Privacy Policy

Version: 1.0 Last updated: 2026-04-13

Bounty is operated by 1905106 Alberta Inc., an Alberta corporation ("we", "us", "Bounty"). This Privacy Policy explains, in plain language, what we collect, what we don't, and how we handle your information.

A formal version with statutory references and legal definitions lives at Appendix A — Formal Privacy Clauses. The two documents say the same things; if there's ever a conflict between this document and Appendix A, the plain-language version here governs your relationship with us.

The short version

Bounty is built on a simple idea: we don't need to know much about you to do our job. You scan grocery shelf tags, we verify the prices, the community benefits. That's it.

The only piece of personal information you give us — and the only piece you can change — is your email address. Everything else is either anonymous (your scan handle), automatically generated (your account ID), or about the scan itself rather than about you.

Because we deliberately know so little about you, we cannot recover your account if you lose access to your email. There's nothing for us to verify against. This is intentional. It's what makes Bounty a poor target for data breaches and a poor target for anyone trying to coerce information out of us. The trade-off is that the responsibility for keeping your email secure sits with you.

What we collect

Account information

  • Email address — required to create an account and to receive transactional emails (subscription receipts, redemption confirmations, important account notices). You control this and can update it from your account settings.
  • Scan handle — a name you choose to display on the leaderboard and on your scan contributions. This can be a pseudonym; it doesn't need to be your real name.
  • Account ID — a randomly generated identifier we use internally. You don't see it; we don't share it.
  • Password (if you use password login) — stored as a salted hash, never in plain text. We can't see your password.
  • Passkeys (if you use passkey login) — stored as cryptographic public keys. We can't use them to impersonate you.
  • Subscription status — whether you have an active Bounty subscription, and your Stripe customer ID (the ID, not your card details — see "Third parties" below).
  • Role flags — whether you're an administrator, scout, or regular user.

Scan information

  • Photos of shelf tags you submit when scanning. These photos may incidentally include parts of the surrounding shelf, your hand, or your shopping cart. We strip location metadata (EXIF GPS) from photos on upload.
  • Coordinates of the scan, used to identify which store and which area of the store the scan came from. We store these at store-level granularity, not pinpoint location. We do not track your movement, route, or location outside of a scan event.
  • Timestamps of when scans happened.
  • Diagnostic images when scan parsing fails or needs review. These help us improve the parser. We delete diagnostic images after they've served their auditing purpose.

Activity information

  • Your scan history — the products and prices you've contributed.
  • Points earned and redemption activity.
  • Basic device and browser information — what kind of phone, what browser version — used for debugging and parser improvement. Not used for tracking or advertising.

What we don't collect

  • We don't collect your real name (unless you choose to put it in your handle).
  • We don't collect your phone number.
  • We don't collect your home address.
  • We don't collect your payment card details — Stripe handles those, and we never see them.
  • We don't track your browsing on other websites.
  • We don't use third-party advertising trackers, pixels, or analytics that follow you off Bounty.
  • We don't access your phone contacts, photo library (beyond the photo you actively take during a scan), microphone, or calendar.
  • We don't read or store any data from other apps on your device.
  • We don't sell your data. Not to retailers, not to advertisers, not to data brokers. There is no version of Bounty where this changes.

How we use what we collect

  • Email — to send you transactional messages (subscription, redemption, account security). We don't send marketing emails.
  • Scan photos and coordinates — to verify shelf prices and build the community price dataset.
  • Diagnostic images — to improve our parser and OCR accuracy.
  • Subscription status — to determine your access to paid features.
  • Activity information — to calculate points, populate the leaderboard, and show you your own scan history.
  • Device and browser info — to debug issues and improve compatibility.

We don't use your data to build advertising profiles, train external AI models on your photos for unrelated purposes, or share it with retailers to help them market to you.

Third parties we work with

Running Bounty requires a small number of trusted service providers. Each one gets only what they need to do their job:

Provider What they get Why
Stripe Your email, subscription status, payment card (entered directly into Stripe, never touches our servers) Subscription billing
Google Cloud Vision Your scan photos Optical character recognition (reading text from shelf tags)
Cloudflare R2 Your scan and diagnostic photos Photo storage
MongoDB Atlas Your account record, scans, activity data Database hosting
DigitalOcean All Bounty application traffic Application hosting
Brevo Your email address, transactional message content Sending you account emails
Anthropic Anonymized product text from scans (no personal information) Product enrichment and categorization

These providers have their own privacy practices, which apply when your data is in their hands. We've chosen them because their practices are reasonable, but we encourage you to review them if you have concerns.

