Privacy Policy
Last updated: December 3, 2025
1. Introduction
Welcome to Pantry Persona! We're a kitchen management app that connects with ChatGPT to help you track your pantry, plan meals, manage recipes, and reduce food waste. This Privacy Policy explains how we collect, use, and protect your information when you use our service through ChatGPT.
Our Philosophy: We believe your food preferences, dietary needs, and kitchen habits are personal. We collect only what's necessary to provide our service and never sell your data.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email Address — To identify your account and send important notifications
- Authentication Data — Securely managed by our authentication provider (Supabase)
User Content
You choose what to add to Pantry Persona:
- Pantry Items — Food items, quantities, expiration dates, and purchase prices
- Recipes — Ingredients, instructions, cooking times, and images (via URL)
- Meal Plans — Your scheduled meals and associated recipes
- Shopping Lists — Items you plan to purchase, organized by store
- Household Profiles — Names and preferences for household members
Dietary & Health Information
If you choose to share it, we collect:
- Dietary Preferences — Vegetarian, vegan, keto, etc.
- Food Exclusions — Allergies, intolerances, or foods to avoid
- Health Goals — Weight management, nutrition targets, etc.
This information is optional and helps us provide personalized recipe suggestions. We require explicit consent before collecting health-related data.
Receipt Data
When you add items from a receipt:
- Receipt Text — You can paste or type receipt text to add items to your pantry
- Product Mappings — We store product name mappings to improve future recognition
Device Data
We collect minimal technical information:
- Browser Type — For compatibility and debugging
- Anonymized Usage Patterns — Which features are used (via Vercel Analytics)
We do NOT collect: Location data, device identifiers, contacts, or browsing history.
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Provide Core Features | Pantry items, recipes, meal plans, shopping lists |
| AI-Powered Suggestions | Dietary preferences, pantry contents, recipe history |
| Receipt Processing | Receipt text → Product recognition → Pantry items |
| Personalized Recipes | Household profiles, allergens, health goals |
| Subscription Billing | Email, payment info (processed by Stripe) |
| Service Improvement | Anonymized usage analytics |
AI Features
- Smart Pantry: We use your pantry data to suggest recipes that use ingredients you have
- Receipt Processing: You can paste receipt text and we'll parse it to add items to your pantry automatically
ChatGPT Integration
Pantry Persona is designed to work directly with ChatGPT. When you connect your account:
- You authorize access via a secure OAuth 2.1 flow with PKCE
- You choose which permissions (scopes) to grant—such as
pantry:read,recipes:read, ormeal-plans:write - Only the data you authorize is shared with OpenAI to power your conversations
- You can revoke access at any time from your account settings
Conversation content is processed by OpenAI according to their privacy policy. We do not store your full conversation logs.
4. Third-Party Data Sharing
We share data only with the following service providers, and only as necessary to operate Pantry Persona:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing info |
| Supabase | Database & authentication | All user data (encrypted) |
| Vercel | Hosting & analytics | Anonymized usage data |
| OpenAI | ChatGPT widget | Data you authorize via OAuth |
For details on how these providers handle your data, please review their respective privacy policies: Stripe, Supabase, Vercel, OpenAI.
We Do NOT:
- Sell your personal data to third parties
- Share your data with advertisers
- Use your data for targeted advertising
- Allow third parties to use your data for their own purposes
Future Integrations
We may add grocery store integrations in the future. Any new integrations will be announced and require your explicit consent before any data is shared.
5. Data Security
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted via HTTPS (TLS 1.3)
- Encryption at Rest: Database encrypted by Supabase
- Secure Authentication: OAuth 2.1 with PKCE for third-party integrations
- Security Headers: HSTS, XSS protection, content security policies
- Access Controls: OAuth scopes limit what third-party apps can access
Permissions We Block
We explicitly block access to sensitive device features via HTTP headers:
- Camera
- Microphone
- Location
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Until you delete your account |
| Pantry Items, Recipes, Meal Plans | Until you delete them or your account |
| Product Mappings | Stored to improve product recognition |
| Payment History | As required by law (typically 7 years) |
| Security Audit Logs | 90 days |
Account Deletion
When you delete your account:
- All personal data is permanently removed within 30 days
- Anonymized, aggregated data may be retained for analytics
- We cannot recover deleted data
7. Your Rights
Depending on your location, you may have the following rights:
For All Users
- Access: View all data we have about you
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your data in a portable format
- Withdraw Consent: Revoke health data consent at any time
For California Residents (CCPA)
- Right to know what data we collect
- Right to delete your data
- Right to opt-out of data sales (we don't sell data)
- Right to non-discrimination for exercising your rights
For EU/UK Residents (GDPR)
- All rights listed above
- Right to data portability
- Right to restrict processing
- Right to lodge a complaint with a supervisory authority
To exercise any of these rights, contact us at hello@pantrypersona.com
8. Cookies
We use essential cookies to maintain your session and preferences. We do not use tracking or advertising cookies.
9. Children's Privacy
Pantry Persona is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We'll update the "Last updated" date at the top
- For significant changes, we'll notify you via email or in-app notification
- Continued use after changes constitutes acceptance
11. Contact Us
Questions about this Privacy Policy? Contact us at hello@pantrypersona.com