Privacy

Your pantry. Your data.

iGarde is designed to keep your shopping, your receipts, and your meal plan in your hands. This page explains, in plain English, what we collect, why, and the choices you have.

Effective 19 June 2026 UK / GDPR Version 1.3

The short version

1. Who we are

iGarde (“we”, “us”) is a UK-based pantry and meal-planning application available at igarde.app. We are the data controller for any personal data you give us under the UK GDPR and the Data Protection Act 2018.

You can reach us at hello@igarde.app for any privacy question. Plain-text emails are fine; we don't need a form.

2. What we collect, and why

We try to collect the bare minimum to make the app work. The categories below are exhaustive for the consumer product — if we ever add new ones, we'll update this page first.

2.1 Account data required to sign in

You can use iGarde without signing in — without an account, nothing leaves your device, and there's nothing on our servers to lose.

2.2 Pantry data your content

This lives in a local database on your device, protected by the operating system's standard at-rest encryption (accessible only after you unlock the device). When you're signed in, the same rows replicate to our Supabase database so they appear on your other devices and to anyone else in your household. Pantry, meals, shopping list, receipts and receipt line items are scoped to the household; recipes and favourites are scoped to you.

2.3 Receipts sensitive

OCR is on-device. The iOS app uses Apple's Vision framework; the web app uses Tesseract.js running in your browser. The raw receipt image is never sent to an OCR service — not ours, not Apple's, not anyone else's.

If you're signed in, two things travel to our backend after a scan:

If you're not signed in, neither of the above happens — the scan, the OCR and the parsed items stay on your device.

2.4 Notifications optional

Expiry reminders are scheduled locally by the app on your device — they fire from your device's own clock. We do not register a remote push token and we do not run a push server; nothing about your notifications touches our servers or any push relay. You can revoke notification permission from your device settings at any time.

2.5 Operational logs

We keep short-lived server logs (typically 30 days) of errors and rate-limited requests so the service stays up. Logs are minimised — no full request bodies, no receipt contents, no message bodies. Anthropic, as our processor, keeps its own short logs of API calls under its standard terms.

2.6 What we do not collect

2.7 Anonymous usage & crash diagnostics first-party, opt-out

To see which features are used and catch crashes, the app records a small set of first-party events — things like “app opened”, “receipt scanned”, “paywall viewed”, plus crash breadcrumbs and request latency/status codes. They are tied to a random device ID, never to your pantry contents, and they go only to our own Supabase project — no analytics company ever sees them. Usage sharing is on by default and you can switch it off any time in Settings › Share anonymous usage data.

2.8 Permissions we ask for

Each one is requested only when you first use the related feature, and you can revoke it any time in your device settings:

The app does not request location, microphone, contacts, calendar, reminders, health, motion or cross-app tracking permissions.

3. Legal bases (UK GDPR Art. 6)

4. Third-party processors

We use a small set of vendors to run the service. Each is bound by a Data Processing Agreement and processes data only on our instructions.

We do not use Google Analytics, Meta Pixel, TikTok Pixel, Firebase, Sentry, Mixpanel, Crashlytics, PostHog or any other third-party tracker or crash reporter. The only analytics traffic you'll ever see in a network capture goes to our own Supabase project (the first-party diagnostics in 2.7); anything else is a bug — please tell us.

5. International transfers

Our primary infrastructure (Supabase, Vercel edge) is configured to host data in the European Economic Area. Anthropic processes API requests in the United States under Standard Contractual Clauses (UK Addendum) and equivalent safeguards. Apple's notification and OS services run on-device and do not constitute a data transfer for the operations we use. We will update this section if any of that changes.

6. How long we keep things

7. Your rights

Under UK GDPR you can:

8. Sharing recipes with other users

When you share a recipe via a share-code, the recipe payload (title, description, ingredients, steps) is stored in a publicly readable table indexed only by that code. Anyone with the code can import it. Don't put anything in a recipe you wouldn't want a stranger to see. Share-codes can be revoked from the recipe screen.

9. Children

iGarde is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.

10. Security

No system is perfect. If you find a vulnerability, please report it to security@igarde.app.

11. Storage and cookies

We do not use cookies for anything. Your data lives in your device's local database (your pantry) and your device's secure local store (your sign-in session). We do not set tracking, advertising or analytics cookies, so no PECR consent banner is required.

12. Changes to this policy

We'll update this page when something material changes — a new processor, a new feature, a new region. Substantial changes will be flagged in-app and in your sign-in email at least 14 days before they take effect. The “Effective” date at the top of this page always reflects the current version.

Talk to us

iGarde — hello@igarde.app

For security reports — security@igarde.app

For data-protection requests, mention “GDPR” in the subject so we route it correctly.