Privacy Policy
Effective date: 1 June 2026
Smart Pantry is a meal planning and pantry management app available on the web at smartpantry.website and as a mobile app on the Apple App Store and Google Play Store. This policy explains what personal data we collect, why we collect it, how it is stored, and your rights over it. We keep things simple — no advertising, no selling your data, no hidden tracking.
At a glance
1. What data we collect
We collect only the information needed to run the app. The table below lists every category:
We do not collect your name, phone number, address, payment details, location, device identifiers, or biometric data. We do not run behavioural tracking or advertising pixels.
2. Device access (mobile app)
The Smart Pantry mobile app requests only the permissions it needs. Below is every permission the app may request and exactly why:
Permissions the app never requests:
- Microphone
- Photo library
- Location / GPS
- Contacts
- Push notifications
- Health & fitness data
- Bluetooth
- Face ID / Touch ID / biometrics
- Background app refresh
3. How it's stored & security
All account and application data is stored in a MongoDB database. Depending on deployment configuration this may be a MongoDB Atlas cluster hosted on AWS or Google Cloud infrastructure in the EU or UK. Data is protected by:
- Passwords stored as bcrypt hashes (cost factor ≥ 10) — the original password cannot be recovered even by us.
- Session tokens are signed JWTs stored in
httpOnly,SameSite=Laxcookies on web — inaccessible to JavaScript and not sent cross-site. - On mobile, session tokens are stored in iOS Keychain or Android Keystore — hardware-backed secure storage inaccessible to other apps.
- All traffic is served over HTTPS / TLS. Plain HTTP is not accepted.
- Database credentials are stored as server-side environment variables and are never exposed to the client or logged.
- Access to production data is restricted to authorised personnel only.
We take reasonable technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 UK GDPR.
4. Why we collect it (lawful basis)
Under UK GDPR, every purpose for processing personal data must have a lawful basis. Below are our purposes and the corresponding lawful basis for each:
We do not rely on consent as the basis for any processing (other than the device permissions listed in Section 2 which are handled by your operating system). You can withdraw your data entirely by deleting your account (see Section 7).
We do not use your data for marketing, profiling, or selling to third parties.
5. Data retention
We retain personal data for as long as your account is active. Specifically:
There are no separate retention periods for sub-categories of data. Everything tied to your account is removed in a single irreversible operation when you delete your account (see Section 7).
6. Third-party services
Smart Pantry uses a small number of infrastructure services. None of them receive your pantry, meal plan, or shopping data. The full list:
We do not use Firebase, Supabase, Stripe, Google Analytics, Meta Pixel, Mixpanel, Amplitude, Segment, or any other analytics or advertising platform.
7. Deleting your account
You can permanently delete your account and all associated data at any time. There are two ways:
Option A — self-serve (instant):
- Sign in and go to Profile.
- Scroll to the Account section.
- Tap Delete account and confirm.
Option B — by email (within 30 days):
If you cannot access the app, email us at smartpantryhelp@outlook.com and we will delete your account manually within 30 days.
Deletion removes all of the following from our database immediately and irreversibly: your user record, profile, pantry items, meal plans, shopping list data, shopping history, cooked meal logs, and any custom recipes. Anonymous aggregated data (recipe pattern hashes) that cannot be linked back to you is retained separately.
There is no grace period or recovery option. Once deleted, your data cannot be restored.
In compliance with Apple App Store Review Guideline 5.1.1(v) and Google Play Data Safety requirements, account deletion is available directly within the app and removes all associated personal data. This also satisfies the UK GDPR right to erasure (Article 17) and EU GDPR equivalent.
9. Children
Smart Pantry is not directed at children under the age of 13 and we do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at smartpantryhelp@outlook.com and we will delete that data promptly.
Users between 13 and 17 should use the app only with the knowledge and consent of a parent or guardian.
10. Your rights (UK & EU GDPR)
Under UK GDPR (and equivalent EU GDPR) you have the following rights. Most can be exercised directly in the app:
To exercise any of these rights, contact us at smartpantryhelp@outlook.com. We will respond within 30 calendar days and will not charge a fee for reasonable requests. We may ask for proof of identity before fulfilling a request.
11. Complaints
If you believe we have not handled your personal data in accordance with applicable data-protection law, you have the right to lodge a complaint with the relevant supervisory authority:
We would appreciate the opportunity to address your concern directly before you contact the supervisory authority. Please email us first at smartpantryhelp@outlook.com and we will respond within 30 days.
12. Contact & data controller
Smart Pantry is the data controller for the personal data described in this policy. If you have any questions about this policy or how your data is handled, please contact us:
We aim to respond to all data-related requests within 30 days. For complex requests involving multiple rights or large volumes of data, we may extend this by a further two months — if so, we will notify you within the initial 30-day period and explain the reason for the extension.
We may update this policy from time to time as the service evolves or legal requirements change. The effective date at the top of this page reflects the most recent revision. Where changes are material, we will notify you by email (if we have one for your account) or by displaying a notice in the app. Continued use of the app after notification of a change constitutes acceptance of the revised policy.
Smart Pantry · smartpantry.website · Effective 1 June 2026 · Data controller: smartpantryhelp@outlook.com
Back to app