Data security & formulation confidentiality
Your formulation — ingredient identities, ratios and manufacturing process — is the most sensitive thing you share with us. This page lists, concretely, how it is protected at every step. Every item below describes shipped behavior, not intent.
Your formulation stays in your browser until you order
While you build a recipe in the calculator, it is stored only in your browser's local storage. Nothing reaches our servers until you place an order — and then only as that order's pinned snapshot.
Encrypted at rest (AES-256-GCM)
On our servers, order formulation snapshots, in-flight checkout snapshots and uploaded lab certificates are encrypted with AES-256-GCM before they touch the database. Each ciphertext is bound to its column, so a copied value cannot be decrypted anywhere else.
You can permanently delete your formulation
After saving your report, a “Delete formulation from server” action on the order page irreversibly erases the ingredient list, amounts and process from our servers. The report's verification page and SHA-256 hash remain valid, so your saved copy can still be authenticated.
Reports are never emailed
The report is delivered only inside your signed-in account, as a download (PDF or self-contained HTML file). We never attach your report or formulation to an email.
AI import is optional — and never trains models
If you use AI import, your pasted text or photos are sent to Anthropic solely to extract structured data; under the commercial API terms, inputs are not used to train models. Uploaded images are processed in memory and never stored. If you enter your recipe manually, it is never sent to any AI provider.
Public verification never exposes the recipe
The public verification page confirms issuance facts only — product name, market, tier, dates, versions and the document hash. The hash is one-way: it proves a document's integrity without revealing any formulation data.
We never see your card
Paddle is our merchant of record; card and billing details go directly to Paddle and never touch our servers.
Encrypted in transit
All traffic between your browser and foodfact.co is encrypted with TLS, enforced with HTTP Strict Transport Security.
Contractual confidentiality
Our Terms treat your submitted formulation as your confidential information — used only to provide the service, never disclosed except to the processors named in the Privacy Policy, with obligations that survive account closure. Terms of Service · Privacy Policy
Questions about security, or something to report: support@foodfact.co.