Truthy SystemsTruthy Systems
v3.0
PlateProfit: Food CostingPlateProfit: Food Costing·android, web +1

PlateProfit: Food Costing — Privacy Policy

How we handle your personal data when you use PlateProfit: Food Costing.

Last updated: January 1, 2025Effective: January 1, 2025
01

Introduction

Truthy Systems ("we", "us", or "our") is a software development company registered in Uganda. This Privacy Policy describes how we collect, use, store, and protect personal information when you use the PlateProfit: Food Costing application.

By accessing or using our products you acknowledge that you have read, understood, and agreed to the practices described in this policy. If you do not agree, please discontinue use immediately.

This policy is governed by the Data Protection and Privacy Act 2019 (Uganda) and, where applicable, the EU General Data Protection Regulation (GDPR). We are committed to full compliance with both frameworks and apply the stricter standard where they differ.
02

Data we collect

We collect only the minimum personal data necessary to provide and improve our services. The categories of data we may collect are:

Information you provide directly

Data typePurpose
Account credentialsEmail address and hashed password used to authenticate your identity.
Profile informationDisplay name, profile photo, and optional contact details.
Financial dataTransaction records, invoice details, and payment references (we do not store raw card numbers).
Support communicationsMessages, attachments, and metadata from support tickets or feedback forms.

Information collected automatically

Data typePurpose
Usage analyticsFeature interactions, session duration, crash reports, and performance metrics.
Device informationDevice model, OS version, app version, and a pseudonymous device identifier.
Log dataIP address (truncated), timestamps, HTTP method, response codes, and referrer URLs.
Location dataCoarse location derived from IP; precise GPS only when explicitly requested by the app feature.

Information from third parties

  • Google Sign-In: name, email, and profile picture when you authenticate via Google.
  • Firebase Authentication: authentication tokens and session metadata.
  • Google AdMob: advertising identifiers and ad interaction events (where applicable).
03

How we use your data

We process personal data only for specified, explicit, and legitimate purposes. We do not use your data in ways that are incompatible with the purpose for which it was collected.

  • Service delivery: Creating and managing your account, processing transactions, and delivering core product functionality.
  • Security and fraud prevention: Detecting unauthorised access, abuse, and policy violations.
  • Product improvement: Analysing aggregated, anonymised usage patterns to improve features and fix bugs.
  • Communications: Sending transactional emails (receipts, password resets, critical notices). Marketing emails are sent only with explicit consent and can be unsubscribed from at any time.
  • Legal compliance: Fulfilling obligations under applicable law, including responding to lawful requests from authorities.
  • Analytics: Understanding how features are used to prioritise development. Analytics data is pseudonymised and never sold.
We never sell your personal data. We do not trade, rent, or exchange personal information with third parties for marketing or advertising purposes.
05

Data sharing and disclosure

We share personal data only in limited circumstances and with appropriate safeguards:

Service providers (processors)

  • Google Firebase — authentication, database hosting, push notifications, and crash reporting.
  • Google AdMob — in-app advertising (pseudonymous identifiers only).
  • Flutterwave — payment processing for mobile money integrations.
  • Vercel — web application hosting and edge delivery.

All processors are bound by Data Processing Agreements and are prohibited from using your data for their own purposes.

Legal disclosures

We may disclose data when required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of Truthy Systems, our users, or the public.

Business transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected users before any such transfer occurs and provide an opportunity to delete accounts.

06

Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data typePurpose
Active account dataRetained for the lifetime of your account.
Inactive accountsDeleted or anonymised after 24 months of inactivity, with 30-day notice.
Transaction recordsRetained for 7 years for tax and financial compliance purposes.
Support communicationsRetained for 3 years after resolution.
Analytics (aggregated)Retained indefinitely in anonymised, non-identifiable form.
Crash reportsRetained for 90 days, then automatically purged.
07

Security measures

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure.

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted using AES-256 managed by Google Cloud.
  • Authentication tokens are short-lived and rotated automatically.
  • Firestore security rules enforce least-privilege access at the document level.
  • Administrative access is protected by multi-factor authentication.
  • We conduct periodic security reviews and penetration tests.

Despite these measures, no system is entirely secure. We encourage you to use a strong, unique password and to enable biometric lock where available in our apps.

In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.

08

Your rights

You have the following rights regarding your personal data. To exercise any of them, use the data deletion form on this page or contact us at privacy@truthysystems.com.

Data typePurpose
Right to access (Art. 15)Obtain a copy of all personal data we hold about you.
Right to rectification (Art. 16)Correct inaccurate or incomplete data.
Right to erasure (Art. 17)Request deletion of your data where there is no overriding legal basis for retention.
Right to restriction (Art. 18)Restrict processing while accuracy or legitimacy is contested.
Right to portability (Art. 20)Receive your data in a structured, machine-readable format.
Right to object (Art. 21)Object to processing based on legitimate interests or direct marketing.
Right to withdraw consentWithdraw any previously given consent at any time, without affecting prior processing.
We will respond to all verifiable requests within 30 days. In complex cases we may extend this by a further 60 days, and will notify you accordingly. There is no charge for exercising your rights.
09

Cookies and tracking

Our web properties use cookies and similar tracking technologies. Mobile applications do not use browser cookies but may use equivalent persistent identifiers.

Essential cookies

Required for authentication sessions, CSRF protection, and load-balancing. These cannot be disabled without breaking core functionality.

Analytics cookies

Used to understand traffic patterns and feature usage. These are pseudonymised and can be opted out of via your browser settings or our cookie preference centre.

Advertising identifiers (mobile)

Where AdMob is integrated, Google may use your advertising identifier to serve contextually relevant ads. You can reset or opt out of personalised ads in your device's privacy settings.

10

International data transfers

Our infrastructure is hosted on Google Cloud Platform, which operates data centres globally. Data may be processed in the United States or European Economic Area.

Where data is transferred outside Uganda or the EEA, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent mechanisms under Ugandan law.

11

Children's privacy

Our general-purpose services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

If you believe we have inadvertently collected data from a child under 13, please contact us at privacy@truthysystems.com and we will delete it promptly.

12

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a prominent notice within the affected application at least 30 days before changes take effect.
  • Sending an email to the address associated with your account.
  • Updating the "Last updated" date at the top of this page.

Continued use of our services after the effective date of changes constitutes acceptance of the updated policy. If you do not accept the changes, you may delete your account and cease use.

13

Contact us

For any privacy-related questions, complaints, or to exercise your rights, contact our Privacy Team:

Organisation

Truthy Systems

Country

Uganda

If you are unsatisfied with our response, you have the right to lodge a complaint with the National Information Technology Authority — Uganda (NITA-U) or, for EU residents, your local data protection supervisory authority.

Privacy questions

Contact our privacy team for any queries about how we handle your data.

privacy@truthysystems.com

Terms of Service

Review the terms that govern your use of Truthy Systems products.

Read Terms of Service

Data deletion

Request deletion, export, or correction of your personal data.