Privacy Policy
Last Updated:
Haven Verified ("Haven," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to the Haven mobile app (iOS and Android), our website at havenverified.com, and the administrative tools we use to operate them (collectively, the "Service").
If you have questions, email us at privacy@havenverified.com.
1. Who We Are
Haven helps parents and caregivers make safer baby food choices by grading products A through F across five categories: ingredients, heavy metals, certifications, transparency, and recalls. We are an independent service — we do not accept money from baby food brands.
2. Information We Collect
2.1 Information you provide directly
Account information. When you create an account, we collect your email address and a password. Your password is stored only as a one-way bcrypt hash; we never see or store your actual password.
Sign in with Apple or Google. If you choose social sign-in, the provider sends us your email address and a stable user identifier. We do not receive your password from these providers.
Profile and saved data. Your saved products, browsing history, and in-app preferences. These are stored locally on your device by default and may also be synced to your account on our servers.
Product requests. If you ask us to add a product to our catalog, we collect any text and photos you submit.
Promo code redemptions. If you redeem an influencer or VIP code, we record the code, your account, and the timestamp.
Communications. Anything you send to our support email or other communication channels.
2.2 Information collected automatically
Device information. Device model, operating system version, app version, and language. We use this to diagnose issues and to determine whether your installed app version is supported.
Anonymous device identifier. A randomly generated UUID stored locally on your device. We use it to group analytics events from the same device when you are not signed in. It is not the IDFA, not a hardware identifier, and is reset when you reinstall the app.
Analytics events. A fixed list of in-app actions, such as "app opened," "product viewed," "paywall viewed," "purchase succeeded," and "barcode scan attempted." We do not record search queries, names, email addresses, OTPs, or other personal content as event properties — our system strips these before any event is sent.
Crash and performance data. When the app crashes or behaves unexpectedly, we collect technical details about the failure (such as a stack trace, device state, and recent app activity) to fix bugs.
Purchase activity. If you subscribe, we receive transaction confirmations, your subscription status, renewal dates, and entitlements.
2.3 Information collected via permissions you grant
Camera. Used only while you are actively scanning a barcode or identifying a product by photo. Images are not retained after they are processed.
Photo library (read). Used only when you choose to pick an existing photo to identify.
Photo library (write). Used only when you choose to save a shareable product card.
None of these run in the background, and none of them collect data without your action.
2.4 Information we do not collect
We do not collect your precise or coarse location.
We do not access your contacts, microphone, calendar, health data, or motion data.
We do not read your IDFA or perform any cross-app or cross-site tracking.
We do not use third-party advertising networks, social media trackers, or attribution SDKs (no Facebook SDK, no AppsFlyer, no Adjust, no Branch, no Mixpanel, no Amplitude, no Firebase Analytics).
We do not sell your personal information.
3. How We Use Your Information
We use the information described above to:
Provide the Service — authenticate you, sync your saved products, deliver search results and grades, and process subscription purchases.
Improve the Service — understand which features are used, where users get stuck, and what we should build next, using first-party analytics.
Diagnose problems — investigate crashes and performance issues.
Prevent abuse — detect and block credential stuffing, scraping, photo-identification abuse, and promo-code fraud through rate limits and other security measures.
Communicate with you — respond to support requests and send transactional emails such as account verification, password reset, and important account changes.
Comply with the law — respond to lawful requests and enforce our Terms of Service.
We do not use your information for behavioral advertising or sell it to data brokers.
4. Where Your Data Is Stored
Data | Storage location | Purpose |
|---|---|---|
Account, password hash, session tokens | Our managed PostgreSQL database (United States) | Authentication |
Product catalog, brand data, product requests, request photos | Supabase (United States) | Catalog and request workflow |
Locally on your device — anonymous device ID, queued analytics events, saved products, history, preferences | Your device only | Offline functionality |
Crash and performance reports | Sentry (United States) | Diagnostics |
Subscription state | RevenueCat (United States) | Purchase processing |
Transactional emails | Resend (United States) | Sending verification codes and password resets |
5. Service Providers
We share data with the following service providers only as necessary to operate the Service. They are bound by contract to use the data only for the purposes we direct.
