Privacy Policy

Effective Date: April 22, 2026 · Last Updated: April 22, 2026

This Privacy Policy describes how GrocerE ("we," "us," or "our") collects, uses, and protects information when you use the GrocerE mobile application (the "App"). We are committed to being transparent about our data practices and to collecting only what we need to operate the App.

The short version:

  • We do not sell your personal information.
  • We do not share your personal information for advertising, and we do not track you across other apps or websites.
  • We do not use third-party analytics SDKs, advertising SDKs, or cross-site trackers.
  • We collect only the data needed to run the App and provide the service you asked for.

1. Scope

This Policy applies to information we collect through the App. It does not apply to third-party services you may access from the App, which are governed by their own policies.

2. Information We Collect

2.1 Information you provide directly

  • Account information: your mobile phone number (required for sign-up and sign-in via one-time SMS code) and your full name. Email address is optional.
  • Preferences: dietary preferences, allergens, cuisine preferences, preferred grocery stores.
  • User content: recipes you save or create, meal plans, shopping lists, pantry / inventory items, and photos you take or upload for product entry or scanning.
  • Customer support communications: messages you send us.

2.2 Information collected automatically

  • Device & technical information: device type, operating system, app version, and error / crash information, collected through Supabase server logs for operational and debugging purposes. We do not use crash-reporting SDKs that track individual users.
  • Approximate location: only if you grant location permission, we use your approximate geolocation to find nearby grocery stores and match promotions. You can revoke this permission at any time in your device settings. Location data is used in real time and is not retained beyond the session for this purpose.
  • Authentication metadata: timestamps of sign-in events for security.

2.3 Information from third parties

  • Subscription status from RevenueCat, Apple App Store, or Google Play Store, limited to what's necessary to provide access to paid features (subscription tier, entitlement status, renewal date).

2.4 Information we do not collect

  • We do not collect your precise GPS coordinates for tracking purposes.
  • We do not collect your contacts, calendar, or messages.
  • We do not collect advertising identifiers (IDFA / GAID).
  • We do not collect browsing history outside the App.

3. How We Use Information

We use the information we collect only to:

  • Provide the service: authenticate you, generate meal plans, match recipes with store promotions, build shopping lists, track your pantry, and save your preferences;
  • Deliver SMS one-time passcodes for account sign-in;
  • Process and manage subscriptions;
  • Provide customer support and respond to your requests;
  • Protect the App and our users — detecting abuse, fraud, and security issues;
  • Comply with legal obligations.

We do not use your information to build advertising profiles, serve targeted ads, or sell to data brokers.

4. What We Do Not Do

To be explicit:

  • No ads. The App does not display advertising, and we do not share data with ad networks.
  • No cross-app or cross-site tracking. We do not track you outside the App.
  • No sale or "sharing" of personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).
  • No analytics SDKs. We do not integrate Google Analytics, Mixpanel, Amplitude, Firebase Analytics, Segment, or similar products.
  • No targeted advertising profiles. We do not profile users for marketing.

5. Who We Share Information With

We share information only with service providers who process it on our behalf under contractual confidentiality obligations, and only for the limited purposes listed:

Service provider Purpose What is shared
Supabase Backend hosting, database, authentication Account info, user content, preferences, server logs
RevenueCat Subscription state management Anonymized user identifier, subscription events
Apple App Store / Google Play Store Payment processing for subscriptions Payment details handled by the platform store directly; we receive only subscription status
SMS provider (via Supabase Auth) Delivery of one-time verification codes Your phone number and the verification code
Google ML Kit On-device text recognition for product scanning Processed entirely on your device; image data does not leave the device

We may also disclose information:

  • To comply with law: in response to a valid subpoena, court order, or legal process, or to comply with applicable law;
  • To protect rights and safety: to investigate fraud, security incidents, or violations of our Terms of Service, or to protect the rights, property, or safety of users or the public;
  • In a business transfer: in connection with a merger, acquisition, financing, or sale of assets — any successor will be bound by this Policy.

We do not share your information for any other purpose.

6. Data Retention

We retain your personal information for as long as your account is active. When you delete your account (Profile → Settings → Delete Account), we delete your personal information from our production systems within 30 days, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce agreements. Backups containing your data are purged on our standard backup rotation.

7. Security

We use reasonable technical and organizational measures to protect your information, including:

  • Encryption in transit using HTTPS / TLS;
  • Supabase Row-Level Security (RLS) policies that isolate each user's data;
  • Phone-based one-time-passcode authentication — we do not store passwords;
  • Access controls limiting who can access production data.

No system is perfectly secure. If you become aware of a security issue, please report it to support@grocere.net.

8. Your Rights and Choices

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you;
  • Correct — update inaccurate information (you can edit your profile and preferences directly in the App);
  • Delete — request deletion of your account and associated data (available in the App at Profile → Settings → Delete Account, or by emailing support@grocere.net);
  • Portability — request a machine-readable copy of your data;
  • Opt out of sale or sharing — not applicable; we do not sell or share your personal information for advertising;
  • Non-discrimination — we will not discriminate against you for exercising these rights.

To make a request, email us at support@grocere.net. We may need to verify your identity (for example, by confirming a code sent to your registered phone number) before processing the request. We aim to respond within 30 days, or within 45 days for more complex requests.

California "Shine the Light" (Cal. Civ. Code § 1798.83): California residents may request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

Authorized agents: you may designate an authorized agent to make requests on your behalf. The agent must provide written permission from you, and we may ask you to verify the request directly.

9. Children's Privacy

The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@grocere.net and we will delete it.

If you are between 13 and 18, you should use the App only with the consent of a parent or legal guardian.

10. International Users

The App is operated from the United States, and your information is stored and processed in the United States (on Supabase infrastructure). If you access the App from outside the United States, you consent to the transfer and processing of your information in the United States, which may have data protection laws different from those in your country.

11. Do Not Track

Some browsers transmit "Do Not Track" signals. Because there is no common industry standard for responding to these signals, and because the App is not a browsing environment that would receive them, we do not respond to Do Not Track signals. As noted above, we do not engage in cross-site or cross-app tracking in any event.

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by in-app notification or email (if you have provided one) before the changes take effect, and we will update the "Effective Date" at the top. Your continued use of the App after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

Questions, requests, or complaints about this Privacy Policy or our data practices? Email support@grocere.net.

If you are not satisfied with our response, you may also have the right to contact your local data protection authority.