Privacy Policy
Last updated: January 23, 2026
Pantry Persona is a kitchen management service that helps you track your pantry, plan meals, manage recipes, and reduce food waste. In some interfaces, including ChatGPT and other Model Context Protocol (MCP)–compatible clients, Pantry Persona can also help you build shopping lists and send them to grocery and delivery platforms.
This Privacy Policy explains how we collect, use, and share personal information when you use Pantry Persona anywhere in the world, including:
- Pantry Persona tools available inside ChatGPT or other MCP-compatible hosts
- Our website at pantrypersona.com
- Any other Pantry Persona services that link to this Privacy Policy
By using Pantry Persona, you agree to the practices described here.
1. Information We Collect
We collect information in three main ways: information you provide directly, information collected automatically, and information received from third parties.
1.1 Account Information
When you create or connect an account, we collect:
- Email address, to identify your account and send important notifications
- Authentication data, managed by our authentication provider (for example, hashed passwords or tokens)
- MCP / ChatGPT identity context, such as identifiers provided by a host (for example, a subject or tenant ID) so that host can act on your behalf when using Pantry Persona
We do not store passwords in plain text.
1.2 User Content
You choose what to add to Pantry Persona, such as:
- Pantry items: food items, quantities, expiration dates, purchase prices
- Recipes: ingredients, instructions, cooking times, URLs or images (where supported)
- Meal plans: scheduled meals and associated recipes
- Shopping lists: items you plan to purchase, including store or retailer selections
- Household profiles: household members' names or nicknames, tastes, and preferences. Profile data is stored regardless of your subscription tier and becomes active when the associated feature is available to you.
This content can be created through our website, our own interfaces, or through tools inside MCP hosts such as ChatGPT.
1.3 Dietary and Health-Related Information (Sensitive Data)
If you choose to provide it, we may process:
- Dietary preferences (for example, vegetarian, vegan, low-carb)
- Food exclusions and allergies (for example, nuts, dairy, gluten)
- Food-related goals (for example, nutrition focus or calorie awareness)
We treat this as sensitive information. We use it only to personalise your Pantry Persona experience, such as:
- Filtering recipes and suggestions
- Flagging ingredients you want to avoid
- Helping you plan meals that better match your preferences
You can remove or change this information at any time in your settings or by contacting us.
1.4 Receipt Data
When you add items from receipts, we may process:
- Receipt text or structured data you input or upload
- Product mappings we derive from that text, such as normalised product names linked to your pantry items
This allows Pantry Persona to convert receipt information into items in your pantry.
1.5 Device and Usage Data
We collect limited technical data to operate and improve the service, such as:
- Browser type and version, basic device and operating system information, and language
- Information about how you use Pantry Persona (for example, which features you use and how often, error events, and performance metrics)
This information is generally collected in an aggregated or pseudonymous form through hosting and analytics providers.
For our current web and MCP integrations:
- We do not collect precise GPS location, contact lists, or your general web browsing history
- We do not request access to your camera or microphone from the browser
If we release native applications that use additional device features (for example, camera access for barcode scanning), we will request permission through the operating system and explain those uses separately.
1.6 Information from ChatGPT, MCP Hosts, and Other Third Parties
When you use Pantry Persona through ChatGPT or another MCP host:
- The host sends Pantry Persona tool calls that include your instructions, relevant parameters (for example, which pantry to read or which items to add), and the limited context needed to complete the action
- We receive only the information needed to fulfil that request, such as a user or session identifier, tool parameters, and any context the host chooses to include
We also receive information from:
- Payment providers and app stores, such as subscription and transaction information (we do not receive full payment card numbers)
- Identity providers, such as tokens and profile identifiers used to secure access
- Grocery and shopping platforms you choose to connect, such as identifiers and tokens needed to create or update carts or lists on your behalf, and limited information about the status of those carts or lists
Each of these third parties handles your information under its own terms and privacy policies.
