Privacy Policy

Introduction

Welcome to AI Grocery List ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered grocery list application (the "Service").

By using AI Grocery List, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you create an account:

• Email Address: Used for account authentication and important service communications
• Password: Encrypted and stored securely via Firebase Authentication
• Display Name: Optional name you provide for family list sharing features

1.2 Shopping Data

We store the following data you provide while using the Service:

• Grocery Items: Items you add to your shopping list
• Purchase History: Historical record of items you've purchased
• Price Information: Prices and stores where you purchased items
• Categories: AI-generated categories for your grocery items
• Family Lists: Shared lists with family members you invite

1.3 Payment Information

For paid subscriptions (Pro and Family plans), we use PayPal for payment processing. We do not store your credit card or payment information on our servers. PayPal handles all payment data according to their privacy policy and PCI-DSS compliance standards.

• Subscription Status: Active/inactive status and plan type
• PayPal Subscription ID: Reference to your PayPal subscription

1.4 Usage and Analytics Data

We collect data about how you interact with our Service:

• Analytics: via PostHog (page views, feature usage, session duration)
• Advertising Analytics: via TikTok Pixel for marketing campaign performance
• Device Information: Browser type, operating system, device type
• IP Address: For security and fraud prevention
• Activity Logs: Family member activities on shared lists

1.5 AI Processing Data

We use Google Gemini AI to categorize your grocery items and provide smart suggestions. When you add items to your list, the item names are sent to Google's Gemini API for processing. Google processes this data according to their AI services privacy policy.

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the AI Grocery List features
• Account Management: To create and manage your user account
• Synchronization: To sync your data across devices in real-time
• AI Features: To categorize items, provide smart suggestions, and analyze spending patterns
• Family Sharing: To enable collaboration with family members on shared lists
• Payment Processing: To manage subscriptions and billing via PayPal
• Analytics: To understand usage patterns and improve the Service
• Marketing: To measure advertising campaign effectiveness (TikTok Pixel)
• Communication: To send service-related notifications and updates
• Security: To detect, prevent, and address fraud and security issues

3. How We Share Your Information

3.1 Third-Party Service Providers

We share your information with the following third-party services:

• Firebase (Google): Authentication, database hosting, and real-time synchronization
• Google Gemini AI: AI-powered item categorization and smart suggestions
• PayPal: Payment processing and subscription management
• PostHog: Analytics and product insights
• TikTok: Advertising analytics via TikTok Pixel
• Netlify: Web hosting and content delivery

3.2 Family Members

When you invite family members to your shared list, they will have access to all items, prices, and activities on that list. You control who has access to your family list.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe such action is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent fraud or security issues
• Protect the safety of users or the public

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via email and/or prominent notice in the app.

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using Google Firebase Cloud Firestore, with servers located in the United States. Firebase employs industry-standard encryption for data at rest and in transit.

4.2 Security Measures

We implement the following security measures:

• End-to-end encryption for data transmission (HTTPS/SSL)
• Encrypted password storage via Firebase Authentication
• Firestore security rules to prevent unauthorized access
• Regular security audits and updates
• Access controls and authentication requirements

4.3 Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access: View all personal data we have about you
• Update: Edit your profile information, email, and display name
• Delete: Request deletion of your account and all associated data
• Export: Download your shopping data in JSON format
• Opt-Out: Disable analytics tracking in your browser settings

5.2 Cookie and Tracking Settings

You can control cookies and tracking technologies through your browser settings. Note that disabling certain cookies may limit functionality of the Service.

5.3 Marketing Communications

We currently do not send marketing emails. If we introduce marketing communications in the future, you will be able to opt out via an unsubscribe link in each email.

5.4 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

5.5 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Say no to the sale of personal information (we do not sell your data)
• Access your personal information
• Request deletion of personal information
• Equal service and price, even if you exercise your privacy rights

6. Children's Privacy

AI Grocery List is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

We ensure appropriate safeguards are in place for international data transfers, including relying on Google Firebase's compliance with EU-US and Swiss-US Privacy Shield frameworks.

8. Third-Party Links and Services

Our Service may contain links to third-party websites or services (such as PayPal for payments). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for significant changes)
• Displaying an in-app notification upon your next login

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

11. Data Processing Legal Basis

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you requested
• Consent: For analytics and marketing tracking (you can withdraw consent anytime)
• Legitimate Interests: To improve our Service and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations