
- Audit logging of all data access events.
- Incident response procedures with mandatory breach notification within 72 hours to applicable authorities where required by law.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Notify you via in-app notification and/or email (if we have your address) at least 14 days before the change takes effect.
- For changes that materially expand our collection or use of data, require your re-consent where applicable law demands it.
Your continued use of MyShoppr after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must stop using the Service and may request deletion of your data.
Prior versions of this Policy are archived and available upon request.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Galeano Software
Privacy Inquiries
legal@galeanosoftware.com
We aim to respond to all privacy-related inquiries within 5 business days and to fulfill data subject requests within 30 days.