Attribution & data sources

How we source your results

Barcode scan

When you scan a product barcode, we look up nutrition in Open Food Facts first. Values are used as listed there (per serving or per 100 g, depending on what the listing provides).

When Open Food Facts does not have enough structured data to score net carbs, we may fall back to USDA FoodData Central (US branded foods). In that case values follow the USDA listing (per serving where available). Packaging outside the US can differ.

Typed name lookup

When you enter a food or product name, values may come from Open Food Facts, a small built-in food list, or a name-based estimate. Always check the pack when it matters.

Label photo

When you photograph or upload a nutrition label, we read values from that image on our servers. If anything looks off, confirm against the physical label in your hand. OCR and optional cloud paths are described under Nutrition label OCR & optional cloud vision.

Product thumbnails (barcode results)

Some barcode results include a small product image from Open Food Facts. Licensing for those images (CC BY-SA) and for database contents (ODbL, DbCL) is summarized under Open Food Facts below.

Open Food Facts

We query the Open Food Facts database and API for barcode and typed-name lookups. Re-use of Open Food Facts material is governed by their terms of use, contribution and re-use. In summary (non-exhaustive — the OFF site is authoritative):

• The database is offered under the Open Database License (ODbL) 1.0.
• Individual database contents are under the Database Contents License (DbCL) 1.0.
• Product photos from Open Food Facts are under Creative Commons Attribution-ShareAlike 3.0 (CC BY-SA 3.0). Packaging in a photo may include separate rights (for example brand artwork or trademarks); OFF explains limits of the license on their terms page.

How we attribute Open Food Facts

For structured nutrition and text we reuse from Open Food Facts, we identify the project in result metadata and in-app copy where appropriate. When we show a small product thumbnail from Open Food Facts, the result's expanded Details section includes this note:

Data & images: Open Food Facts (ODbL, CC BY-SA)

Re-users must also mention the license and attribute authorship to Open Food Facts with a link to openfoodfacts.org, a locale site, or the relevant product page when the data pertains to a specific product — see OFF's "Authorship and attribution" section in their terms.

API access

Outbound API requests use a descriptive User-Agent string as required by Open Food Facts (configured via OPENFOODFACTS_USER_AGENT in production). See Open Food Facts API documentation for current rules.

USDA FoodData Central

When Open Food Facts does not provide enough structured nutrition to score a barcode, our servers may query USDA FoodData Central (US branded foods and related datasets). Values follow the listing returned by USDA (for example per serving where the record provides it).

USDA asks that data from FoodData Central be credited. Where we surface USDA-sourced nutrition in the app, we indicate that the values come from USDA FoodData Central. Official branding and citation guidance: USDA FoodData Central — download and attribution.

Nutrition label OCR & optional cloud vision

Label photos are processed on our servers only for the active request; we do not operate a user photo gallery. The pipeline, environment variables, and timeouts are documented in the source tree under docs/api-analyze.md and docs/label-ocr-vision-spike.md.

Tesseract.js

Default on-device/server OCR uses Tesseract.js (Apache License 2.0). License: Apache-2.0.

Google Cloud Vision API

When our deployment is configured for it, label images may be sent to Google for Document Text Detection (documentTextDetection) via the official @google-cloud/vision client library. Use is subject to the Google Cloud Platform Terms of Service and the Google Cloud Service Terms, including the Product Terms for the Vision API.

Optional Gemini (multimodal) label extract

When enabled by server configuration, a short label-photo request may be sent to Google Gemini to recover structured nutrition if OCR output is insufficient. That path is optional and gated by environment variables documented in docs/api-analyze.md. Use is subject to Google's Gemini API terms of service and related policies.

Optional language models (explanations & typed food)

When API keys are configured on the server, we may call Google Gemini and/or OpenAI to refine user-facing explanation text and, on some paths, to help resolve a typed product name to nutrition fields. Verdict tiers and numeric scoring remain deterministic on our side; models do not replace the core score.

What is sent, when, and how long it may be retained are governed by each provider's terms — for example Google AI / Gemini and OpenAI — and our Privacy Policy.

In-browser barcode scanning

The web client can decode barcodes using @zxing/browser (Apache License 2.0). License: Apache-2.0.

Infrastructure & rate limiting

Production deployments may use Upstash for HTTP rate limiting of the analyze API (@upstash/redis, @upstash/ratelimit). See Upstash's site for their terms and privacy policy.

Open-source libraries (npm dependencies)

Keto Peek is built with Next.js and React (MIT License), Tailwind CSS (MIT), Zod (MIT), and Heroicons (MIT), among others. Full dependency names and versions are in the repository package.json. SPDX license identifiers for each package can be listed with npm license ls (or your package manager's equivalent) against a checked-out copy of the project.

Related pages

• Terms & disclaimer — not medical advice, accuracy limits, liability.
• Privacy Policy — what reaches our servers and providers.

The site footer also includes a short Open Food Facts (ODbL) credit with links to the project and license text.