Wara Privacy Policy

This Privacy Policy describes how Wara (the "App") collects, uses, and protects information when you use its Korean food product ingredient scanning and halal classification features.

By using the App, you agree to the practices described here. If you do not agree, please do not use the App.

Information We Collect

• Camera input and photo upload
  • The App uses your device camera to capture images of product labels for Optical Character Recognition (OCR).
  • OCR is performed locally on your device using Apple's Vision framework to extract Korean text from the label.
  • The raw OCR text is sent to our backend to classify the product and provide halal status results.
  • The scanned product photo is uploaded to our servers after successful OCR analysis and product classification. This happens automatically once the backend returns scan results. Photos help build our product database and enable sharing product images with other users. Photos are associated with your user_id and the scan result.
• Photo library access and upload
  • If you choose to import photos from your library for scanning, the App processes them locally for OCR using the same Vision framework.
  • The recognized text is sent to the backend for classification.
  • Imported photos are also uploaded to our servers after successful scanning, just like camera-captured photos, to contribute to the product database.
• Pseudonymous identifier
  • On first launch, the App generates a pseudonymous user_id (UUIDv7) and stores it on your device (UserDefaults).
  • This identifier is attached to API requests via the X-User-ID header for request correlation and service quality (e.g., rate limiting, troubleshooting). It is not combined with contact details.
• Local ingredient database
  • The App maintains a local database of Korean ingredient names and their halal classification using SwiftData. This data is stored on your device only and used to provide real-time ingredient detection and classification.
• Scan history and favorites
  • When you scan products or mark items as favorites, this information is stored locally on your device.
  • The App syncs favorite status and scan metadata with the backend using the user_id to provide a consistent experience across sessions and calculate aggregate product popularity metrics (such as favorite counts).
  • Successfully scanned product photos are uploaded to our servers and associated with your scan results to display in your history and share with the community.
  • Syncing favorites, scan results, and uploading photos require an active internet connection. If the network request fails (e.g., when offline), these actions will not be completed until you retry when back online.
• Usage data and logs
  • The App records minimal runtime logs (e.g., load and error messages) for debugging and functionality. These logs are local to the device; the App does not embed third‑party analytics SDKs or tracking services.
• Product information from backend
  • The App downloads product details, ingredient lists, halal classifications, images, and categories from the backend after scanning.
  • The backend analyzes the OCR text and returns detailed product information including Korean and English ingredient names, halal status (safe/doubtful/haram), and KMF certification data.
  • This content does not contain your personal information.

How We Use Information

• Provide Korean ingredient scanning and halal classification results based on OCR text analysis.
• Show relevant product details, categories, and halal alternatives.
• Save your favorite products and scan history (stored locally and synced with backend).
• Store successfully scanned product photos to build a comprehensive community product database and improve recognition accuracy.
• Display product images in scan results and search features for you and other users.
• Maintain service quality, including request correlation and rate limiting through the pseudonymous user_id.
• Provide real-time ingredient detection feedback using on-device haptic alerts.

Data Processing and Transfers

• Backend endpoints
  • The App communicates with our backend (api.wara.web.id for production and api-dev.wara.web.id for development) to classify products, fetch product details, and sync favorite status.
  • Scan requests include the X-User-ID header and the raw OCR text extracted from the product label.
  • Photo uploads: Successfully scanned product photos are uploaded via multipart form-data to our servers after OCR analysis and classification complete. Photos are stored in cloud storage (S3-compatible) and the photo URL is associated with your scan result and user_id.
  • The backend may return product information, images (from our database or user uploads), categories, and halal alternatives based on the submitted OCR text.
• Encryption in transit
  • Production traffic uses HTTPS (TLS). Non‑production environments used for development may use HTTP, but release builds aim to use HTTPS.
• Third‑party frameworks
  • Apple frameworks (Vision, AVFoundation, SwiftData, UIKit) operate locally on your device.
  • Networking uses Alamofire purely as an HTTP client; it does not independently collect personal data.

On‑Device Storage and Retention

• Pseudonymous user_id
  • Stored in UserDefaults until you delete the App or reset the device’s app data.
• Image caching
  • Remote product images loaded from the backend may be cached in the system Caches directory to improve performance. These are not personal to you and may be cleared by iOS automatically or by uninstalling the App.
• Scan history and favorites
  • Products you scan or mark as favorites are stored locally on your device.
  • Scan metadata (product ID, timestamp, favorite status) is synced with the backend to enable cross-device access and personalized recommendations.
  • Successfully scanned product photos are uploaded to our servers and linked to your scan results.
• Scanned product photos
  • Product photos from successful scans (via camera or photo library) are uploaded and stored on our cloud storage servers after OCR processing and classification complete.
  • Uploaded photos are associated with your user_id and the specific scan result ID.
  • Photos may include front and/or back packaging images. The app stores a label ("front" or "back") to indicate which side of the packaging the photo represents, helping display accurate product images.
  • These photos are displayed to other users in search results and product details to help the community identify halal products.
  • Original photos are not retained locally on your device after upload; only the OCR text is kept briefly in memory for classification, then discarded.

Server‑Side Retention

The backend receives raw OCR text and the X-User-ID header to provide product classification and results. We aim to retain this information only as long as necessary to deliver and improve the service.

Successfully scanned product photos are uploaded and stored on our cloud servers indefinitely to maintain the community product database. These photos are associated with your user_id and scan result metadata. You may request deletion of your uploaded photos by contacting us.

Product favorites and scan metadata associated with your user_id may be retained to enable personalization and service continuity. Specific retention periods may vary with operational needs and legal obligations.

Your Choices and Rights

• Permissions
  • Camera: required to scan labels. You can grant or revoke this in iOS Settings.
  • Photo Library: optional for importing images. You can grant or revoke this in iOS Settings.
• Deletion
  • Deleting the App removes on‑device data, including the pseudonymous user_id, cached images, and local scan history.
  • You may request backend deletion of scan metadata, favorites, and scanned photos associated with your user_id by contacting us.
  • Note that successfully scanned photos are uploaded and shared with the community; deletion requests will remove them from our servers, but other users may have already viewed or cached them.
• Opt‑out of tracking
  • The App does not track you across third‑party apps or websites and does not use advertising identifiers.

Data Sharing

• We do not sell personal information.
• We share data only with service providers necessary to operate the backend and deliver App functionality, under appropriate safeguards.

Children’s Privacy

The App is not directed to children under 13. If you believe a child provided us data, please contact us so we can delete it.

Security

We use technical and organizational measures to protect information, including TLS encryption in production for data in transit and controlled access on the backend. However, no method of transmission or storage is 100% secure.

Changes to This Policy

We may update this Policy from time to time. The “Last updated” date at the top reflects the latest revision. Continued use of the App after changes indicates acceptance of the updated Policy.

Contact

For privacy questions or requests (including deletion), please email: business.irham@gmail.com or use the contact method listed on the App Store page.