Privacy Policy

1. WHAT INFORMATION DO WE COLLECT?

Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:

• Names and contact information (for example email addresses)
• Account credentials (for example passwords or tokens used for sign-in)
• Food inventory, grocery lists, photos you choose to attach, chat messages you send to AI-assisted features, and related preference data you enter
• Communication preferences where you set them in the app (for example optional email notifications about expiring items)

Analytics, diagnostics, and usage data

We intentionally collect usage and technical data to understand how the Services are used, improve them, and diagnose problems. This may include:

• Firebase Analytics (Google): automatic and custom measurement — for example screen views, custom events, sign-in / sign-up events where applicable, and device or app metadata. Used on mobile and web builds that include the Firebase SDK.
• PostHog: product analytics — screen or page views, custom events, and app lifecycle signals on supported platforms. On the web app, PostHog is loaded via our site bundle and may use cookies, local storage, or similar technologies as described in Section 5.
• Firebase Crashlytics (Google): on Android and iOS, crash and stability telemetry — for example uncaught errors, stack traces, device type, OS version, and handled non-fatal errors we record for diagnostics. This follows Google's Crashlytics model (Firebase Crashlytics documentation). Web builds do not use Crashlytics the same way; stability on web still relies on browser behavior plus Analytics/PostHog where configured.

After sign-in, we may associate analytics and crash reports with a pseudonymous user identifier (for example Firebase setUserId / Crashlytics user id and PostHog identify using an opaque account id — not your email in standard event properties). We design event properties to limit personal data, but usage and diagnostic data are collected and retainedper each provider's defaults and our project settings.

Device permissions and platform features (mobile)

Our Android and iOS apps may request access to device capabilities so features work. We do not collect precise GPS location for FoodSavr as part of these permissions. Examples include:

• Camera — receipt scanning, barcode scanning, and capturing photos you attach to items.
• Photos / files / storage (varies by OS version) — choosing images or files from your device; on some platforms, saving images you export (for example to your photo library).
• Microphone and speech recognition — voice or speech-to-text input where the app offers it (Android and iOS may show separate prompts for microphone access and speech recognition).
• Notifications — local reminders (for example expiry alerts). On Android, the app may use vibration and may reschedule notifications after a device restart (boot completed) so reminders stay reliable.
• Network — syncing data, authentication, analytics, and AI features that use our servers.
• Home screen widget (where available) — if you add FoodSavr's widget, item names, counts, kitchen name, and related expiry summaries you choose to sync to the widget may appear on your device home screen where anyone who can see your screen could view them. The widget displays information from your account; it does not change what we store server-side.
• Bluetooth — the current FoodSavr Android app does not declare Bluetooth permissions. If a future build introduces Bluetooth access, check the in-app prompt and any updated policy.

What we do not do with your information

• We do not collect photos, text, or other content to sell it, license it to data brokers, or misuse it for unrelated commercial profiling.
• We do not use your images, chat, or inventory content to train FoodSavr-owned machine learning models. FoodSavr does not operate a model-training pipeline on your personal content.

Free app, monthly AI limits, and storage for item photos

FoodSavr is free to download on supported app stores (for example Google Play for Android) and free to use on the web (for example app.foodsavr.ca) and on mobile for grocery tracking, inventory, reminders, and related core features. There is no fee to create an account or use standard functionality.

Features that send images or text to cloud AI (for example receipt or grocery photo scanning, barcode flows that use AI, voice-assisted features that call cloud models, and Sous Chef chat) incur compute cost for us. We apply per-account monthly quotas for AI scans and Sous Chef chat. Those quotas reset on the first day of each calendar month in UTC (scheduled server rollover shortly after midnight UTC on the 1st). The app shows usage and limits (for example under Profile → Usage & limits for this month).

Item photos you attach to inventory items are subject to a separate storage quota that does not reset monthly; managing or deleting photos and items is how you stay within that limit, as explained in the app.

You may contact us at foodsavrapp@gmail.com to request higher limits or exceptions; we may grant such requests selectively at our discretion. FoodSavr does not currently offer in-app purchases, subscriptions, or payment checkout inside the app. If we introduce optional paid features later, we will update this policy and name any payment processors involved.

