Privacy Policy — Застілля (Zastillia)
App: «Застілля» (Zastillia) for iOS Last updated / Effective: 2026-05-14
1. Who we are
«Застілля» ("Zastillia", "we", "us", the "App") is operated by San Byn Nhuien, a sole proprietor (ФОП) registered in Ukraine (the "operator" / data controller under Ukraine's Law "On Personal Data Protection" and, where applicable, the EU/UK GDPR).
Contact: support@zastillia.app.
This Policy explains what personal data the App processes, why, with whom it is shared, how long it is kept, and your rights. It applies to the iOS app and its extensions and to our backend services. It does not cover third-party services you choose to connect to (e.g. a grocery store's website you log into through the App) — those are governed by their own policies.
2. At a glance — what data is processed
| Data | Where it comes from | Why | Who receives it | Retention |
|---|---|---|---|---|
| Anonymous install identifier | Created automatically when you first open the App | Associate your imported recipes and usage with your install; verify your requests come from the App | Our backend (Google Firebase) | Until you delete the App or request erasure |
| Recipe text you paste, on-device text recognition output, on-device audio transcripts; for video links — the linked video is downloaded on our server | You (paste / photo / video / URL) | Turn it into a structured recipe (ingredients, steps, calories/macros) | Our backend → OpenAI, Inc. and Anthropic, PBC; cached on our backend | Cached on our backend while you use the App; LLM providers per their own policies (see §4) |
| Weight, height, biometric characteristics (age, sex) | Apple Health, only if you connect it | Compute your daily calorie/macro targets | Nobody — used only on your device | Your device only |
| Delivery address, approximate device location | You type the address; iOS provides location ("while using the app") if you allow it | Find grocery stores that deliver to you; add items to your store cart | Apple's mapping service; the grocery store you choose, when you order | Not sent to our backend; not stored by us. Recent addresses are kept on your device only |
| Grocery-store session | Captured in an in-app browser when you log into a store site | Add items from your list to your cart on your own store account | Stays on your device; sent only to that store's servers | Your device. Cleared when you remove the App |
| Subscription / purchase status | Apple StoreKit | Unlock Premium features | Apple, Inc.; the entitlement state is reflected to our backend's quota records | Handled by Apple; we do not receive your payment-card data |
| App-usage events and screen views (incl. the names of recipes and ingredients/search terms you interact with — never delivery addresses, coordinates, store-account details, or your name), an app-instance identifier, your install identifier, country, app language, accent/theme, subscription status, whether Apple Health is connected, onboarding completion | The App | Understand which features are used; improve the App; A/B-test the paywall | Firebase Analytics (Google LLC) | Up to 14 months by default |
| Crash reports, performance/diagnostic data | The App | Detect and fix bugs and performance issues | Firebase Crashlytics / Performance (Google LLC) | Per Firebase's retention (typically up to 90 days for crash data) |
| App-attestation token | Apple App Attest | Verify requests to our backend come from a genuine, untampered install | Apple; Firebase App Check (Google LLC) | Short-lived |
| Settings, onboarding state, theme/accent, cached recipe images and metadata, your manual recipes and weekly plan | The App / you | Run the App | Your device and, for your recipe book, your own iCloud private database | Your device / your iCloud, until you delete them or the App |
We do not: ask for your name, email, or any other personal identifier to use the App; use your data for cross-app/cross-site tracking (no IDFA, no App Tracking Transparency prompt, no ad personalization); sell or rent personal data; share data with data brokers or advertising networks; use Apple Health data for advertising, marketing, or any purpose other than computing your in-app calorie/macro targets.
3. How you access the App — anonymous access
The App uses anonymous access. We do not ask for your name, email, or any personal identifier, and there is no "sign-in with [provider]" step. When you first open the App an anonymous install identifier is created automatically on our backend and used to associate your imports and usage with your install. This identifier is not linked to your real-world identity. Legal basis: performance of our agreement with you (the Terms of Use).