Provider | What they receive | Purpose | Their privacy policy |
|---|---|---|---|
Apple | Sign in with Apple identity tokens (if you use it); in-app purchase receipts | Authentication; payments | |
OAuth tokens (if you sign in with Google) | Authentication | ||
RevenueCat | Anonymized user ID, purchase events, subscription status | Subscription management | |
Sentry | Crash data, performance traces, your account ID | Error monitoring | |
Supabase | Catalog reads and writes; product request data | Backend storage | |
Resend | Recipient email and the body of transactional messages | Email delivery | |
OpenAI | Product photo image data when you use "identify by photo." We send only the image — never your account information, location, or contact data. | Product identification | |
Replit | Hosting infrastructure for our backend | Server hosting |
We do not share data with advertising networks or data brokers.
6. App Tracking Transparency (iOS)
We do not perform "tracking" as Apple defines it. You will not see a "Haven would like permission to track you across apps and websites" prompt, because we do not link your in-app activity with data from other companies' apps, websites, or offline properties for advertising or measurement.
7. Data Retention
Account data. Retained while your account is active and for a short period afterward to allow account recovery.
Product requests, saved items, browsing history. Retained while your account is active.
Crash and performance reports. Retained for 90 days, then automatically deleted.
Analytics events. Retained in aggregate form for up to 24 months, then deleted or fully anonymized.
Backups. May persist for up to 30 days after deletion.
8. Account Deletion and Your Rights
8.1 How to delete your account
You can delete your account at any time from Settings → Delete Account in the Haven app. When you delete your account:
Your account record, password hash, sessions, and saved data are permanently deleted from our active systems.
Any product requests you submitted are anonymized — your account ID is removed, but the product entry itself may be retained for catalog completeness.
Your subscription is not automatically canceled. Apple and Google control subscriptions, not us. To cancel a subscription, manage it from your App Store or Google Play account settings.
8.2 Your rights
Depending on where you live, you may have additional rights under laws such as the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), or similar laws in other jurisdictions. These rights may include:
Access — receive a copy of the personal data we hold about you.
Correction — request that we fix inaccurate data.
Deletion — delete your account and associated data (see Section 8.1).
Objection / restriction — object to or restrict certain processing.
Portability — receive your data in a machine-readable format.
Opt-out of sale or sharing — we do neither, so this opt-out is automatic.
To exercise any of these rights, email privacy@havenverified.com. We will verify your identity before acting on your request and will respond within the timeframe required by applicable law.
9. Children's Privacy
Haven is intended for parents and caregivers, not for children. We do not knowingly collect personal information from anyone under 13 years of age (or the age of digital consent in your country). If you believe a child has created an account with us, contact us at privacy@havenverified.com and we will delete it promptly.
10. Security
We take reasonable steps to protect your information, including:
Storing passwords only as bcrypt hashes — never in plain text.
Encrypting all traffic between the app and our servers using TLS 1.2 or higher.
Using signed JWT session tokens with a server-side revocation mechanism.
Rate-limiting sign-in, password reset, photo identification, and promo-code redemption to prevent abuse.
Restricting administrative access and requiring multi-factor authentication for it.
Promptly notifying affected users in the event of a data breach involving their personal information, as required by law.
No system is perfectly secure, and we cannot guarantee absolute security.
11. International Data Transfers
Our servers and most of our service providers are located in the United States. If you use Haven from outside the United States, your information will be transferred to and processed in the United States. By using Haven, you consent to this transfer. For users in the European Economic Area, the United Kingdom, and Switzerland, transfers of personal data outside your country are made under appropriate safeguards such as the European Commission's Standard Contractual Clauses.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you in the app or by email before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Your continued use of the Service after an update means you accept the revised policy.
13. Contact Us
Email: privacy@havenverified.com
Mailing address: Haven Verified, 3914 E Rockingham Rd, Phoenix, AZ 85050
If you are in the European Economic Area or the United Kingdom and have an unresolved concern, you have the right to lodge a complaint with your local data protection authority.
