Privacy Policy.
This Privacy Notice for Fresh Slate Media Ltd ('we', 'us', or 'our') describes how and why we might access, collect, store, use, and/or share ('process') your personal information when you use our services ('Services'), including when you download and use Morsetta, or any other application of ours that links to this Privacy Notice.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions or concerns, please contact us at privacy@menutranslator.app.
Summary of key points
What personal information do we process? We collect very little. A random device identifier and scan count are stored to enforce our fair-use limit. Menu photos are processed in memory and immediately discarded. See Section 1 for details.
Do we process any sensitive personal information? No. We do not knowingly collect sensitive personal information.
Do we collect information from third parties? No.
How do we process your information? We process a minimal device identifier solely to enforce our annual scan limit and to verify your device via Apple App Attest. Menu photos are forwarded transiently to Google Gemini and then discarded. See Section 2.
Do we use AI? Yes. Menu photos are forwarded to Google Gemini to identify dishes. Photos are not retained by us or used for model training. See Section 6.
With whom do we share personal information? Only with the two service providers needed to run the app: Cloudflare (infrastructure) and Google Gemini (AI processing). We share no data with anyone else. See Section 4.
What are your rights? Depending on where you are located, you may have rights to access, correct, or delete your personal information. See Section 10.
- What information do we collect?
- How do we process your information?
- What legal bases do we rely on?
- When and with whom do we share personal information?
- What is our stance on third-party websites?
- Do we offer AI-based products?
- Is your information transferred internationally?
- How long do we keep your information?
- Do we collect information from minors?
- What are your privacy rights?
- Controls for Do-Not-Track features
- Do United States residents have specific privacy rights?
- Do other regions have specific privacy rights?
- Do we make updates to this notice?
- How can you contact us?
- How can you review, update, or delete your data?
1. What information do we collect?
In short: We collect very little. A random device identifier and annual scan count. Menu photos are processed and discarded. Saved menus stay on your device only.
Information you provide directly
Morsetta does not require you to create an account or provide any personal details. We do not collect your name, email address, phone number, or any other identifying information.
Information collected automatically when you use the app
- Random device identifier. On first launch, the app generates a random UUID and stores it in your device's secure Keychain. This identifier is not linked to your name, email, or any personal identity. It is sent to our server on each scan solely to track your annual scan count and to verify your device via Apple App Attest. We do not use it for any other purpose.
- Annual scan count. We store a count of how many menus you have translated in the current calendar year, keyed to your device identifier. This is used to enforce the free scan limit. It resets each January 1.
- App Attest cryptographic key. To verify that requests originate from a genuine copy of Morsetta on a real Apple device, we store a device public key provided by Apple's App Attest service. This key cannot identify you personally.
- Short-lived session markers. To prevent a multi-page scan from being counted multiple times, we store a temporary session marker (maximum 10-minute lifetime) keyed to your device identifier. App Attest verification uses a similarly short-lived challenge token (maximum 5-minute lifetime). Both are discarded automatically and are never used for any purpose other than the single transaction they protect.
Menu photos
When you scan a menu, the photo is resized on your device, sent over HTTPS to our server, and immediately forwarded to Google Gemini to identify the dishes. The photo is held in server memory only for the duration of the request (typically a few seconds) and is then discarded. We never write the image to disk and never retain it.
Saved menus (optional)
If you choose to save a scan, the list of dishes and menu photos are stored locally on your device using Apple's SwiftData framework. This data never leaves your device to our servers. It is included in your device's encrypted iCloud backup if you have that enabled, in the same way as your other app data.
Location (optional)
If you tap Save after a scan and grant location permission, the app may request your approximate location to suggest a nearby restaurant name. Location is used only in that moment, is never transmitted to our servers, and is never stored. You can revoke location access at any time via iOS Settings → Privacy & Security → Location Services → Morsetta.
Payment data
If you subscribe to Morsetta, payment data is collected and processed entirely by Apple. We do not see or store your payment card or billing details. See Apple's privacy notice.
What we do not collect
- Your name, email address, or phone number.
- The content of menus you have scanned (we have no server-side scan history).
- Precise or approximate location on our servers.
- Contacts, photos beyond the one you choose to scan, or any other device content.
- Advertising identifiers or marketing data.
- Browsing history or behaviour across other apps or websites.
This website
The Morsetta marketing website (the site you are reading now) uses no cookies, no analytics scripts, and no tracking of any kind. No personal data is collected when you browse it.
2. How do we process your information?
In short: We process the minimum necessary to deliver the service and prevent abuse. No marketing, no profiling, no advertising.
We process your personal information for the following purposes:
- To deliver the menu translation service. We forward your menu photo to Google Gemini to identify and describe the dishes, then stream the results back to your device.
