Which allergens does Scry detect?

Scry covers the 14 major allergens recognised under UK law, including peanuts, tree nuts, milk, eggs, wheat, soy, fish, shellfish, sesame, celery, mustard, lupin, molluscs, and sulphites. You can also add custom dietary requirements like vegan, halal, or low-FODMAP.

The basics are free forever: barcode scanning, allergy cards, safety alerts, destination info, and a rotating selection of restaurants in every city each month. Premium unlocks every restaurant menu plus AI features.

How does Scry get restaurant data?

From restaurant websites and PDFs, Open Food Facts, Food Standards Agency recall alerts, and AI analysis of menus where published data does not exist. Each item shows where its data came from so you can judge confidence yourself.

Does Scry work abroad?

Yes. Scry generates personalised travel safety reports for any country, translates allergy cards into 20+ languages, and lets you photograph a foreign menu to see allergen flags in your own language.

Is Scry compliant with Natasha's Law?

Scry is built around the UK allergen labelling standards introduced by Natasha's Law. The app checks against all 14 allergens that food businesses are required to declare and flags items accordingly.

Can I use Scry for my child?

Yes. Add every family member with their own dietary requirements and Scry will check menus and products against everyone's needs at once. You can filter by individual or see what is safe for the whole table.

What happens if a restaurant's menu changes?

Scry regularly refreshes menu data from restaurant sources. When a menu is updated, allergen flags are recalculated automatically. You can also report an outdated menu from inside the app.

Yes. Scry is UK GDPR compliant. We do not sell your personal data and we do not share your dietary profile with restaurants or third parties.

Privacy Policy

Last updated: 21 May 2026

Scry AI Ltd ("we", "us", "Scry") is the data controller for personal information collected through the Scry app. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Scry AI Ltd, company number 17142797, registered at Suite Ra01, 195-197 Wood Street, London, E17 3NU, United Kingdom. Contact: hello@scryit.ai.

Our ICO registration number: [to be added once registered].

What we collect

We collect the following categories of personal data:

Account information: name, email address, authentication credentials (passwords are hashed and never stored in plain text).

Dietary and health-related data: allergies, intolerances, dietary preferences (vegan, vegetarian, pescatarian), cross-contamination sensitivity settings, and family member profiles including their dietary requirements. Under UK GDPR, allergen and intolerance data is treated as health-related data and processed with appropriate safeguards.

Usage data: which restaurants you view, searches you perform, menu items you interact with, barcode scans, travel reports you generate, and reports or reviews you submit.

Device and technical data: device type, operating system version, app version, and approximate location (only when you grant permission, used to show nearby restaurants).

Subscription data: subscription status and billing period (received from Apple App Store or Google Play Store). We do not receive or store your payment card details.

How we use your data

We process your personal data for the following purposes:

To deliver allergen safety information personalised to your dietary profile
To calculate restaurant compatibility scores based on your restrictions
To provide allergy translation cards for travel
To send push notifications including food safety recalls and menu change alerts (where you have opted in)
To allow you to submit reports, corrections, and reviews about restaurants
To improve the accuracy of our restaurant and allergen data
To manage your account and respond to support enquiries
To detect and prevent misuse of the service
To comply with our legal obligations

Legal basis for processing

We process your personal data on the following bases under UK GDPR:

Performance of a contract: to provide the service you have signed up for, including personalised allergen information, restaurant scoring, and subscription features.

Legitimate interests: to improve the product, maintain security, prevent abuse, and analyse aggregated usage patterns. We balance our interests against your rights and only process data where the impact on you is minimal.

Explicit consent: for processing health-related data (your allergy and dietary profile), for marketing communications, and for optional features such as location services and push notifications. You can withdraw consent at any time through the app settings or by contacting us.

Legal obligation: where required by law, such as responding to lawful requests from authorities.

Health-related data

Your allergen profile, dietary restrictions, and cross-contamination sensitivity settings are classified as special category data (health data) under UK GDPR Article 9. We process this data on the basis of your explicit consent, which you provide when you set up your dietary profile in the app. You can modify or delete this data at any time through the app.

We never share your individual health-related data with third parties. Where we provide aggregated data to restaurant partners, it contains no personal identifiers and is subject to a minimum threshold of 10 users per data point.

Who we share data with

We do not sell your personal data. We share data only with the following categories of processor:

Hosting and infrastructure: Vercel (app hosting), Supabase (database and authentication), Upstash (rate limiting). Data is stored in EU data centres.
App store providers: Apple and Google receive subscription and transaction data as part of in-app purchase processing.
AI providers: Anthropic (Claude) for menu analysis and allergen categorisation. No personal identifiers are shared with AI providers. Only restaurant and menu data is processed.
Analytics: aggregated, non-identifying usage data for product improvement.
Authorities: where required by law.

Data retention

We retain your account data for as long as you have an active account. When you delete your account:

Your personal data is deleted within 30 days
Anonymised usage data may be retained for product improvement
User-submitted reports and reviews are retained in anonymised form (your name and account details are removed, but the content remains to maintain data quality)
Backups containing your data are purged within 90 days

Push notifications

We may send push notifications if you have opted in. These include food safety recalls relevant to your allergens, menu change alerts for restaurants you have visited, and new restaurant notifications in your area. You can disable push notifications at any time through your device settings.

In-app purchases

Premium subscriptions are managed through the Apple App Store or Google Play Store. We receive confirmation of your subscription status to enable premium features. We do not receive, store, or process your payment card details. Refund requests should be directed to the relevant app store.

Your rights under UK GDPR

You have the following rights in relation to your personal data:

Right of access: you can request a copy of the personal data we hold about you.

Right to rectification: you can correct inaccurate data through the app or by contacting us.

Right to erasure: you can delete your account and all associated data through the app settings or by contacting us.

Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.

Right to object: you can object to processing based on legitimate interests.

Right to data portability: you can request your data in a machine-readable format.

Right to withdraw consent: you can withdraw consent for health data processing, marketing, location services, or push notifications at any time. Withdrawing consent for health data processing will remove your dietary profile and prevent the app from providing personalised allergen information.

To exercise any of these rights, email hello@scryit.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

International data transfers

Some of our service providers process data outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including UK GDPR-approved Standard Contractual Clauses and adequacy decisions.

Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Authentication credentials are hashed using industry-standard algorithms.

Children

Scry is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account or provided personal data, contact us at hello@scryit.ai and we will delete it promptly.

Cookies

The Scry app does not use cookies. Our website (scryit.ai) uses essential cookies only for site functionality. See our Cookie Policy for details.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Material changes will be communicated through the app or by email to active users.

Contact

Questions about this policy or your data: hello@scryit.ai.

Data controller: Scry AI Ltd, Suite Ra01, 195-197 Wood Street, London, E17 3NU, United Kingdom.