Email communications

We may send transactional or account-related email to the address associated with your account (for example a one-time welcome message after registration, or messages needed to operate or secure your account). Those messages are delivered through our infrastructure and providers such as Resend.

If you opt in to optional email notifications (for example weekly expiry summaries), we also process your email address and content needed for those emails, which may include item names or counts from your inventory, depending on the template.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, including:

• To facilitate account creation and authentication
• To provide and maintain grocery tracking, inventory, reminders, optional home screen widgets, and related features
• To send service-related communications (for example account, security, or policy notices) when appropriate
• To send transactional email needed to operate your account (for example welcome or verification-related messages), including through providers such as Resend
• To send optional notification emails you request (for example expiry reminders), including through subprocessors described in this policy
• If we introduce optional paid features in the future, to operate those flows when you choose to use them
• To measure product usage, improve features, and troubleshoot issues using analytics and crash reporting
• To process AI-assisted requests you send through the Services via our infrastructure and subprocessors
• To protect our Services and comply with legal obligations

FoodSavr is not a social network; we do not use your data for user-to-user messaging between strangers. If we send promotional email in the future, we will rely on applicable consent or legal bases and describe it here.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

We rely on several legal bases to lawfully process your personal information, including:

• Consent: When you have given us explicit permission (for example optional emails or certain device permissions you grant)
• Contract: To perform our contractual obligations to you
• Legitimate Interests: When it's reasonable and balanced (for example security, product improvement, and analytics configured to limit unnecessary personal data in event properties)
• Legal Obligation: To comply with applicable laws

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your personal information in the following situations:

• With service providers who assist us in providing our services
• For business transfers in case of merger or acquisition
• When required by law or to protect rights and safety
• With your consent for specific purposes

Service providers and subprocessors (examples)

Depending on how you use the Services, we share data with categories of providers including:

• Supabase — authentication, database, file storage, and server-side functions that power the app.
• Google — Google Sign-In if you choose it; Firebase Analytics and Firebase Crashlytics for analytics and crash reporting.
• PostHog — product analytics (mobile and web).
• Google (Gemini API / Google AI) — cloud processing when you use AI features that call Google's generative models (see AI section).
• Anthropic (Claude API) — cloud processing when you use AI features that call Anthropic's models, if and as enabled in our services.
• Resend — delivering transactional and notification email (for example account welcome or security-related messages, and opt-in expiry notifications).
• Payment processors — FoodSavr does not process payments inside the app today. If we add optional paid features later, we may use a third-party processor; that provider would handle payment data under its own terms and privacy notice, and we will list it here.
• Open Food Facts — when you use barcode lookup, the app may send a product code (and minimal request metadata) to the Open Food Facts public API over HTTPS to retrieve public product information. That processing is subject to Open Food Facts' own terms and policies.
• Hosting and infrastructure — for example Vercel or similar for websites and web app delivery; providers may process technical logs.

Each provider processes data under its own policies. Review their documentation for details on retention, regions, and subprocessors.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

On the web, we and our analytics partners may use cookies, local storage, pixels, or similar technologies so sessions work and so we can measure usage. PostHog and Firebase Analytics (where the web build includes Firebase) may collect page or screen views, events, and technical data in line with this policy. Mobile apps use SDK-based analytics rather than browser cookies.

You can control cookies and storage through your browser settings; blocking some technologies may limit certain web features or our ability to measure usage accurately.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, “AI Products”). These tools are designed to help you plan meals, interpret scans, and get cooking-related suggestions.

FoodSavr is an intermediary; we do not own the AI models

FoodSavr provides an application that routes your requests to third-party AI services. We do not own, host, or operate those underlying models. Accuracy, reliability, uptime, and security practices for AI processing therefore depend in large part on the applicable AI provider(for example Google's Gemini API and Anthropic's Claude API) and your network environment.

Use of AI technologies (Gemini and Claude APIs)

When you use AI features, your inputs (which may include images and text) and related context are sent from our servers to Google (Gemini) and/or Anthropic (Claude) over their APIs so they can generate a response. Outputs are returned to FoodSavr and shown in the app.

