Privacy Policy

1. Information we collect

We collect only what the Service needs to function. Specifically:

• Account information. Your email address, and (if you sign in with Google) your name and Google account identifier. Passwords are never stored in plaintext.
• Household preferences. Dietary restrictions, household size, budget, and cooking preferences you enter so we can personalize meal plans.
• Location (ZIP only). The ZIP code you supply so we can price your shopping list at nearby stores. We do not collect precise device location.
• App activity. Meal plans generated, recipes saved, shopping lists created, items checked off, and search queries. This is used to power the features you interact with and to improve recommendations.
• Device and diagnostic data. Standard logs including device type, OS version, app version, crash reports, and timestamps — used for reliability and debugging.

We do not collect precise location, contacts, photos, health data, or financial account information. We do not sell your data.

2. How we use your information

• Generate meal plans and shopping lists.
• Price your list against real grocery data from third-party store APIs (see Section 3).
• Personalize recommendations (favorites, Tonight suggestions, “add to list” sides and desserts).
• Maintain, secure, and improve the Service — including debugging, fraud prevention, and abuse monitoring.
• Send transactional email (sign-in, account actions).

3. Information sharing

We share information only with service providers who process it on our behalf under contract, or when required by law. These include:

• Supabase — database and authentication hosting.
• Vercel — website and API hosting.
• OpenAI— AI meal planning and ingredient parsing. Prompts are not used for model training per OpenAI’s API terms.
• Kroger & Flipp — grocery pricing data (ZIP-level queries only; no personal identifiers shared).
• Google — OAuth sign-in and (optionally) analytics.

We do not sell or rent personal information. We do not share data with advertisers.

4. Data retention

Account data is retained for as long as your account is active. When you delete your account (in-app or by emailing support), we remove your account and associated personal data within 30 days. Aggregated and anonymized analytics may be retained indefinitely.

5. Your rights

Depending on where you live, you may have the right to access, correct, or delete your personal information, or to object to or restrict certain processing. To exercise these rights, email support@ejandersonconsulting.com.

You can delete your account at any time — see the support page for instructions.

6. Children’s privacy

GroshMe is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, contact us and we will delete it.

7. Security

Data is transmitted over HTTPS and stored by reputable providers with industry-standard protections (encryption at rest, access controls, audit logging). No system is perfectly secure — if we discover a breach affecting your data, we will notify affected users in accordance with applicable law.

8. Changes to this policy

We may update this policy as the Service evolves. When we do, we will update the “last updated” date above and, for material changes, notify you in the app or by email.

9. Contact