2. How We Use Your Information
We use personal information for the purposes described below. Where necessary, we also indicate the legal bases we rely on under the GDPR/UK GDPR (for users in the EEA or UK).
| Purpose | Examples | Legal Basis (EEA/UK) |
|---|---|---|
| Provide core features | Track your pantry, recipes, meal plans, shopping lists; respond to MCP tool calls | Performance of a contract; legitimate interests |
| Personalization | Tailor recipes and suggestions to your pantry, preferences, allergies, and goals | Consent for sensitive data; legitimate interests |
| AI-powered features | Provide smart suggestions and automations using your pantry contents, history, and preferences | Performance of a contract; legitimate interests; consent where required |
| Grocery and shopping integrations | Let you send a shopping list or selected recipes to a connected grocery or delivery platform | Performance of a contract; legitimate interests; consent where required |
| Receipt processing | Turn receipt text into structured pantry items and product mappings | Performance of a contract; legitimate interests |
| Billing and account management | Process subscriptions, handle billing issues, and detect payment-related fraud | Performance of a contract; legal obligations |
| Service improvement and analytics | Understand which features are used, diagnose technical issues, improve performance | Legitimate interests |
| Security and abuse prevention | Protect accounts and services, detect misuse, and respond to incidents | Legitimate interests; legal obligations |
| Legal compliance | Meet tax, accounting, and regulatory obligations; enforce our terms | Legal obligations |
Important: We do not use personal information for cross-context behavioural advertising or for selling personal information.
2.1 Aggregated and De-Identified Information
We may create aggregated, anonymised, or otherwise de-identified information derived from personal information. This type of information does not identify you as an individual and may be used and shared for any lawful purpose, such as:
- Analysing overall usage patterns and trends
- Improving and developing our services
- Generating insights about how people use Pantry Persona
3. MCP and ChatGPT Integration
Pantry Persona is implemented as an MCP server that can be used by compatible hosts such as ChatGPT.
3.1 How MCP Hosts Use Pantry Persona
- The host (for example, ChatGPT) manages your conversation, identity, and user interface
- When you ask the host to use Pantry Persona (for example, "add this recipe to my pantry app"), the host sends a tool request to Pantry Persona's MCP server
- Pantry Persona processes that request, interacts with your Pantry Persona data as needed, and returns structured results to the host
We do not see your entire conversation with the host. We see only the structured tool calls and any context the host includes in those calls.
3.2 What We Receive from MCP Hosts
The host may send:
- A user or account identifier used to look up your Pantry Persona account
- Tool parameters, such as item names, recipe identifiers, quantities, and relevant options
- Limited context needed to perform the action (such as language or region)
We do not receive your ChatGPT login credentials or independent ChatGPT account data.
The host continues to process your data under its own privacy policy. Pantry Persona processes only the information necessary to provide the features you invoke.
3.3 Security for MCP Integrations
For MCP integrations we:
- Use scoped tokens and access controls to enforce least-privilege access
- Validate incoming requests and tokens before performing actions
- Limit which systems and data MCP tools can access
- Monitor for misuse and unusual activity
4. Cookies and Similar Technologies
We currently use only essential cookies and similar technologies, such as:
- Session cookies that keep you logged in
- Basic preference cookies that remember certain settings
We do not use third-party advertising cookies or trackers for behavioural advertising.
If we introduce additional cookies or similar technologies in the future, especially for analytics or personalisation where required by law, we will provide appropriate notices and obtain consent where necessary (for example, via a banner in the EU/UK).
5. International Data Transfers
Pantry Persona is operated from the United States, and we use service providers located in the United States and other countries. This means personal information may be transferred to and processed in countries that may have different data protection rules than those in your home country.
Where required by law (for example, for users in the EEA or UK), we implement appropriate safeguards for these transfers, which may include:
- Standard Contractual Clauses approved by the European Commission or UK authorities
- Other transfer mechanisms recognised by data protection regulators
You can contact us if you would like more information about these safeguards.
6. Data Security
We use a range of technical and organisational measures to help protect personal information, including:
- Encryption in transit using HTTPS/TLS
- Encryption at rest provided by our database and storage providers
- Access controls and role-based permissions for staff with a need to know
- Scoped tokens and OAuth-style access controls for integrations and tools
- Security headers and other hardening measures
- Monitoring and logging to detect unusual or abusive activity
No security method is completely free of risk, but we work to maintain the security and integrity of your data. You can help by using a strong, unique password for your account and keeping access to your devices and host accounts (such as ChatGPT) secure.
