Sprig
Privacy Policy
last updated · May 13, 2026
This is the privacy policy for Sprig (the “App”), an iPhone application that scans products for endocrine-disrupting ingredients. Sprig is operated by One Quark Media LLC, a California limited liability company based in San Francisco (“we,” “us,” “our”).
We’ve tried to write this in plain English. Where we use a legal term, we explain what it means.
TL;DR
- Sprig does not collect, transmit, or store your personal information on any server we operate.
- Everything you scan and save lives on your device only.
- The only outbound network calls we make are to publicly available product databases (Open Food Facts, Open Beauty Facts, and Open Products Facts) to look up a barcode you scan. We send the barcode number. We do not send any identifier that could connect it to you.
- Subscription purchases are handled by Apple via StoreKit. We see only whether you have an active subscription — never your payment details, Apple ID, email, or any other identifier.
What we collect
Nothing. Sprig has no analytics, no telemetry, no third-party SDKs, and no account system in this version.
The App stores the following data on your device only, in the App’s local sandbox managed by iOS:
| Data | Where | Contents |
|---|---|---|
| Scan history | scan_history.json in the App’s Documents folder | Product names, barcodes, and ingredient text from your scans |
| Saved IDs | saved_ids.json in the App’s Documents folder | The list of scans you’ve bookmarked |
| Daily scan quota | UserDefaults | A counter and date so we know when to reset your 3-free-scans-per-day allowance |
| Premium status | StoreKit (Apple) | Whether you have an active Sprig+ subscription |
Uninstalling the App permanently deletes all of this. There is no copy elsewhere because we never sent one.
Network requests we make
When you scan or look up a barcode, the App sends the barcode number to one or more of these public product databases until a match is found:
- https://world.openfoodfacts.org/api/v2/product/{barcode}.json
- https://world.openbeautyfacts.org/api/v2/product/{barcode}.json
- https://world.openproductsfacts.org/api/v2/product/{barcode}.json
The request includes:
- The barcode number you scanned
- A generic User-Agent string identifying the App (e.g.
Sprig/1.0 (iOS))
The request does not include your name, email, IP-linked identifier, advertising ID, device fingerprint, location, or previous scans.
Please review Open Food Facts’ privacy policy for details on what they log on their end.
When you tap a “Shop” button on a Cleaner Pick recommendation, the App opens the brand’s website in an in-app browser (Safari View Controller). The brand operates that website and may collect its own analytics; we are not party to that.
Camera
Sprig uses the iPhone camera only to scan barcodes. The camera feed is processed entirely on-device by Apple’s AVFoundation framework. We do not record, store, or transmit any image or video.
You can revoke camera access any time in Settings → Sprig → Camera. The barcode scanner will be disabled until you re-enable it. You can still use the App by typing barcode numbers or pasting ingredient lists manually.
Purchases and subscriptions
Sprig+ subscriptions are sold through Apple’s In-App Purchase system (StoreKit). When you subscribe:
- Apple processes your payment using whichever payment method is on file with your Apple ID. We never see your payment details.
- Apple stores your subscription status. The App asks StoreKit “is this user a Sprig+ subscriber?” and receives a yes/no answer — nothing else.
- Receipts are validated on-device using Apple’s signed-transaction system. We do not send receipts to any server we operate.
Manage or cancel via Settings → Apple ID → Subscriptions or apps.apple.com/account/subscriptions. Refunds are handled by Apple at reportaproblem.apple.com.
Advertising
This version of Sprig does not show real ads. The “Ad” placeholder banner in the free tier is a static element with no tracking and no network requests.
If we add a real ad network (e.g. Google AdMob) in a future version, we will update this policy and present an App Tracking Transparency consent prompt before any tracking-enabled ad is loaded. You will be able to decline tracking and continue using the App.
Children
Sprig is not directed at children under 13. We do not knowingly collect information from children. The App is rated 4+ in the App Store because its content is non-objectionable, not because it is designed for children.
Sharing with third parties
We do not share any data with third parties because we do not collect any data. The only third parties involved in the operation of the App are:
- Apple — App distribution, StoreKit subscription handling
- Open Food Facts / Open Beauty Facts / Open Products Facts — public product databases queried by barcode
- The brand websites you choose to visit by tapping a Shop button
Your rights
Because we do not collect any data, there is no profile to access, delete, or export from our side. To delete all locally stored Sprig data, uninstall the App.
If you live in a jurisdiction with specific privacy rights (GDPR, CCPA, etc.) and have a question about this policy, contact us at the address below.
Security
All data is stored in the App’s sandbox, protected by iOS file-system isolation. Data is at rest in the App’s storage; iOS will encrypt the device contents if you have a device passcode set, which we strongly recommend.
Changes to this policy
If we materially change this policy, we will update the “Last updated” date and surface the change in the App when you next open it.
Contact
Questions about this policy?