1. Introduction
Grub Guardian ("we," "our," or "us") operates the grubguardian.shop website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data transparently.
2. Information We Collect
We collect information you provide directly:
- Account Information: Email address, name, and encrypted password when you create an account.
- Inventory Data: Food items, expiry dates, quantities, prices, and categories you enter or scan.
- Images: Photos you upload for AI-powered item recognition or receipt scanning. These are processed in real-time by our AI provider and are not permanently stored on our servers.
- Payment Information: Processed securely through Stripe. We never store, access, or retain your credit card numbers or bank details.
- Usage Data: Streaks, points, items scanned, recipes generated, and other gamification metrics.
- Referral Data: Referral codes generated and shared, and promo codes redeemed.
Information collected automatically:
- Device Information: Browser type, operating system, and device type for service optimization.
- Authentication Cookies: HttpOnly session cookies used solely for keeping you logged in. We do not use tracking cookies or third-party advertising cookies.
3. How We Use Your Information
- Provide, maintain, and improve the Grub Guardian service.
- Generate personalized recipe suggestions based on your inventory.
- Track your food waste savings and gamification progress.
- Process subscription payments via Stripe.
- Send service-related notifications (e.g., expiring items).
- Manage referral and promo code programs.
- Detect and prevent fraud or abuse.
We do not use your data for advertising, profiling, or selling to third parties.
4. Camera & Image Access
We request camera access solely for barcode scanning, food item recognition, and receipt scanning. Camera feeds are processed locally on your device for barcode detection. Images sent for AI recognition are transmitted securely, processed in real-time, and are not retained by us or our AI provider after analysis.
5. Third-Party Service Providers
We share data only with the following service providers, strictly for providing our Service:
- Stripe Inc. — Payment processing. Stripe collects and processes payment information under their own Privacy Policy.
- Google (Gemini AI) — Image recognition and recipe generation. Only the specific images/text needed for processing are shared. Data is processed in real-time and not stored by Google for this purpose.
- Open Food Facts — Barcode product lookups. Only the barcode number is shared. This is a public, open-source database.
- MongoDB Atlas — Database hosting. Your data is encrypted at rest and in transit.
We do not sell, rent, or trade your personal information to any third party.
6. Data Security
We implement industry-standard security measures including:
- Passwords hashed using bcrypt (never stored in plain text)
- All connections secured via HTTPS/TLS encryption
- HttpOnly, SameSite authentication cookies (not accessible to JavaScript)
- Database access restricted by role-based permissions
- Regular security reviews
While we take reasonable measures to protect your data, no electronic transmission or storage system is 100% secure. We encourage you to use a strong, unique password.
7. Data Retention & Deletion
We retain your data only for as long as your account is active or as needed to provide the Service.
- Active accounts: Data is retained while your account exists.
- Account deletion: You can delete your account and all associated data at any time through the Account Settings page in the app. Deletion is immediate and irreversible.
- Automatic cleanup: Images uploaded for scanning are processed in real-time and not stored.
- Legal requirements: We may retain certain records as required by law (e.g., payment transaction records).
8. Your Rights
Regardless of where you are located, you have the following rights:
- Access: Request a copy of all personal data we hold about you (available via the "Export Data" feature in Account Settings).
- Correction: Update or correct your personal information.
- Deletion: Delete your account and all associated data at any time (available via Account Settings).
- Data Portability: Export your data in a machine-readable JSON format.
- Objection: Object to certain processing of your data.
For EU/EEA Residents (GDPR):
You additionally have the right to lodge a complaint with your local data protection authority. Our legal basis for processing is contract performance (providing the Service you signed up for) and legitimate interest (improving the Service).
For California Residents (CCPA):
You have the right to know what personal information we collect, request deletion, and opt out of sale of personal information. We do not sell personal information. To exercise these rights, use the in-app Account Settings or contact us.
9. Children's Privacy
Grub Guardian is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete that information.
10. International Data Transfers
Your data may be processed on servers located outside your country of residence. We ensure appropriate safeguards are in place for any such transfers in compliance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@grubguardian.shop