7. Data Retention
We keep personal information only for as long as necessary for the purposes described in this Privacy Policy, or as required by law. Retention may vary depending on the type of data and the context of your interactions with Pantry Persona.
| Data Type | Retention |
|---|---|
| Account information | For as long as your account is active and for a limited period thereafter for backup, logging, and dispute resolution |
| Pantry, recipe, meal plan, and shopping list data | Until you delete the items or delete your account |
| Product mappings and receipt-related data | For as long as needed to support and improve receipt processing |
| Payment and transaction records | For the period required by tax, accounting, and financial regulations (often several years) |
| Security and access logs | For a limited period, typically around 90 days, unless needed for investigations |
| Aggregated and de-identified information | May be retained indefinitely, as it does not identify you |
7.1 Account Deletion
If you delete your account:
- You have a 7-day recovery window during which you can cancel the deletion and restore your account
- After the recovery window, personal data in active systems is permanently deleted (typically within 7 days)
- Data in backups and archives will be removed according to regular backup rotation schedules
- We may retain limited information as required for legal, accounting, or security purposes
Once an account is deleted and any applicable retention periods have passed, the deletion is permanent and the account cannot be restored.
8. Your Rights
Your privacy rights depend on where you live, but we aim to provide all users with meaningful control over their personal information.
8.1 Rights Available to All Users
Regardless of your location, you can:
- Access: request information about the personal data we hold about you
- Correct: ask us to correct inaccurate or incomplete data
- Delete: request deletion of your account and associated personal data, subject to legal and operational exceptions
- Export: request a copy of your personal data in a structured, commonly used, machine-readable format, where technically feasible
- Withdraw consent: withdraw consent for specific processing (for example, dietary/health preferences) where consent is the legal basis
Some of these rights can be exercised directly through your account settings. You can also contact us using the details at the end of this Policy.
8.2 Additional Rights for EEA and UK Residents
If you are in the EEA or UK, you have additional rights under the GDPR/UK GDPR, including:
- Right to be informed about how your data is used
- Right of access to your personal data
- Right to rectification of inaccurate personal data
- Right to erasure ("right to be forgotten") in certain circumstances
- Right to restrict processing in specific situations
- Right to data portability for certain data you have provided to us
- Right to object to processing based on legitimate interests, including profiling
- Rights in relation to automated decision-making; we do not make decisions with legal or similarly significant effects solely based on automated processing
You also have the right to lodge a complaint with your local data protection authority. You can contact us first so we can try to resolve any concern.
For users in the EEA or UK, the controller of your personal information is Zen Design & Solutions, LLC.
8.3 Additional Rights for Residents of California and Some Other US States
If you are a resident of California or certain other US states with comprehensive privacy laws, you may have additional rights, including:
- Right to know the categories and specific pieces of personal information we collect, use, and disclose
- Right to request deletion of personal information, subject to certain exceptions
- Right to correct inaccurate personal information
- Right to opt out of the "sale" or "sharing" of personal information, as those terms may be defined by law
- Right to limit the use and disclosure of sensitive personal information, where applicable
- Right not to be treated differently for exercising your privacy rights
Note: Pantry Persona does not sell personal information or share personal information for cross-context behavioural advertising. If this changes in the future, we will update this Policy and provide any required notices and choices.
8.4 How to Exercise Your Rights
To exercise any of the rights described above, you can:
- Email us at hello@pantrypersona.com with the subject line "Privacy Request"
We may need to verify your identity before responding to a request, for example by asking you to confirm control of your account or email address. Where your local law permits you to use an authorised agent, we may request proof of that authorisation.
If your local law gives you the right to appeal our response to a request (for example, in certain US states), you can do so by replying to our response and stating that you want to appeal. If you are not satisfied with the outcome, you may also have the right to contact your local regulator.
9. Third-Party Service Providers and Other Sharing
We share personal information with third parties in limited situations, as described in this section.