Where your data lives today: The Bounty application itself runs on Canadian servers (DigitalOcean in Toronto). Your account and scan data are currently stored on AWS infrastructure in Oregon (via MongoDB Atlas) — Canadian database hosting requires a paid tier we haven't grown into yet. Your scan photos sit on Cloudflare's global storage network. Brevo (transactional email) is based in the European Union. The remaining service providers — Stripe (payments), Google (OCR), Anthropic (AI enrichment) — are based in the United States.

Where we want it to live: Bounty is a Calgary company, and we'd like more of our infrastructure to live in Canada. As we grow, we plan to migrate database storage to a Canadian region (Calgary or Montreal). We'll update this policy and let you know when that happens. Appendix A has the formal cross-border transfer language.

Your scan photos

When you submit a scan photo:

  • We strip EXIF location metadata before storage.
  • We grant ourselves a license to store, display, and aggregate the photo for the purpose of operating Bounty's services. We don't use your photos for marketing, advertising, or anything outside Bounty.
  • We delete scan photos once they're no longer needed for price verification or diagnostic auditing. We're working on formalizing the specific retention windows; until then, our principle is "delete as soon as it's no longer useful."
  • If your scan is rejected (bad lighting, wrong product, etc.), we may delete the photo immediately.

If you ever want a specific photo removed, contact us and we'll handle it.

Your rights

You can:

  • Update your email — from your account settings.
  • Update your handle — from your account settings, subject to our handle rules.
  • Export your data — request a copy of the personal information we hold about you, by emailing [email protected]. We'll provide it within 30 days.
  • Delete your account — from your account settings. Deletion removes your email, handle, and direct identifiers from your scans. Your scan contributions remain in the community dataset in anonymized form (we can no longer link them to you, but the price data itself stays). Unredeemed points are forfeited on deletion.
  • Correct your information — since the only personal information we hold that you can change is your email, this is largely covered by "update your email." For anything else, contact us.
  • File a complaint — with us first ([email protected]), and if we can't resolve it, with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca).

Account recovery — please read this

We want to be honest about something most apps gloss over.

If you lose access to the email on your Bounty account, we cannot get you back in.

We don't ask for your phone number. We don't ask for your full name. We don't ask security questions. We don't have your address. There is no information we hold that we could use to verify you're really you. Anything we did to "help" would just be us guessing, and a determined attacker could guess the same things.

This is a deliberate choice. It's the same choice that protects you from the opposite scenario — someone calling us pretending to be you and convincing us to hand over your account.

Your responsibility:

  • Use an email address you'll keep access to long-term.
  • If you're using password login, use a strong unique password (a password manager is the easiest way).
  • If you're using passkey login, keep at least one passkey backup configured.
  • If you change email providers, update your Bounty email before you lose access to the old one.

If you do lose access, your only option is to start a new account. Your previous scan history and points balance will not transfer.

Children

Bounty is not designed for children under 13. We don't knowingly collect information from anyone under 13. If you believe a child has created an account, contact us and we'll remove it.

For users between 13 and 18, the consent of a parent or guardian is recommended. Alberta law has specific provisions about minors' consent that are addressed in Appendix A.

Security

We use industry-standard practices to protect your information:

  • All traffic to and from Bounty is encrypted in transit (HTTPS).
  • Passwords are stored as salted hashes; passkeys are stored as cryptographic public keys.
  • Photos are stored in encrypted-at-rest object storage.
  • Access to production systems is limited to authorized personnel and logged.

No system is perfectly secure, but our minimal data collection means there's relatively little to steal. If we ever experience a security incident affecting your information, we'll notify you in accordance with applicable Canadian privacy law (see Appendix A for specifics).

Changes to this policy

We'll update this Privacy Policy from time to time. Material changes will be:

  • Announced in-app at least 30 days before they take effect.
  • Notified to you by email at least 30 days before they take effect.
  • Versioned (the version number at the top of this document goes up).
  • Logged in the changelog at the bottom of this document.

Continued use of Bounty after a material change takes effect means you accept the updated policy. If you don't accept it, you can delete your account before the change date.

Contact us

For privacy questions, data requests, or complaints: [email protected]

For general support: [email protected]

For legal/formal matters: [email protected]

Mailing address: 1905106 Alberta Inc. Suite 707, 930 16 Avenue Southwest Calgary, Alberta T2R 1C2 Canada

Changelog

Version Date Changes
1.0 2026-04-13 Initial Privacy Policy.