Training and provider data use: FoodSavr does not feed your content into a FoodSavr training pipeline. Whether and how API traffic may be used by Google or Anthropic (for example model improvement, abuse prevention, short-term processing, or logging) is governed by their current API or commercial terms and policies, which can change. Anthropic states that under its commercial terms, API customer content is not used to train generative models except in limited circumstances described in its documentation; Google describes separate data practices for Gemini API and Google Cloud AI services. We encourage you to review Google AI terms and Anthropic commercial terms for the latest wording.

Nothing in this policy overrides a provider's terms. If you need a specific data-retention or non-training configuration, that may require a direct agreement with the provider beyond standard consumer API use.

How to limit AI processing

You can stop sending new inputs to AI features by not using Sous Chef, receipt or item scanning that relies on cloud AI, and similar tools. That does not by itself delete past data already processed or stored under your account. For access, correction, or deletion requests, use the contact and data-request options in this policy.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

Our Services allow you to register and log in using Google Sign-In. When you choose to do this, we receive certain profile information from Google as permitted by your Google account settings and Google's policies (for example identifiers and basic profile details needed to create or link your FoodSavr account).

8. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

Account deletion requests: You may request deletion through our website (for example foodsavr.ca/delete-account), by email, or using the Delete account action in the FoodSavr app's profile / account settings. That action does not delete your account immediately. When you submit a request from the app, we may immediately create a row in our profiles_deleted log with your name (or display name), email, user_account_deletion_request_date (when the request was raised), and a short system comment — so we can process your request consistently. We send an automated confirmation email to your address and to our team inbox (foodsavrapp@gmail.com). Each request is reviewed before any deletion. If the request is approved, we aim to complete deletion of your account within fifteen (15) days after review (subject to technical, backup, and legal constraints). After deletion is completed, we will send you confirmation by email (or another channel we use for your request). We do not keep your inventory, photos, chat, or other app content in active systems or routine archives for that account after confirmed deletion, except as noted below.

Deletion log and operator fields: The profiles_deleted table may include deleted_at (when the account was fully removed; it may be empty while a request is only queued), optional comments (for example an automated note that the request came from the app), and FoodSavr_management__comment — a field we use internally for manual follow-up notes. That log is not used to restore your app data or for marketing.

Minimal record after deletion: After your data is removed, we may retain only your name (or display name we held) and email address in that log (together with request/deletion timestamps and internal comments) solely to document who requested account deletion and to support accountability, abuse prevention, and legal compliance.

Analytics and crash data: Information held by Google (Firebase Analytics, Crashlytics) and PostHog is retained according to theirretention settings and our project configuration. Deleting your account or asking us to delete personal data may not immediately remove all historical analytics or crash records held by those providers, and some aggregated or de-identified data may remain. Exact retention periods can change; see each provider's documentation.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

10. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions (for example the EEA, UK, Switzerland, or Canada), data protection laws may grant rights such as access, erasure, or restriction. Whether a given right applies to you depends on your location and the law — this list is informational, not legal advice:

• Request access and obtain a copy of your personal information
• Request rectification or erasure
• Restrict the processing of your personal information
• Data portability (if applicable)
• Object to certain processing (if applicable)
• Not be subject solely to automated decision-making with legal or similarly significant effects (where applicable)

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account where the app allows
• Contact us using the contact information in this policy or the data request page linked below

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Your Rights

Depending on your state, laws may include rights such as:

• Right to know whether we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of your personal data
• Right to non-discrimination for exercising your rights

How to Exercise Your Rights

To exercise these rights, you can contact us by visiting https://foodsavr.ca/data-request, by emailing us at foodsavrapp@gmail.com, or by referring to the contact details at the bottom of this document.

14. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at foodsavrapp@gmail.com or contact us by post at:

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

To request to review, update, or delete your personal information, please visit https://foodsavr.ca/delete-account or contact us at foodsavrapp@gmail.com. Account deletion may be processed through our website or support workflow; availability can depend on your platform and account state.

Deletion timeline and confirmation: If you use the in-app Delete account control, we record your request right away in our deletion log (see Section 8); your account is not deleted at that moment. We review each request before deletion. If approved, we aim to complete deletion of your account within fifteen (15) days after review (subject to technical, backup, and legal constraints). When deletion is finished, we send confirmation. Other than the minimal name and email (and request/deletion timestamps and internal notes) kept in our deletion log as described in Section 8, we do not retain your app content or profile data in active FoodSavr systems after that process.