ChefVault Privacy Policy

Effective date: 2026-06-04

Who operates ChefVault

ChefVault is an iOS application operated by Adriano Simoncini, an individual developer based in Kazakhstan. You can reach me at z.simoncini@gmail.com for any privacy-related question or request.

ChefVault is intended for users aged 18 and over. The app is not directed at children, and I do not knowingly collect personal information from anyone under 18.

What this policy covers

This policy describes what information the ChefVault iOS application collects, how it is used, who it is shared with, and what choices you have. It applies only to the ChefVault mobile app — websites or services linked from within the app have their own policies.

Information you provide

When you create an account, you provide:

• Email address — used to sign you in and recover your account
• Display name — shown to other members of any household you join

When you use the app, you may also provide:

• Pantry contents — names, quantities, expiration dates, and categories of food items you add
• Shopping list contents — items you add to lists
• Dietary preferences — allergens, dietary restrictions, household preferences
• Meal plans, saved recipes, and cooking history — recipes you generate, save, or mark as cooked
• Household membership — which household(s) you belong to and your role within them

This data is stored in our backend database (Supabase) under your account. If you join or create a household, the household’s pantry and shopping list are visible to other members of that household.

Information collected automatically

• Authentication tokens to keep you signed in between sessions
• Push notification tokens — only if you grant notification permission — to deliver expiry reminders and household activity alerts
• Anonymized usage events stored locally on your device, used for internal product metrics. These events are not transmitted to any third-party analytics service.

Third-party services used

ChefVault uses the following third parties to provide specific features. When you use these features, relevant data is sent to the named partner:

Core infrastructure

• Supabase — Backend database, authentication, and real-time sync. All persisted account data is stored in Supabase. Supabase privacy policy: https://supabase.com/privacy

AI processing

• Anthropic (Claude API) — Recipe generation, ingredient parsing, and receipt classification. When you ask the app to generate recipes or scan a receipt, the relevant data (your dietary preferences, the contents of your pantry, the receipt image you scan) is sent to Anthropic’s API for processing. Anthropic privacy policy: https://www.anthropic.com/legal/privacy
• Google (Gemini Vision API) — Image-based scanning of grocery items and fridge contents. When you use the camera scan feature, the image is sent to Google’s Gemini API for recognition. Google privacy policy: https://policies.google.com/privacy

Location and store discovery

• Google Places API — Finding nearby grocery stores. When you tap to find stores nearby, your device’s location is sent to Google Places to return results. Same Google privacy policy as above.

Recipe and nutrition data

The app fetches recipe and nutrition information from the following public databases. These requests contain anonymized food queries (such as ingredient names, recipe IDs, or product barcodes). They do not contain your email, account information, or any identifier linking the query back to you.

• TheMealDB (themealdb.com) — Public recipe database
• Edamam (edamam.com) — Recipe data provider. Edamam privacy policy: https://www.edamam.com/privacy
• Spoonacular (spoonacular.com) — Recipe data provider. Spoonacular privacy policy: https://spoonacular.com/food-api/terms
• USDA FoodData Central (api.nal.usda.gov) — Public nutrition database operated by the US Department of Agriculture
• Open Food Facts (world.openfoodfacts.org) — Public product and nutrition database. Open Food Facts terms: https://world.openfoodfacts.org/terms-of-use

Image handling

Receipt and product images you scan are processed transiently. The image is sent to the AI processing partner (Anthropic or Google), the recognition result is returned to your device, and the image bytes are not stored on our servers.

Location handling

Your device’s location is requested only when you tap to find nearby stores. The location is sent to Google Places for that request and is not stored on our servers or on your device beyond the active search.

What we do NOT collect or do

• We do not use third-party analytics services
• We do not use crash reporting services
• We do not display advertising
• We do not sell, rent, or trade your personal information
• We do not track you across other apps or websites
• We do not use tracking pixels, cookies, or advertising identifiers

How long we keep your data

• Account data (email, profile, pantry, shopping lists, meal plans, household membership) is kept while your account is active.
• Push notification tokens are kept while you have notifications enabled and removed when you disable them or sign out.
• Scanned images are not retained on our servers (see Image handling above).
• Local usage events are kept on your device only and are removed when you uninstall the app.

Your choices

• Notifications — You can disable notifications at any time from your device’s settings or from within the app’s notification settings.
• Camera and location — You can revoke camera and location permission at any time from your device’s settings. Features that depend on those permissions will be unavailable until you re-enable them.
• Household membership — You can leave a household at any time, which removes your access to its shared pantry and lists.
• Account deletion — To delete your account and all associated data, please contact me at z.simoncini@gmail.com. I will delete your account and confirm the deletion within 30 days. An in-app deletion option is planned for a future update.
• Access to your data — To request a copy of the data ChefVault holds about you, please contact me at the email above.

Changes to this policy

I may update this policy from time to time. Material changes will be announced via in-app notification or email at least 7 days before they take effect. The effective date at the top of this policy will be updated whenever it changes.

Governing law

This policy and your use of ChefVault are governed by the laws of the Republic of Kazakhstan.

Contact

For any question about this policy, your data, or to make a request: z.simoncini@gmail.com