4. Recipe content you import
You can build recipes by typing/pasting text, from a photo (we run text recognition on your device), from a video file (we extract text/audio on your device), or from a link to TikTok / YouTube / Instagram.
- For pasted text, photo text-recognition output, and on-device transcripts: only the extracted text leaves your device. The source photos and videos do not leave your device.
- For a video link, our backend downloads the linked video, extracts audio/frames, and processes them — i.e. for this path the video content is processed on our infrastructure.
In all cases the extracted text is sent to our backend, which forwards it to OpenAI (transcription, vision text-recognition, recipe synthesis) and Anthropic (recipe synthesis) to produce a structured recipe (title, ingredients, steps, per-serving calories/protein/fat/carbs). The result is cached on our backend and associated with your install. We have configured the API tier with these providers and our inputs are not used by them to train models on their side, but you should review OpenAI's and Anthropic's policies for details of their handling and retention. Legal basis: performance of our agreement / your request.
We do not operate a public recipe feed; recipes you create or import are visible only to you (and synced to your own iCloud).
5. Health and fitness data (Apple Health)
If you connect Apple Health, the App reads your weight, height and biometric characteristics (date of birth, biological sex) to calculate your daily calorie and macronutrient (КБЖВ) targets. This data is used only on your device to perform that calculation — it is not transmitted to our servers, not stored by us, and not shared with anyone. You can disconnect Health at any time in iOS Settings → Privacy & Security → Health, or in the App's Profile screen. We comply with Apple's HealthKit requirements: we do not use Health data for advertising, marketing, data mining, or any use other than your in-app health targets, and we do not sell it.
КБЖВ / nutrition values shown in the App are AI-generated estimates and are not medical or nutritional advice. See §6 of the Terms of Use.
6. Location and delivery address
To help you order groceries, the App can use your location ("while using the app") to find stores that deliver to your area, and you may enter a delivery address (with address autocomplete powered by Apple's mapping service). Your location and address are sent to Apple for autocomplete/geocoding and, only when you place an order, to the grocery store you select. They are not sent to our backend and are not stored by us. The App keeps a short list of your recently used addresses on your device only. You can decline or revoke the location permission in iOS Settings (the grocery-ordering feature will then ask you to enter an address manually). Legal basis: your consent (location permission) and performance of your ordering request.
7. Grocery ordering and store sessions
The grocery-ordering feature (currently available to users in Ukraine) lets you add the items on your shopping list to your cart at Сільпо and stores on Zakaz.ua. To do this the App opens an in-app browser where you browse / log in to the store; it then reuses your own session with that store to add items to your cart. The relevant session data stays on your device.
Zastillia is an independent tool and is not affiliated with, endorsed by, or partnered with Сільпо, Zakaz.ua, or any retail chain. We do not receive your store login credentials, we do not process your payment, and we do not place or fulfil the order — you complete checkout and payment directly with the store on the store's site. Product prices and availability shown come from the stores' systems. The store's own terms and privacy policy apply to your relationship with it.
8. Purchases and subscriptions
Premium subscriptions are sold and billed by Apple via the App Store. Apple processes your payment; we do not receive your payment-card data. We receive your entitlement/transaction status (e.g. "subscribed", plan, renewal date, trial eligibility) so the App can unlock Premium features, and a usage/spend record is kept on our backend associated with your install. See the Terms of Use for subscription details. Legal basis: performance of our agreement.
9. Analytics, diagnostics and integrity
- Firebase Analytics — feature-usage and screen-view events, plus "sticky" properties (install identifier, country, app language, accent colour, theme, subscription status/plan/trial-eligibility, whether Apple Health is connected, onboarding completion, and, for paywall A/B-testing, which paywall variant was shown). Some event parameters include the names of recipes and of ingredients/search terms you interact with. We deliberately do not log delivery addresses, geographic coordinates, grocery-store account details, or anything that identifies you personally. Firebase Analytics here runs without the IDFA and without ad personalization, so the App shows no App Tracking Transparency prompt and does not track you across other companies' apps or sites.
