Privacy Policy (ChatGPT App)

Effective date: March 31, 2026
Provider: Spheric Admin Ltd ("we," "us," "our")
Contact: privacy.widgets@olutely.com
Product: "Product Scanner" (the "App"), a ChatGPT app

1) Scope

This policy explains how we process data through the Product Scanner App when it is used inside ChatGPT. The current App opens an interactive widget for packaged food products, can start from an optional ChatGPT image file reference, lets you choose an image from your device inside the widget, performs barcode detection locally in the widget runtime, looks up the detected barcode in Open Food Facts, and then presents product details for follow-up discussion inside ChatGPT.

This policy covers Spheric Admin Ltd's processing through the App, its MCP server, widget, hosting, and operational diagnostics. It does not replace OpenAI's policies for ChatGPT platform processing.

Important: The current tool accepts an optional image object containing download_url and file_id. The current initial MCP tool response returns assistant-visible status text, an empty structured output object, and response metadata containing timestamp. After a successful scan, the current widget can place product fields into temporary ChatGPT widget state and keep a widget-only imageUrl in private state. The telemetry-enabled Express MCP hosting path in the current codebase also logs full MCP request bodies and sends HTTP/MCP telemetry to Mixpanel's EU endpoint; because it captures nested request parameters, those logs or analytics events can include tool input fields and nested ChatGPT/OpenAI request metadata such as openai/subject, openai/session, openai/userAgent, openai/locale, openai/userLocation, and timezone_offset_minutes when supplied by the platform.

2) Current tool contract and app behavior covered by this policy

  • Tool name: product-scanner.
  • Tool input fields: optional image.download_url (signed download URL for a ChatGPT-uploaded image) and optional image.file_id (ChatGPT file identifier).
  • Initial MCP tool response currently returned by our server: assistant-visible text content, structuredContent: {}, and response metadata containing timestamp.
  • Schema-defined product fields that may later be written into temporary widget state and surfaced to the model after a successful scan: product.code, product.productName, product.genericName, product.brand, product.quantity, product.novaGroup, product.nutriScore, product.ingredients, product.allergens, product.traces, and product.palmOilAnalysis.
  • Widget-only/private fields used in the current widget state flow: privateContent.imageUrl (Open Food Facts product image URL) and privateContent.timestamp.
  • Current widget behavior: the widget can preview a provided or user-selected image, scan the image locally for a supported barcode, call Open Food Facts using the detected barcode, display returned product details and product image when available, and show not-found or error states when no barcode or product is found.
  • Follow-up chat action: when you press the current button labelled "Discuss this product," the widget asks ChatGPT to send the follow-up message Let's discuss this product.
  • Current scope limits: the current App does not require account creation or sign-in, and the current widget code does not directly request browser GPS, microphone, contacts, or camera API permissions. On some devices, however, the browser or operating system file picker may offer image-capture options when you choose a file to upload.

3) Data categories, purposes, recipients, retention, and controls

3.1 Tool invocation image references and in-widget image uploads

What: The optional ChatGPT image reference passed to the tool, consisting of image.download_url and image.file_id; any image file you choose from your device inside the widget; and the barcode string derived from the image during local scanning.
Why: To prefill the widget from an existing ChatGPT file when one is supplied, preview the image in the widget, and attempt barcode detection.
Recipients: Our MCP server and OpenAI/ChatGPT receive the initial image object when it is passed as a tool argument. The widget runtime, browser, and your device handle local preview and local scanning. The current widget code does not send later user-selected image files to our MCP server or to Open Food Facts as raw image uploads.
Retention by us: We do not use a separate application database to store an image-upload history or barcode-photo library for this App. The initial tool arguments may still appear in operational logs or telemetry as described in section 3.4. User-selected local image files are otherwise intended to remain in-session unless they become part of ChatGPT platform processing or a support request.
Your controls: You can choose whether to attach an image in ChatGPT, whether to upload an image from your device in the widget, and what image content to provide.

3.2 Barcode lookup requests and returned product details

What: The detected barcode value; the Open Food Facts lookup request made for that barcode; returned product fields including code, product name, generic name, brand, quantity, NOVA group, Nutri-Score, ingredients, allergens, traces, and palm-oil-analysis summary; the widget-only product image URL (imageUrl); and related timestamps.
Why: To identify the packaged food item, display product details in the widget, and make the product context available for follow-up discussion in ChatGPT.
Recipients: Open Food Facts for the barcode lookup, including the detected barcode and ordinary web-request data associated with the client request such as IP address and user agent under Open Food Facts' own policies; Open Food Facts image hosts when a product image is displayed; and OpenAI/ChatGPT and its widget runtime for temporary widget state and model-visible product fields. In the current implementation, our systems do not perform the Open Food Facts lookup themselves; the current widget calls Open Food Facts directly from the client runtime after a barcode is detected.
Retention by us: We do not use a separate application database to maintain a persistent product-scan history for this App. Returned product details are primarily handled in temporary widget state and the ChatGPT conversation environment, and may also appear in support communications or platform-controlled records outside our direct app database.
Your controls: You can decide whether to scan a product, whether to replace the image with another one, and whether to continue discussing the scanned product in ChatGPT.