- To enforce the fair-use scan limit. We maintain your annual scan count using your random device identifier to apply the free-scan allowance and subscription entitlement.
- To verify device integrity. We use Apple App Attest to confirm that requests originate from a genuine, unmodified copy of Morsetta on a real Apple device. This protects the service from automated abuse.
- To respond to support enquiries. If you contact us by email, we process your message and email address to respond.
- To comply with legal obligations. We may process your information where required by applicable law.
We do not process your information for advertising, profiling, marketing, or sale to third parties.
Automated decision-making (GDPR Article 22). We do not carry out any automated decision-making, including profiling, that produces legal or similarly significant effects on you. The annual scan cap is enforced by a simple counter; it is not a form of profiling and has no legal consequences beyond limiting use of a free service.
3. What legal bases do we rely on to process your information?
In short: We process your personal information only when we have a valid legal reason under applicable law.
If you are located in the EU or UK, the GDPR and UK GDPR require us to state the legal bases we rely on:
- Performance of a contract. We process your device identifier and scan count to fulfil our service to you — specifically to apply your free scan allowance or subscription entitlement.
- Legitimate interests. We process your App Attest key to protect the service from abuse and ensure fair access for all users. Our legitimate interest in preventing automated abuse does not override your privacy interests.
- Consent. We request location permission (with your explicit in-app consent) to suggest a nearby restaurant name when you save a scan. You may decline without any impact on the core translation service.
- Legal obligation. We may process your information to comply with applicable law, such as cooperating with regulatory or law enforcement authorities.
If you are located in Canada, we rely on express or implied consent as appropriate, and may rely on exceptions permitted by Canadian privacy law in limited circumstances.
4. When and with whom do we share personal information?
In short: Only the two service providers necessary to run the app. No one else.
Cloudflare
Our backend runs on Cloudflare Workers. Cloudflare sees the IP address of each request and the encrypted payload, but does not log or retain your menu photos or scan content.
Google Gemini
Menu photos are forwarded transiently to Google's Gemini API to identify the dishes. As described in Google's API terms, paid-tier requests are not used to train Google's models. Google processes the photo only to return the list of dishes and does not retain it.
That is the complete list. We do not share your information with advertising networks, data brokers, analytics providers, or any other third parties.
Business transfers
If Fresh Slate Media Ltd is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via a notice on our website before your information becomes subject to a different privacy policy.
5. What is our stance on third-party websites?
Our Services may contain links to third-party websites (for example, Apple's privacy policy or Google's API terms). We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy notices of any third-party sites you visit.
6. Do we offer AI-based products?
In short: Yes. Menu photos are processed by Google Gemini to identify dishes. Photos are not retained or used for model training.
Morsetta's core feature — reading a menu in any language and describing each dish — is powered by Google Gemini, a large multimodal AI model. When you scan a menu:
- Your menu photo is sent from your device to our Cloudflare Worker over HTTPS.
- Our Worker forwards the photo and a structured prompt to the Gemini API.
- Gemini returns a list of dishes with descriptions, which we stream back to your device.
- The photo is discarded immediately after Gemini responds. Neither we nor Gemini retain it.
Per Google's Gemini API paid-tier terms, your data is not used to train or improve Google's models. You must not use Morsetta in any way that violates Google's API terms of service.
7. Is your information transferred internationally?
Our backend infrastructure is operated by Cloudflare, which may route requests through servers in various countries including the United States. Google Gemini processes requests on Google's infrastructure, which may also involve international transfer.
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that these transfers may be to countries that do not have the same level of data protection as your home country. We rely on:
- Cloudflare's Standard Contractual Clauses for EEA/UK data transfers.
- Google's Standard Contractual Clauses and its participation in recognised data-transfer frameworks for Gemini API data.
8. How long do we keep your information?
We keep your random device identifier and annual scan count for up to 400 days (just over one calendar year), after which the KV entry expires automatically. App Attest keys are retained as long as your device is enrolled; they are deleted when the key store is cleared or your device is no longer in use.
Menu photos are never written to disk and are discarded at the end of each request.
Saved menus on your device are retained until you delete them or uninstall the app.
Support email correspondence is retained for up to two years.
9. Do we collect information from minors?
Morsetta is rated 4+ on the App Store. We do not knowingly collect personal information from children under 13, or the minimum age required by the laws of your jurisdiction if higher. If you believe a child has provided us with personal information, please contact us at privacy@menutranslator.app and we will delete it promptly.
10. What are your privacy rights?
In short: Depending on your location, you may have rights to access, correct, or delete your personal information.
