Privacy Policy
Last updated: June 2025
At MicroPantry, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our MicroPantry mobile application (version 1.0.0) and related services.
1. Information We Collect
1.1 Personal Information
When you create an account and use our mobile app, we collect:
- Account Information: Email address and display name for account creation
- Profile Data: BMI, allergies, dietary restrictions, and health conditions
- Authentication Data: Securely stored via Firebase authentication
- Dietary Preferences: Food preferences, health goals, and nutritional objectives
- Communication Preferences: Notification settings and contact preferences
1.2 Usage Data
To provide core app functionality, we collect:
- Pantry Management: Food items, quantities, expiry dates, and categories
- Meal Planning: Shopping lists, meal plans, and recipe preferences
- App Interactions: Feature usage patterns and user behavior
- Device Information: OS version, device model, and app version
- Performance Data: App crash reports and performance metrics
1.3 Media Data
With your permission, we may collect:
- Camera Access: For food scanning and barcode recognition
- Food Photos: Images of food items for AI recognition
- Barcode Data: Product information from scanned barcodes
- Receipt Images: For automated pantry updates (when permission granted)
1.4 Technical Data
For app functionality and improvement, we collect:
- Network Information: IP address and connectivity status
- Local Storage: Data stored using AsyncStorage for offline functionality
- Device Identifiers: For app analytics and crash reporting
- API Usage: Requests to third-party services for food data
2. How We Use Your Information
We use your information to provide and improve our mobile app services:
- Core App Functionality: Pantry management, recipe suggestions, and meal planning
- Food Recognition: Process camera images and barcode scans for food identification
- Nutritional Analysis: Provide detailed nutritional information and recommendations
- Smart Notifications: Alert you about expiring items and suggest recipes
- Personalization: Customize recommendations based on your dietary preferences and health goals
- Data Synchronization: Sync your data across devices using cloud storage
- App Improvement: Analyze usage patterns to enhance user experience and fix bugs
- Customer Support: Provide technical assistance and respond to your inquiries
- Legal Compliance: Meet regulatory requirements and protect user rights
3. Third-Party Services & Data Sharing
We integrate with the following third-party services to provide app functionality:
3.1 Firebase (Google)
- User Authentication: Secure account creation and login management
- Cloud Database: Firestore for data synchronization across devices
- Analytics: App usage statistics and crash reporting
- Data Storage: Information stored in Google Cloud (US-based servers)
3.2 Edamam API
- Food Database: Nutritional information and food identification
- Search Queries: Food search terms sent for nutritional data
- Data Sharing: No personal data shared beyond search terms
3.3 OpenAI API
- AI Meal Planning: Personalized recipe suggestions and meal planning
- Natural Language Processing: Understanding food queries and preferences
- Data Processing: Query data may be processed by OpenAI for AI functionality
3.4 Other Services
- Expo: App development and deployment platform
- React Native Libraries: Core app functionality and UI components
- App Store Services: iOS App Store and Google Play Store for app distribution
3.5 Data Sharing Policies
We do not sell your personal information. We may share data only when:
- Legal Requirements: Required by law or to protect rights and safety
- Business Transfers: In connection with mergers, acquisitions, or asset sales
- Explicit Consent: When you explicitly consent to sharing
- Service Providers: With trusted vendors who assist in app operations
4. Data Storage & Security
We implement comprehensive security measures to protect your data:
4.1 Local Data Security
- AsyncStorage Encryption: Local data encrypted on your device
- Secure Key Storage: Authentication tokens stored securely
- Offline Protection: Data remains secure even when offline
4.2 Cloud Data Security
- Firebase Security: Data encrypted in transit and at rest
- Authentication: Secure token-based user authentication
- Access Controls: Role-based permissions and data isolation
- Regular Backups: Secure data backup and recovery procedures
4.3 App Security Measures
- Code Obfuscation: App code protected against reverse engineering
- API Security: Secure communication with all external services
- Permission Management: Minimal required permissions with clear explanations
- Regular Updates: Security patches and vulnerability assessments
4.4 Data Breach Response
In the unlikely event of a data breach, we will:
- Notify affected users within 72 hours
- Report to relevant authorities as required by law
- Implement immediate security measures
- Provide guidance on protective actions
5. Device Permissions
Our app requests the following permissions to provide full functionality:
5.1 Camera Permission
- Purpose: Food scanning and barcode recognition
- Usage: Process images locally when possible
- Storage: Images not stored permanently unless you choose to save them
- Control: You can revoke this permission in your device settings
5.2 Storage Permission
- Purpose: Save images and enable offline functionality
- Usage: Local data backup and offline access
- Control: Manageable through app settings and device permissions
5.3 Network Access
- Purpose: Cloud synchronization and API calls
- Usage: Real-time data updates and food database queries
- Offline Mode: App works offline with limited functionality
6. Your Rights & Controls
You have comprehensive control over your data:
- Access Your Data: View all personal information we have about you
- Update Information: Correct or modify your profile and preferences
- Delete Account: Permanently remove your account and associated data
- Export Data: Download your data in a portable format
- Notification Control: Opt-out of push notifications and emails
- Withdraw Consent: Revoke permissions for data processing
- Data Portability: Transfer your data to another service
7. Children's Privacy
Our app is not intended for children under 13 years of age:
- Age Restriction: We do not knowingly collect data from children under 13
- Parental Supervision: Parents should supervise children's app usage
- Data Deletion: If we discover child data, we will delete it immediately
- Parental Rights: Parents can request deletion of their child's data
8. Data Retention
We retain your data according to the following schedule:
- Account Data: Retained until account deletion
- Local Data: Cleared when app is uninstalled
- Backup Data: Retained for 30 days after account deletion
- Analytics Data: Anonymized after 2 years
- Crash Reports: Retained for 1 year for debugging purposes
When retention periods expire, we securely delete or anonymize your data.
9. International Data Transfers
Your data may be processed in the United States and other countries:
- Firebase/Google: Data stored in US-based Google Cloud servers
- API Services: Edamam and OpenAI may process data in various locations
- Protection Measures: Standard contractual clauses and adequacy decisions
- EU Users: Additional rights under GDPR for European users
10. App Store Compliance
Our app complies with platform-specific requirements:
10.1 iOS App Store
- Privacy Labels: Complete privacy information in App Store
- Data Collection: Transparent about all data collection practices
- User Control: Clear permission requests and controls
10.2 Google Play Store
- Data Safety: Comprehensive data safety section
- Permissions: Minimal required permissions with clear purposes
- Transparency: Open about data sharing and usage
11. Updates to Privacy Policy
We may update this policy periodically. You will be notified of changes through:
- App Updates: In-app notifications about policy changes
- Email Notifications: Direct communication about significant changes
- App Store Updates: Updated privacy information in app stores
Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Information
13. Legal Compliance
This Privacy Policy complies with applicable data protection laws:
13.1 GDPR Compliance (EU Users)
- Legal Basis: Consent and legitimate interest for data processing
- Data Controller: MicroPantry is the data controller for your information
- Data Protection Officer: Contact admin@micropantry.org for DPO inquiries
- Right to Complain: You can lodge complaints with your local supervisory authority
13.2 CCPA Compliance (California Residents)
- Right to Know: Request information about data collection and use
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
- Non-Discrimination: We won't discriminate for exercising your rights
13.3 Other Regulations
- COPPA: Children's Online Privacy Protection Act compliance
- PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
- Local Laws: Compliance with applicable local privacy regulations