Attribution & data sources

Last updated: May 7, 2026

Keto Peek returns a short keto-oriented verdict from structured nutrition data. This page explains where those values come from by feature, then lists licenses, attribution, and third-party terms for data, images, optional cloud APIs, and open-source libraries.

How we source your results

Barcode scan

When you scan a product barcode, we look up nutrition in Open Food Facts first. Values are used as listed there (per serving or per 100 g, depending on what the listing provides).

When Open Food Facts does not have enough structured data to score net carbs, we may fall back to USDA FoodData Central (US branded foods). In that case values follow the USDA listing (per serving where available). Packaging outside the US can differ.

Typed name lookup

When you enter a food or product name, values may come from Open Food Facts, a small built-in food list, or a name-based estimate when configured. Always check the pack when it matters.

Product thumbnails (barcode results)

Current results, saved History rows, scan-preview toasts, and food-search choices may show small Open Food Facts product thumbnails when the listing has one. These direct image loads use no-referrer behavior, and saved History keeps only thumbnail URLs that pass the shared Open Food Facts product-image policy. Licensing for those images (CC BY-SA) and for database contents (ODbL, DbCL) is summarized under Open Food Facts below.

Open Food Facts

We query the Open Food Facts database and API for barcode and typed-name lookups. Re-use of Open Food Facts material is governed by their terms of use, contribution and re-use. In summary (non-exhaustive; the OFF site is authoritative):

The database is offered under the Open Database License (ODbL) 1.0.
Individual database contents are under the Database Contents License (DbCL) 1.0.
Product photos from Open Food Facts are under Creative Commons Attribution-ShareAlike 3.0 (CC BY-SA 3.0). Packaging in a photo may include separate rights (for example brand artwork or trademarks); OFF explains limits of the license on their terms page.

How we attribute Open Food Facts

For structured nutrition and text we reuse from Open Food Facts, we identify the project in result metadata and in-app copy where appropriate. For barcode results backed by Open Food Facts, the result's expanded Details section includes one of these Data Source lines:

Data: Open Food Facts (ODbL)
Data & images: Open Food Facts (ODbL, CC BY-SA)

Re-users must also mention the license and attribute authorship to Open Food Facts with a link to openfoodfacts.org, a locale site, or the relevant product page when the data pertains to a specific product. See OFF's "Authorship and attribution" section in their terms.

API access

Outbound API requests use a descriptive User-Agent string as required by Open Food Facts (configured via OPENFOODFACTS_USER_AGENT in production). See Open Food Facts API documentation for current rules.

USDA FoodData Central

When Open Food Facts does not provide enough structured nutrition to score a barcode, our servers may query USDA FoodData Central (US branded foods and related datasets). Values follow the listing returned by USDA (for example per serving where the record provides it).

USDA asks that data from FoodData Central be credited. Where we surface USDA-sourced nutrition in the app, we indicate that the values come from USDA FoodData Central. USDA-backed barcode results use this Data Source line:

Data: USDA FoodData Central

Official branding and citation guidance: USDA FoodData Central download and attribution.

Optional language models

When API keys are configured on the server, we may call Google Gemini and/or OpenAI to refine user-facing explanation text and, on some paths, to help resolve a typed product name to nutrition fields. Verdict tiers and numeric scoring remain deterministic on our side; models do not replace the core score.

What is sent, when, and how long it may be retained are governed by each provider's terms. For example, see Google AI / Gemini and OpenAI terms, plus our Privacy Policy.

In-browser barcode scanning

The web client can decode barcodes using @zxing/browser (Apache License 2.0). License: Apache-2.0.

Infrastructure & rate limiting

Production deployments may use Upstash for HTTP rate limiting of the analyze API (@upstash/redis, @upstash/ratelimit). See Upstash's site for their terms and privacy policy.

Open-source libraries (npm dependencies)

Keto Peek is built with Next.js and React (MIT License), Tailwind CSS (MIT), Zod (MIT), and Heroicons (MIT), among others. Full dependency names and versions are in the repository package.json. SPDX license identifiers for each package can be listed with npm license ls (or your package manager's equivalent) against a checked-out copy of the project.