If you are located in the EEA, UK, Switzerland, or Canada, you have the following rights under applicable data protection law:
- Right to access the personal information we hold about you.
- Right to rectify inaccurate personal information.
- Right to erasure ('right to be forgotten').
- Right to restrict processing.
- Right to data portability (where technically feasible).
- Right to object to processing based on legitimate interests.
- Right to withdraw consent at any time (where processing is based on consent).
Because we collect very little data and none of it is linked to your identity, we may need additional context to locate your record — see Section 16 for how to provide this. To exercise any of these rights, email privacy@menutranslator.app.
If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your national data protection authority. In the UK this is the Information Commissioner's Office (ICO).
11. Controls for Do-Not-Track features
Most web browsers include a Do-Not-Track ('DNT') setting. Because Morsetta is a mobile app and we do not conduct cross-site or cross-app tracking, DNT signals are not applicable to our service. We do not track your behaviour across third-party websites or apps.
12. Do United States residents have specific privacy rights?
In short: Yes. Depending on your state, you may have additional rights under state privacy laws.
Categories of personal information collected in the past 12 months
| Category | Collected |
|---|---|
| A. Identifiers (name, email, IP address, device ID) | Partial — random device ID only, not linked to identity |
| B. Personal information (California Customer Records) | No |
| C. Protected classification characteristics | No |
| D. Commercial information (purchase history) | No — handled by Apple |
| E. Biometric information | No |
| F. Internet or network activity | No |
| G. Geolocation data | No — location is used on-device only and never transmitted to our servers |
| H. Audio, visual, or similar information | Transient — menu photos processed in memory and discarded |
| I. Professional or employment-related information | No |
| J. Education information | No |
| K. Inferences drawn from personal information | No |
| L. Sensitive personal information | No |
We have not sold or shared personal information with third parties for advertising or commercial purposes in the preceding 12 months.
Your rights
Depending on the state in which you reside (including California, Colorado, Connecticut, Virginia, and others with applicable privacy laws), you may have the right to:
- Know whether we are processing your personal data.
- Access a copy of the personal data we hold about you.
- Correct inaccuracies in your personal data.
- Delete your personal data.
- Opt out of the sale or sharing of personal data (we do not sell or share personal data).
- Non-discrimination for exercising your privacy rights.
How to exercise your rights
Email privacy@menutranslator.app. Because the only server-side data we hold is a random device identifier (not linked to your name or email), we may ask for the approximate date of your first scan or a recent scan timestamp to help us locate your record. See Section 16 for details.
Appeals
If we decline your request, you may appeal by emailing privacy@menutranslator.app. If your appeal is denied, you may submit a complaint to your state attorney general.
California 'Shine the Light' law
California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing. We do not disclose personal information to third parties for direct marketing purposes, so there is nothing to report under this provision.
13. Do other regions have specific privacy rights?
Australia and New Zealand
We collect and process personal information in accordance with Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. This Privacy Notice satisfies the notice requirements of both Acts. If you believe we are unlawfully processing your personal information, you have the right to complain to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.
United Kingdom
We process personal information in accordance with the UK GDPR and the Data Protection Act 2018. Fresh Slate Media Ltd is the data controller, registered with the Information Commissioner's Office. If you believe we are unlawfully processing your personal information, you may complain to the Information Commissioner's Office.
European Economic Area
If you are located in the EEA, you may contact the data protection authority in your member state.
Fresh Slate Media Ltd is a UK-based company. We have assessed our obligations under GDPR Article 27 regarding the appointment of an EU representative. Given that our processing of EU residents' personal data is limited to a random device identifier and an annual scan count (low volume, no sensitive data, no large-scale profiling), we have determined that an EU representative is not required at this time. If our processing activities change materially, we will revisit this assessment.
14. Do we make updates to this notice?
We may update this Privacy Notice from time to time to reflect changes in the law or our data practices. The 'Last updated' date at the top of this page will be revised when we do. We encourage you to review this page periodically. If we make material changes — for example, beginning to collect new categories of data — we will post a notice in the app.
15. How can you contact us?
Privacy enquiries
Email privacy@menutranslator.app — we read every message.
Fresh Slate Media Ltd
The Old Forge
Kingsbridge
Devon, TQ7 4PT
England
16. How can you review, update, or delete your data?
The only personal data we hold server-side is your random device identifier and associated scan count. To request deletion:
- Email privacy@menutranslator.app from the device in question (or any address), including the approximate date of your first or most recent scan. This allows us to identify your record in our systems — your device identifier lives in your device's secure Keychain and is not displayed anywhere in the app.
- We will delete all server-side data associated with your device within 30 days and confirm by reply.
To delete saved menus from your device, use the swipe-to-delete option in the Saved tab, or uninstall the app.