9.1 Categories of Service Providers
We use third-party service providers that process personal information on our behalf and under our instructions. These providers help us operate, secure, and improve Pantry Persona.
| Category | Purpose | Types of Data Shared |
|---|---|---|
| Payment processors | Process subscription payments, handle billing, and support fraud detection | Contact details (such as email), transaction details, limited billing information |
| Cloud hosting and database providers | Host our services, store data, maintain backups, and provide infrastructure | Account data, pantry data, recipes, meal plans, shopping lists, logs and technical data |
| Authentication and identity providers | Manage login, tokens, and secure access to your account | Email address or user identifier, authentication and token data |
| Analytics and logging providers | Understand usage trends, diagnose issues, and improve performance | Pseudonymous usage data, device and technical information, error and performance logs |
| Email and notification providers | Send transactional emails and service-related communications | Email address and notification content or metadata necessary for delivery |
| AI and machine learning service providers | Power certain features, such as recommendations and smart pantry suggestions | Only the information necessary to provide the requested AI feature |
When we use external AI or machine learning service providers, they process personal information only to provide services to us and are not permitted to use that information for their own independent purposes (such as training or improving general-purpose models) without an appropriate legal basis and our instructions.
We may change service providers over time. When we do, they will perform similar functions to those described above, and we will require them to protect personal information appropriately.
9.2 Grocery and Shopping Integrations You Choose to Use
Pantry Persona can integrate with certain grocery and delivery platforms so you can send items from your shopping list or recipes directly into a cart or shoppable list on those platforms.
When you use these integrations:
- We send only the information needed to create or update the cart or list (for example, item names, quantities, product identifiers where available, and sometimes store or location selections)
- We may receive limited information in return, such as a cart or list identifier, a link, or basic status information indicating whether the action succeeded
- We do not see your full grocery platform account history, full order history, or full payment details through these integrations
The grocery or delivery platform is an independent company. Its use of your information is governed by its own terms and privacy policy, not this one.
You can disconnect a grocery integration at any time in your Pantry Persona settings (when available). Disconnecting stops new data being shared from that point on, but does not delete information already held by that platform.
9.3 Affiliates
We may share personal information with our current and future "affiliates," meaning entities that control, are controlled by, or are under common control with us, as reasonably necessary to operate, improve, and secure our services. Where we share personal information with affiliates, they will be required to handle it in a manner consistent with this Privacy Policy.
9.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or part of our business, personal information may be transferred to another company as part of that transaction.
That company may use personal information as described in this Privacy Policy or in a successor policy that provides materially similar protection. If any future use of personal information is materially different from the uses described here, we will provide additional notice and obtain consent where required by law.
9.5 Legal Disclosures
We may disclose personal information if we believe in good faith that doing so is reasonably necessary to:
- Comply with applicable laws, regulations, legal processes, or governmental requests
- Enforce our terms and agreements
- Protect the rights, property, or safety of Pantry Persona, our users, or the public
9.6 No Sale or Advertising Use
We do not:
- Sell personal information for money
- Share personal information for cross-context behavioural advertising
- Allow third parties to use personal information for their own independent marketing without your consent
If this ever changes in the future, we will update this Privacy Policy and provide any required notices and choices.
9.7 Third-Party Data Sources
To provide accurate product information for receipt processing and pantry management, we use data from third-party sources:
- Open Food Facts (openfoodfacts.org): An open, collaborative database of food products from around the world. This data is made available under the Open Database License (ODbL). We use this data to match receipt items to product information, including nutritional data, allergens, and product categories.
Open Food Facts data is contributed by volunteers and may not always be complete or accurate. We use this data to assist with product identification but encourage users to verify important information such as allergens and nutritional values.
10. Children's Privacy
Pantry Persona is not intended for children under the age of 13.
- We do not knowingly collect personal information from children under 13
- If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information as required by applicable law
If you believe a child under 13 has provided personal information to Pantry Persona, please contact us using the details below.
11. Changes to This Policy
We may update this Privacy Policy from time to time.
When we make changes:
- We will update the "Last updated" date at the top of this page
- For material changes, we may provide additional notice, such as a prominent notice in the product, an email, or a message within an MCP host that uses Pantry Persona
Your continued use of Pantry Persona after an updated Privacy Policy becomes effective means that you accept the updated Policy.
12. Contact and Controller Information
If you have questions about this Privacy Policy or how we handle personal information, or if you want to exercise your privacy rights, you can contact us at:
Email: hello@pantrypersona.com
Pantry Persona is operated by Zen Design & Solutions, LLC, which is the controller of personal information processed under this Privacy Policy unless stated otherwise in a specific context.