iGarde is designed to keep your shopping, your receipts, and your meal plan in your hands. This page explains, in plain English, what we collect, why, and the choices you have.
iGarde (“we”, “us”) is a UK-based pantry and meal-planning application available at igarde.app. We are the data controller for any personal data you give us under the UK GDPR and the Data Protection Act 2018.
You can reach us at hello@igarde.app for any privacy question. Plain-text emails are fine; we don't need a form.
We try to collect the bare minimum to make the app work. The categories below are exhaustive for the consumer product — if we ever add new ones, we'll update this page first.
You can use iGarde without signing in — without an account, nothing leaves your device, and there's nothing on our servers to lose.
This lives in a local database on your device, protected by the operating system's standard at-rest encryption (accessible only after you unlock the device). When you're signed in, the same rows replicate to our Supabase database so they appear on your other devices and to anyone else in your household. Pantry, meals, shopping list, receipts and receipt line items are scoped to the household; recipes and favourites are scoped to you.
OCR is on-device. The iOS app uses Apple's Vision framework; the web app uses Tesseract.js running in your browser. The raw receipt image is never sent to an OCR service — not ours, not Apple's, not anyone else's.
If you're signed in, two things travel to our backend after a scan:
receipts/<your-user-id>/<receipt-id>.jpg. The bucket is never public; access is
only via short-lived signed URLs issued to you. Objects are automatically deleted after
30 days; the structured line items stay in your pantry until you remove them.parse-receipt Edge Function,
which passes it to Anthropic's Claude API to clean up and categorise the item
names (for example, turning CHKN BRST 300G into “Chicken breast”). This
happens for every receipt you scan while signed in — not only hard-to-read lines —
because the cleanup pass is what makes the review screen accurate. We send text only:
never the receipt image, never your email, never any device identifier beyond the request
itself. The cleaned text is used solely to fill in your pantry — it is never used for advertising
and never sold. If the cloud call is unavailable (you're offline, over your limit, or it fails),
the app falls back to reading the lines entirely on your device.If you're not signed in, neither of the above happens — the scan, the OCR and the parsed items stay on your device.
Expiry reminders are scheduled locally by the app on your device — they fire from your device's own clock. We do not register a remote push token and we do not run a push server; nothing about your notifications touches our servers or any push relay. You can revoke notification permission from your device settings at any time.
We keep short-lived server logs (typically 30 days) of errors and rate-limited requests so the service stays up. Logs are minimised — no full request bodies, no receipt contents, no message bodies. Anthropic, as our processor, keeps its own short logs of API calls under its standard terms.
To see which features are used and catch crashes, the app records a small set of first-party events — things like “app opened”, “receipt scanned”, “paywall viewed”, plus crash breadcrumbs and request latency/status codes. They are tied to a random device ID, never to your pantry contents, and they go only to our own Supabase project — no analytics company ever sees them. Usage sharing is on by default and you can switch it off any time in Settings › Share anonymous usage data.
Each one is requested only when you first use the related feature, and you can revoke it any time in your device settings:
The app does not request location, microphone, contacts, calendar, reminders, health, motion or cross-app tracking permissions.
We use a small set of vendors to run the service. Each is bound by a Data Processing Agreement and processes data only on our instructions.
We do not use Google Analytics, Meta Pixel, TikTok Pixel, Firebase, Sentry, Mixpanel, Crashlytics, PostHog or any other third-party tracker or crash reporter. The only analytics traffic you'll ever see in a network capture goes to our own Supabase project (the first-party diagnostics in 2.7); anything else is a bug — please tell us.
Our primary infrastructure (Supabase, Vercel edge) is configured to host data in the European Economic Area. Anthropic processes API requests in the United States under Standard Contractual Clauses (UK Addendum) and equivalent safeguards. Apple's notification and OS services run on-device and do not constitute a data transfer for the operations we use. We will update this section if any of that changes.
Under UK GDPR you can:
gdpr-export Edge Function for everything we hold server-side.gdpr-delete Edge Function, which cascades through every server table, purges the receipt-image bucket, and signs you out.When you share a recipe via a share-code, the recipe payload (title, description, ingredients, steps) is stored in a publicly readable table indexed only by that code. Anyone with the code can import it. Don't put anything in a recipe you wouldn't want a stranger to see. Share-codes can be revoked from the recipe screen.
iGarde is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.
No system is perfect. If you find a vulnerability, please report it to security@igarde.app.
We do not use cookies for anything. Your data lives in your device's local database (your pantry) and your device's secure local store (your sign-in session). We do not set tracking, advertising or analytics cookies, so no PECR consent banner is required.
We'll update this page when something material changes — a new processor, a new feature, a new region. Substantial changes will be flagged in-app and in your sign-in email at least 14 days before they take effect. The “Effective” date at the top of this page always reflects the current version.
iGarde — hello@igarde.app
For security reports — security@igarde.app
For data-protection requests, mention “GDPR” in the subject so we route it correctly.