Data Security
Last Updated: January 2025
🔒 Your Data Security is Our Commitment
At Kado, we implement industry-leading security measures to protect your personal health information and scanning data.
How We Protect Your Data
1. Local Data Storage
Your Most Sensitive Data Stays on Your Device:
- Personal Health Profile: Age, weight, height, health conditions - all stored locally with device-level encryption
- Scan History: Your product scanning history is stored on your device and never uploaded to our servers
- Health Preferences: Dietary preferences and custom scoring settings remain private on your device
2. Encryption Standards
- Data in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption (HTTPS)
- Data at Rest: Any data stored in the cloud is encrypted using AES-256 encryption
- Authentication: Secure token-based authentication with industry-standard protocols
- Password Protection: User passwords are hashed using bcrypt with strong salting
3. Temporary Image Processing
- Product images are processed temporarily for OCR (text extraction)
- Images are deleted immediately after processing - typically within seconds
- No permanent storage of product photos unless you explicitly save them
- OCR processing uses secure, isolated environments
4. Third-Party Security
We carefully vet all third-party services we use:
- Community Database (powered by Firebase/Google): SOC 2/3 compliant, GDPR compliant, industry-leading security
- Google ML Kit: On-device processing where possible, minimal data transmission
- Groq AI: Secure API calls with no data retention
- Open Database: Read-only access to public nutrition database
5. Access Controls
- Principle of least privilege for all system access
- Multi-factor authentication for administrative access
- Regular security audits and penetration testing
- Limited employee access to user data (only for support with explicit permission)
6. Data Minimization
We only collect what we absolutely need:
- No location tracking
- No contact list access
- No unnecessary device permissions
- Anonymous analytics only (no personally identifiable information)
What You Can Do
Protect Your Account:
- Use a Strong Password: Combine letters, numbers, and special characters
- Enable Device Security: Use biometric authentication or PIN on your device
- Keep App Updated: We regularly release security patches and improvements
- Be Cautious: Never share your login credentials with others
Control Your Data:
- Delete Anytime: You can delete your scan history and health profile from app settings
- Export Your Data: Request a copy of your data at any time
- Account Deletion: Permanently delete your account and all associated data
Incident Response
In the unlikely event of a security breach:
- We will notify affected users within 72 hours
- We will provide details about what data was affected
- We will outline steps taken to secure the breach
- We will recommend protective actions you can take
Compliance & Certifications
- GDPR Compliant: Full compliance with EU data protection regulations
- CCPA Compliant: California Consumer Privacy Act compliance
- App Store Guidelines: Meets Apple and Google security requirements
- OWASP Standards: Development follows OWASP secure coding practices
Questions About Security?
If you have security concerns or questions:
- Email our security team: [email protected]
- Report security vulnerabilities responsibly (we appreciate responsible disclosure)
- Read our Privacy Policy for more details
🛡️ Our Security Promise
We continuously monitor, update, and improve our security measures to protect your health data. Your trust is our priority.