← Back to PantryBook

Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

Account data: Email address and authentication credentials (managed by Supabase Auth).

Recipe data: Recipes, images, meal plans, grocery lists, and food journal entries you create.

Usage data: Feature usage counts (e.g., AI extractions per month) for enforcing plan limits.

Payment data: Processed by Stripe. We store only your Stripe customer ID — never your card number.

2. How We Use Your Data

  • To provide and improve the Service
  • To process AI recipe extraction from content you upload
  • To manage your subscription and billing
  • To enable family sharing features you opt into

3. AI Processing

When you upload recipes, images, or text for AI extraction, that content is sent to Anthropic's Claude API for processing. This data is used solely for extraction and is not retained by Anthropic for training. See Anthropic's privacy policy for details.

4. Data Storage

Your data is stored in Supabase (hosted on AWS). Recipe images are stored in Supabase Storage. All data is encrypted in transit (TLS) and at rest.

5. Data Sharing

We do not sell your data. We share data only with:

  • Supabase: Database and authentication hosting
  • Anthropic: AI recipe extraction processing
  • Stripe: Payment processing
  • Vercel: Application hosting

6. Family Sharing

When you share recipes with family members, they can view (read-only) your recipe collection. You control who has access and can revoke it at any time. Only your email is visible to people you share with.

7. Cookies & Local Storage

We use essential cookies for authentication (Supabase session). We use localStorage for user preferences (sort order, unit system, aisle preferences). We do not use tracking cookies or third-party analytics.

8. Your Rights

You have the right to:

  • Access your data (viewable in-app)
  • Correct your data (editable in-app)
  • Delete your data (delete individual items or request full account deletion)
  • Export your data (contact us for a full data export)

9. Data Retention

Your data is retained as long as your account is active. If you delete your account, all associated data is permanently removed within 30 days.

10. Children

The Service is not intended for children under 13. We do not knowingly collect data from children under 13.

11. Changes

We may update this policy from time to time. We will notify you of significant changes via email or in-app notice.

12. Contact

Privacy questions? Contact us at support@mdglabs.dev.