- Crashlytics / Firebase Performance — crash logs and performance/diagnostic data to find and fix bugs.
- App Check (Apple App Attest) — an attestation token so our backend can verify requests come from a genuine, untampered copy of the App.
- Remote Config — feature flags and configuration (e.g. which paywall design to show); does not collect personal data from you.
Legal basis: our legitimate interest in maintaining, securing and improving the App (and your consent where required by local law for analytics identifiers).
10. Data stored on your device and in your iCloud
The App stores on your device: settings, onboarding state, theme/accent, analytics opt flags, cached recipe images and their file sizes, your manual recipes, your weekly plan, your shopping list, recent delivery addresses, and the grocery-store session described in §7. Your recipe book is also synced to your own iCloud private database — that is your personal iCloud storage, governed by Apple's iCloud terms and privacy policy; we cannot read it. Deleting the App removes the on-device data; managing iCloud data is done in iOS Settings.
11. Third parties / sub-processors
We use the following service providers, who process data on our behalf or receive data because you chose to use a feature:
| Provider | Role | Policy |
|---|---|---|
| Google LLC (Firebase) | Anonymous backend identification, backend processing, analytics, crash reporting, attestation, configuration | https://firebase.google.com/support/privacy , https://policies.google.com/privacy |
| OpenAI, Inc. | Speech-to-text, vision text-recognition, recipe synthesis | https://openai.com/policies/privacy-policy |
| Anthropic, PBC | Recipe synthesis (Claude) | https://www.anthropic.com/legal/privacy |
| Apple, Inc. | App distribution, StoreKit purchases, Apple Health, mapping/location, iCloud, App Attest | https://www.apple.com/legal/privacy/ |
| The grocery retailer you choose (e.g. Сільпо, Zakaz.ua chains) | Receives your order, address, and payment when you place an order | The retailer's own policy |
12. International transfers
Our backend providers (Google/Firebase, OpenAI, Anthropic, Apple) are based in or operate from the United States and other countries. When you use the App, personal data may therefore be transferred outside Ukraine/the EEA. Where required, such transfers rely on appropriate safeguards (e.g. the providers' Data Processing Agreements and Standard Contractual Clauses).
13. How long we keep data
- Anonymous install identifier and associated cached data: until you delete the App or request erasure.
- Firebase Analytics: up to 14 months (default).
- Crash data: per Firebase's retention (typically up to 90 days).
- On-device data: until you delete it or remove the App.
- LLM-provider handling: per OpenAI's / Anthropic's policies.
14. Your rights
Depending on where you live, you have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to certain processing; data portability; and to withdraw consent (e.g. location, Health) at any time. You also have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (Ombudsman) or your local supervisory authority.
Because the App uses anonymous access, your data on our backend is identified only by the install identifier created automatically on your device. To exercise your rights, contact support@zastillia.app from the email address you'd like us to reply to and describe which data you want to access or erase; we may ask you to confirm details that match a request that originated from your install (e.g. recent activity) so we can be sure we're acting on the right account.
In-app controls today: you can disconnect Apple Health and revoke the location permission in iOS Settings; you can delete individual recipes; and the App's Profile screen offers a delete-account action that removes your install's link to our backend. Removing the App also clears the on-device data described in §10.
15. Children
The App is not directed to children. You must be at least 16 years old (or the minimum age set by the Terms of Use / required by your local law) to use the App. We do not knowingly collect personal data from children below that age; if you believe a child has provided us data, contact support@zastillia.app and we will delete it.
16. Security
We use TLS for data in transit; per-install authorization to gate our backend; and store our service-provider keys in a secrets manager (never in the app binary). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
17. Changes
We may update this Policy. Material changes will be notified in the App and/or at https://zastillia.app/privacy. The "Last updated" date shows the current version.
18. Contact
Questions or requests: support@zastillia.app — San Byn Nhuien, sole proprietor (ФОП), Ukraine.