Privacy policy

MicroCheck is a food-safety compliance platform used by restaurants, hotels, cafés, and food businesses. This policy explains what information we collect, why we collect it, how we store it, and the rights you have over it. We aim to collect only what is necessary to operate the service.

1. Who we are

MicroCheck FSP ("MicroCheck", "we", "us") provides a mobile application and admin dashboard that help food businesses perform routine microbiological testing, store digital hygiene records, and generate compliance certificates. We are based in Nicosia, Cyprus, and operate the platform from our backend infrastructure under the same name.

For privacy questions or requests, contact support@microcheckfsp.com.

2. Who this policy applies to

Staff users of partner food businesses who use the MicroCheck mobile app to perform tests.
Administrators who manage restaurants, schedules, and results through the MicroCheck admin dashboard.
Visitors to microcheckfsp.com.

MicroCheck is a business-to-business service. Accounts are created by MicroCheck staff after onboarding the partner business. There is no public self-registration.

3. Information we collect

Account information

Full name
Work email address
Password (stored only as a one-way cryptographic hash; we never see or store the plain password)
Role within the platform (staff or administrator)
The restaurant or food business you belong to
Account status (active or deactivated) and email verification status
Preferred app language

Business information

Restaurant or business name, address, city, contact phone and email
Testing schedules and configurations chosen for the business

Test data

Photographs of microbiological agar plates (CHROMagar, MacConkey, SS Agar, and similar selective media) captured during testing
Test type, scheduled date, lifecycle timestamps, incubation duration, and final result
AI analysis output (pathogen classification, confidence score) and any analysis error logs
Notes added by administrators
Compliance certificates generated from your testing history (PDF files)

Test photographs show only the agar plate. They are not designed to capture people, faces, or surroundings. Please avoid including identifiable individuals in the frame.

Technical information

IP address and user-agent string for active web sessions
Authentication tokens issued to the mobile app (stored encrypted on your device)

What we do not collect

We do not use analytics, tracking, advertising, or third-party telemetry SDKs in the mobile app.
We do not collect location data.
We do not use the device microphone.
We do not collect the IDFA or any other advertising identifier.
We do not sell or rent your data to anyone, ever.

4. How we use your information

To provide the MicroCheck service: scheduling tests, recording results, generating compliance certificates, and giving administrators oversight of their business.
To authenticate you and keep your account secure.
To analyse test photos and produce a screening result through our AI-assisted analysis pipeline. AI output is a screening aid only and must be reviewed by trained personnel.
To send transactional emails such as password resets and onboarding messages.
To diagnose and fix technical issues, and to defend the service against abuse.
To comply with applicable laws and respond to lawful requests.

Under the EU/UK General Data Protection Regulation and Turkey's Law on the Protection of Personal Data (KVKK, Law No. 6698), our lawful bases for processing are performance of a contract (operating the service for your employer), our legitimate interests in operating and securing the platform, and compliance with legal obligations.

5. Where your data is stored

Application data (accounts, restaurants, tests, results, notes) is stored in our managed MySQL database. Test photographs and certificate PDFs are stored in Amazon Web Services (AWS) S3 object storage. Access to these files from the mobile app uses signed temporary URLs that expire within 15 minutes.

Sessions, authentication tokens, and password-reset tokens are stored server-side in hashed form. On your mobile device, the authentication token is stored in the platform's secure key store (iOS Keychain or Android Keystore).

6. Third parties we share data with

We share data only with infrastructure providers that are strictly necessary to operate the service. These providers act as our data processors and are not permitted to use your data for their own purposes.

Amazon Web Services (AWS) — hosts test photographs and certificate PDFs in S3 object storage.
Anthropic, PBC — provides the AI image-analysis model (Claude) used to screen agar-plate photographs. Photos are sent for analysis and the result is returned to MicroCheck. Anthropic's API policy states that data submitted via the API is not used to train models.
Expo (EAS) — used to build and distribute the mobile app. EAS does not receive runtime user data.

We do not currently share data with any advertising network, analytics provider, data broker, or marketing platform.

7. International data transfers

Our infrastructure providers may process data outside Cyprus, Turkey, or the European Economic Area, including in the United States. Where this occurs, transfers are protected by the relevant provider's standard contractual clauses and equivalent safeguards.

8. Retention and deletion

We retain account, test, and certificate data for as long as your employer's account with MicroCheck is active, plus a reasonable period afterwards in order to support compliance audits and legal record-keeping obligations.

You can delete your own staff account from the mobile app: Settings → Delete account. When you delete your account, we sign you out of all devices, deactivate the account, and rewrite the email field so that your employer can re-provision the same email for a new user. The historical test records you produced are preserved so the business can still demonstrate who performed each test for regulatory purposes; your name is kept on those records for the same reason. If you require complete erasure of your personal data, contact your administrator and email support@microcheckfsp.com.

9. Your rights

Subject to applicable law (GDPR, KVKK, or equivalent), you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Request deletion of your data.
Restrict or object to certain processing.
Receive a copy of your data in a portable format.
Lodge a complaint with the Cyprus Commissioner for Personal Data Protection, the Turkish Personal Data Protection Authority (KVKK Kurumu), or another competent supervisory authority.

To exercise any of these rights, email support@microcheckfsp.com. Because MicroCheck is a B2B service, we may need to coordinate with your employer to fulfil certain requests.

10. Security

Passwords are hashed with industry-standard algorithms. Authentication tokens are hashed server-side and stored in the device's secure enclave on the mobile app. Communication between the app, the dashboard, and our backend uses HTTPS. Photo URLs are short-lived signed URLs. We restrict access to production systems to authorised personnel.

No system is completely secure. If you believe your account has been compromised, contact your administrator immediately and email support@microcheckfsp.com.

11. Children

MicroCheck is a workplace tool intended for adult food-business staff. We do not knowingly collect personal data from anyone under 16 years old. If you believe a minor has been given access to the platform, contact us and we will remove the account.

12. Cookies

The admin dashboard at microcheckfsp.com uses a single, strictly-necessary session cookie to keep you signed in. It is HTTP-only, served over HTTPS, and not used for tracking or advertising. We also store a small cookie to remember your preferred language on the marketing pages. We do not use third-party cookies. The mobile app does not use cookies.

13. Changes to this policy

We may update this policy from time to time. When we make material changes we will, where appropriate, notify administrators by email.

14. Contact

Questions, requests, or concerns about this policy or your data: support@microcheckfsp.com.

Plain-English summary. We collect the minimum we need to run the testing platform: who you are, who you work for, the tests you perform, and photos of agar plates. Photos are screened by an AI model (Claude by Anthropic) and stored on AWS S3. We do not sell data, run ads, or use analytics SDKs. You can delete your account from the mobile app's Settings screen at any time.