Privacy Policy

Last Updated: February 2026

The Short Version

We don't have your data. Period. RecallorNOT uses a Bring Your Own Key (BYOK) architecture. Your phone talks directly to free federal recall databases (CPSC, FDA) and optionally to Groq AI (your key). There is no RecallorNOT server — just static code hosted on Cloudflare's CDN. We have no database, no user accounts, and no way to see what you search.

How RecallOrNOT Works

Understanding our architecture is the best way to understand our privacy. Here's exactly what happens when you use RecallorNOT:

Your Phone → CPSC (saferproducts.gov) → Your Phone — free, no key
Your Phone → FDA (api.fda.gov) → Your Phone — free, no key
Your Phone → Groq AI (api.groq.com) → Your Phone — your key
Your Phone → RecallOrNOT Servers → Anything

You type a product name or brand — your browser searches CPSC at saferproducts.gov and FDA at api.fda.gov directly. These are free, public federal APIs that require no API key.
If you provide a Groq API key (optional, from console.groq.com/keys), your browser can use your phone's camera to read product labels and run AI-powered deep safety scans.
Camera images are sent directly to Groq's API at api.groq.com using your personal API key — not to us.
Your browser displays the combined results: recall data, hazard classifications, and AI analysis.

There is no RecallOrNOT server. The website is a static page hosted on Cloudflare's CDN — it delivers the code that runs in your browser, and that's it. No backend, no API, no database.

What We Collect

Data Type	Collected?	Details
Product images	No	Sent directly from your browser to Groq (if you use camera). We never receive them.
Search queries	No	Sent directly from your browser to CPSC and FDA. We never see them.
Recall results	No	Returned from CPSC, FDA, and Groq directly to your browser. We never see them.
API keys	No	Stored in your browser's local storage only. Sent only to Groq.
Product safety data	No	All data stays between your browser, CPSC, FDA, and Groq.
User accounts	No	There are no accounts. No login, no registration, no email.
Usage analytics	No	No tracking pixels, no analytics scripts, no cookies.

Your API Key

Your Groq API key (if you choose to add one) is stored exclusively in your browser's local storage — the same mechanism websites use to remember your preferences. It is:

Never transmitted to RecallOrNOT — it goes only to api.groq.com
Never visible to us — we have no mechanism to read your browser's local storage
Deletable at any time — use the "Remove Key" button in settings, or clear your browser data
Completely optional — basic recall search works without any key at all
Your property — it's your Groq account, your key, your usage

Third-Party Services

CPSC (Consumer Product Safety Commission)

Your browser queries the CPSC API at saferproducts.gov to search for consumer product recalls. This is a free, public federal API — no API key is needed. CPSC does not require registration or authentication to use their recall data services. Their data is public information maintained by the U.S. government.

CPSC Privacy Policy

FDA (Food and Drug Administration)

Your browser queries the FDA openFDA API at api.fda.gov to search food, drug, and medical device recall data. This is a free, public federal API — no API key is needed. The FDA provides open access to enforcement and recall data for public safety.

openFDA Terms of Service

Groq (AI Provider — Optional)

When you use the camera scan or deep safety scan features, your browser sends data directly to Groq's API. This is governed by your own relationship with Groq — you signed up for your own API key and agreed to their terms. Groq's privacy policy applies to how they handle your API requests.

RecallorNOT has no partnership, data-sharing agreement, or business relationship with Groq. You use their API independently.

Cloudflare (Hosting)

RecallorNOT is hosted on Cloudflare Pages. When you load the site, Cloudflare's CDN serves the static files. Like any CDN, Cloudflare may log basic access data (IP address, page requested, timestamp) as part of normal operations. This is standard web infrastructure — Cloudflare does not receive any search queries, product data, API keys, or recall results. Those go directly from your browser to CPSC, FDA, and Groq.

Google Fonts

We use Google Fonts for typography. Google may collect basic connection data (IP address) when fonts are loaded. No personal information is shared.

Verify It Yourself

We encourage you to verify our privacy claims independently. Here's how:

Open RecallorNOT in your browser
Open Developer Tools (F12 or right-click → Inspect)
Go to the Network tab
Perform a search
Look at every network request — you'll see requests only to saferproducts.gov, api.fda.gov, api.groq.com (if key added), and fonts.googleapis.com

If you see any request going to a RecallorNOT server with search data, please report it — because that would be a bug, not a feature.

Data Breaches

In the event of a data breach, your search data would not be affected because we don't have it. There is no database to breach, no search history to leak, and no user records to expose. The only thing hosted is the static website code itself — on Cloudflare's CDN, not a private server.

Children's Privacy

RecallorNOT does not knowingly collect any data from anyone, including children. Since no personal data is collected or stored anywhere, COPPA compliance is inherent to our architecture.

Changes to This Policy

If we change our architecture in a way that affects data flow (for example, if we ever add a backend server or route data through any server we control), we will update this policy prominently and clearly explain what changed and why.

Contact Us

Questions about privacy? Reach out:

Discord: Join our Discord

The Bottom Line

We can't sell what we don't have. We can't leak what we don't store. We can't share what we never see. That's not a promise — it's our architecture.