3.3 In-session widget state, runtime presentation data, and follow-up messages

What: Temporary widget state containing modelContent.product, privateContent.imageUrl, and privateContent.timestamp; transient UI state such as the current preview image, scan status, and whether the "Discuss this product" action has been used; runtime presentation data made available by the ChatGPT widget runtime such as locale, theme, display mode, safe-area insets, and device-platform/user-agent information; and the follow-up message triggered if you choose to continue the conversation.
Why: To render the widget correctly during your session, preserve the scanned product in the live widget view, adapt the layout to the runtime environment, and hand the result back into the conversation when requested.
Recipients: OpenAI/ChatGPT and its widget runtime, plus your browser or device for local preview handling.
Retention by us: We do not intentionally store this temporary widget state in a separate application database. It is intended to exist mainly within the active ChatGPT session and is otherwise governed by OpenAI's platform controls unless it later appears in a support request or another tool call.
Your controls: You can stop using the widget at any time, replace the current image, and choose whether to use the follow-up action.

3.4 Technical delivery data, request logs, and analytics telemetry

What: Technical data generated when the App is delivered or invoked, such as IP address, user agent, URL path, timestamp, HTTP status, and response time. The current codebase also includes a telemetry-enabled Express MCP hosting path that logs full MCP request bodies and sends server-side HTTP/MCP telemetry to Mixpanel's EU endpoint. Where that path is used, logged or tracked data can include JSON-RPC request IDs, MCP method names, request params, tool input fields such as image.download_url and image.file_id, and nested request metadata such as openai/subject, openai/session, openai/userAgent, openai/locale, timezone_offset_minutes, and an openai/userLocation object that may contain fields such as city, region, country, timezone, latitude, and longitude when provided with the tool call.
Why: Security, abuse prevention, service reliability, performance monitoring, debugging, and incident response.
Recipients: Our hosting, CDN, and infrastructure providers, personnel who need access for operations or security, and Mixpanel when the telemetry-enabled hosting path is in use.
Retention: We aim to minimize operational logs and generally retain them for no longer than 30 days unless a longer period is reasonably necessary for a security investigation, abuse prevention, or legal obligation. Mixpanel telemetry is retained in our analytics workspace until deleted by us or removed by applicable workspace retention settings.
Your controls: You can avoid including unnecessary data in images or prompts you submit, choose not to use the App, and contact us with rights requests or questions.

3.5 Contact data if you email us

What: Your email address and the contents of your message.
Why: To respond to privacy, support, or legal requests and maintain a record of the request.
Recipients: Spheric Admin Ltd and our email/service providers acting on our behalf.
Retention: Up to 24 months after final resolution unless a longer period is required by law or reasonably needed to establish, exercise, or defend legal claims.

4) What we do not do

  • No account creation or sign-in through the current App.
  • No sale of personal information.
  • No direct collection of your name, email address, phone number, mailing address, payment-card details, or government ID through the current tool fields.
  • No direct upload of later user-selected widget image files to Open Food Facts or our MCP server by the current widget code; the current external lookup is based on the detected barcode.
  • No direct browser geolocation, microphone, contacts, or camera API permission request by the current widget code.
  • No advertising SDKs or cross-site tracking scripts embedded in the current widget.

5) Cookies and similar technologies

We do not intentionally set advertising or cross-site analytics cookies through the Product Scanner widget. ChatGPT/OpenAI, your browser, our hosting providers, and Open Food Facts or its image hosts may use their own operational cookies or similar technologies for platform operation, security, or content delivery under their own policies.

6) Sharing and disclosure

We do not sell personal information. We may disclose data only as necessary to:

  • Operate, host, monitor, and secure the App through service providers such as hosting, CDN, infrastructure, logging, analytics, and email providers.
  • Obtain product records and product images from Open Food Facts based on a detected barcode.
  • Provide the App's current tool outputs and widget state inside ChatGPT.
  • Comply with law, regulation, legal process, or enforceable government request.
  • Protect the rights, safety, and security of users, us, and the service.

7) User rights and controls

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of personal data we hold.

To exercise rights or ask questions, contact privacy.widgets@olutely.com. We may need to verify your identity before fulfilling a request.

Because the App runs inside ChatGPT, you can also manage conversation and account data through OpenAI controls. OpenAI's privacy policy: https://openai.com/policies/privacy-policy.

8) International processing

The App may be accessed globally, and data may be processed in countries where we or our service providers operate. Where required, we use appropriate safeguards for international data transfers.

9) Security

We implement reasonable technical and organizational safeguards designed to protect data processed through the App. No system can guarantee absolute security.

10) Children's privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

11) ChatGPT / OpenAI platform notice

ChatGPT/OpenAI independently processes chat content, account data, uploaded files, widget state, follow-up messages, and platform telemetry under OpenAI's own terms and privacy practices. This policy describes Spheric Admin Ltd's processing through the Product Scanner App only.

12) Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date above and ensure this policy continues to reflect the App's current tool inputs, outputs, and disclosed data uses.

13) Contact

Questions about this policy or App privacy practices: privacy.widgets@olutely.com (Spheric Admin Ltd).