Privacy policy

Owner and Data Controller

Octovenio MB, Vilkpėdės g. 22, Vilnius, Lithuania
Owner contact email: [email protected]

Effective Date: 2023-11-04

At Laito, we take your privacy seriously, and we are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our health app, "Laito" (the "App").

Please read this Privacy Policy carefully to understand how we handle your personal data. By using the App, you consent to the practices described in this policy.

1. Information We Collect

Among the types of Personal Data that Laito collects, by itself or through third parties, there are: first name; email address; Usage Data; Camera permission; device information; geography/region; number of Users ; number of sessions; session duration; In-app purchases; Application opens; Application updates; first launches; operating systems; Universally unique identifier (UUID); Crash information; geographic position.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using Laito. Unless specified otherwise, all Data requested by Laito is mandatory and failure to provide this Data may make it impossible for Laito to provide its services. In cases where Laito specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner. Any use of Cookies – or of other tracking tools — by Laito or by the owners of third-party services used by Laito serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document.

Users are responsible for any third-party Personal Data obtained, published or shared through Laito.

We collect the following categories of personal information:

1.1. Registration Information: When you sign up for an account with Laito, you are required to provide your email address and create a password. This information is necessary for account creation and to access personalized features within the App.

1.2. Allergen and Ingredient Preferences: In order to provide you with a tailored experience, we collect information about the ingredients you want to avoid and any allergies you may have. This data is used to customize product recommendations and scan results for your specific dietary needs.

1.3. Usage Information: We collect information about how you use the App, including the products you scan, searches, and interactions with the App's features. This information helps us improve the App's functionality and user experience.

1.4. Device and Log Data: We automatically collect device information, such as your device type, operating system, and unique device identifiers. We also gather log data, including IP addresses, access dates, and user actions within the App. This data is used for security, analytics, and troubleshooting purposes.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1. Personalization: Your allergen and ingredient preferences are used to customize the App's recommendations and scan results, ensuring they align with your dietary restrictions and allergies.

2.2. Account Management: We use your registration information to create and manage your Laito account, including account recovery and communication related to your account.

2.3. App Improvement: We analyze usage and device data to enhance the App's performance, features, and user interface.

2.4. Communication: We may send you updates, alerts, and notifications related to the App, including changes to our Privacy Policy or Terms of Service.

2.5. Legal Compliance: We process your personal information as required by applicable laws and regulations, including but not limited to EU data protection laws.

3. Data Sharing

We do not sell your personal data to third parties. However, we may share your data in the following circumstances:

3.1. Service Providers: We may share your information with third-party service providers who assist us with hosting, data analytics, and other operational services.

3.2. Legal Obligations: We may disclose your information when required by law or in response to a legal request, such as a court order or government inquiry.

3.3. Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your personal information may be transferred as part of the transaction.

4. Data Security

We implement reasonable security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

5. Your Rights

You have certain rights regarding your personal data under applicable data protection laws, including the right to access, rectify, delete, or restrict the processing of your information. You may also request a copy of your data or withdraw your consent, where applicable.

6. Contact Us

If you have questions, concerns, or requests related to your privacy or this Privacy Policy, please contact us at [email protected].

7. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of any material changes via the App or email.

By using Laito, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, please discontinue use of the App.

Last Updated: 2023-11-04

Further Information for Users in the European Union

This section applies to all Users in the European Union, according to the General Data Protection Regulation (the “GDPR”), and, for such Users, supersedes any other possibly divergent or conflicting information contained in the privacy policy. Further details regarding the categories of Data processed, the purposes of processing, the categories of recipients of the Personal Data, if any, and further information about Personal Data can be found in the section titled “Detailed information on the processing of Personal Data” within this document.

Legal basis of processing The Owner may process Personal Data relating to Users if one of the following applies:

Users have given their consent for one or more specific purposes. provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof; processing is necessary for compliance with a legal obligation to which the Owner is subject; processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner; processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party. In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Further information about retention time Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.


Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed. Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner. The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfill a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

The rights of Users based on the General Data Protection Regulation (GDPR) Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following, to the extent permitted by law:

Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing. Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected. Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it. Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Data from the Owner. Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. Lodge a complaint. Users have the right to bring a claim before their competent data protection authority. Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

Details about the right to object to processing Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.

Visos teisės saugomos © 2023 Laito