CartSense

Privacy Policy

Last Updated: November 30, 2025

CartSense ("we," "our," or "us") provides a meal-planning and grocery-assistant service that helps users generate meals, build shopping lists, and connect with third-party grocery services like Kroger. This Privacy Policy explains how we collect, use, store, and share your information when you use the CartSense application and website (the "Service").

By creating an account or using CartSense, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We may collect the following information when you create an account or use CartSense:

Account Information

  • Name
  • Email address
  • Password (securely stored by Firebase; we never see or store your raw password)

User Preferences

  • Diet type
  • Food allergies
  • Sensitivities
  • Grocery location preferences (e.g., Kroger store ID)

Prompts & Meal Data

  • Meal prompts you submit
  • Meals generated for you
  • Saved meals
  • Shopping list items you create
  • Meal selections and replacements

Diet Instruction Uploads (if enabled in the future)

  • Photos or documents you upload containing food restrictions
  • Any text or content extracted from them

(This feature is not currently HIPAA-regulated; see Section 8.)

1.2 Automatically Collected Information

When you use CartSense, we automatically collect:

  • IP address
  • Device information
  • Browser type
  • App usage data (pages visited, actions taken)
  • Error and performance logs

This is used to improve app performance and security.

1.3 Third-Party Integrations

If you connect your Kroger account:

Kroger API Data

  • Your Kroger account ID
  • Access tokens required for adding items to your Kroger cart
  • Selected store information
  • Product data (pricing, aisle, availability)

CartSense does not store your Kroger login credentials.

If you use Instacart through CartSense:

Instacart API Data

  • Recipe and shopping list information (ingredient names, quantities)
  • Generated shopping links

CartSense does not have access to your Instacart account credentials or purchase history. All transactions are completed directly on Instacart's platform.

2. How We Use Your Information

We use your information to:

  • Generate meals that fit your preferences and allergies
  • Suggest grocery products from Kroger
  • Build and save shopping lists
  • Add items to your Kroger cart when requested
  • Improve accuracy of meal generation
  • Provide customer support
  • Send important service-related notifications
  • Prevent fraud and maintain app security

We never sell your personal data.

3. How We Use AI (OpenAI)

When you submit a meal prompt or upload dietary instructions, we may send:

  • The text of your prompt
  • Your dietary preferences
  • Food allergies
  • High-level nutritional goals
  • Optional extracted text from diet instructions (if uploaded)

We do not send:

  • Your email
  • Your full profile
  • Payment information
  • Kroger account data
  • Sensitive personal identifiers

OpenAI processes this information to generate meal suggestions. Their models do not train on your data.

4. How We Store and Protect Your Data

Your data is stored securely in Firebase/Firestore, protected by:

  • Encryption at rest and in transit
  • Firebase Authentication security
  • Firestore security rules restricting access to your data only
  • Role-based access controls on our infrastructure

We take commercially reasonable measures to prevent unauthorized access.

5. Sharing Your Information

We only share information when necessary to provide the service:

With Kroger

To add items to your Kroger cart, we share:

  • Product IDs
  • Quantities
  • Your authenticated access token

We do not share personal profile data with Kroger beyond what is required to complete API actions.

With Instacart

To generate shopping links, we share:

  • Ingredient names and quantities
  • Recipe titles and instructions (when applicable)

We do not share personal profile data, email addresses, or account information with Instacart. All purchases are completed directly on Instacart's platform.

With OpenAI

Only prompt-related text is shared (see Section 3).

With Service Providers

Such as:

  • Firebase (authentication + database)
  • Error logging tools
  • Analytics (if enabled later)

These providers only access data necessary for their function.

We never sell your data to advertisers.

6. Your Rights

Depending on your region, you may have the following rights:

  • Access your data
  • Correct your information
  • Delete your account
  • Export your data
  • Opt out of analytics or marketing emails
  • Revoke third-party access (e.g., Kroger)

You can request deletion anytime by contacting us at: support@cartsense.app

7. Data Retention

We keep your data only as long as necessary to provide the service.

After account deletion:

  • Personal profile data is deleted immediately
  • Shopping lists and saved meals are removed
  • Access tokens for Kroger are revoked
  • Backups may retain encrypted, inaccessible versions for up to 90 days

8. Medical Information Disclaimer

CartSense is not a medical device and is not HIPAA-regulated.

If you upload photos of diet instructions or enter health-related preferences:

  • These are used solely to filter meal suggestions
  • They are not reviewed by medical professionals
  • You should consult your doctor for medical or dietary decisions

9. Children's Privacy

CartSense is not intended for children under 13.

We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy as the app evolves.

We will notify you of changes through the app or by email.

11. Contact

If you have questions, contact us at: support@cartsense.app