Grocery About How It Works Watch Guide Rate Us Contact Us Privacy Policy Terms of Use

Legal

Privacy Policy

This Privacy Policy explains how Grocery collects, uses, and protects information when you use our mobile app and related services. This is an interim policy and should be finalized with legal counsel before public launch.

1. Who we are

Grocery is provided by Startups Engineering ("we", "us", or "our"). For privacy requests, contact us via contact form.

2. Information we collect

  • Account data: name, email address, password hash, and account verification status.
  • App content: grocery lists, list items, purchase events, calendar entries, and optional attachments metadata.
  • Device data: push notification token and device metadata (for notification delivery and device management).
  • Support data: information you submit through the contact form (name, email, subject, message).
  • Security and operational data: authentication artifacts (for example password reset and email verification codes in hashed form), logs, and request metadata needed to secure and operate the service.

3. How we use information

  • Provide core app features and synchronize your data across devices.
  • Authenticate users, secure accounts, and prevent abuse.
  • Send service notifications (including grocery-list related push notifications).
  • Respond to support inquiries and service requests.
  • Monitor, troubleshoot, and improve service reliability.

4. Legal basis and consent

We process personal data as needed to perform our contract with you (provide the app), to meet legal obligations, and for legitimate interests such as security and fraud prevention. Where required by law, we request consent.

5. Third-party services

To provide and optimize our service, we share limited data with the following categories of third-party providers:

  • Cloud Infrastructure: We use Microsoft Azure to host our backend servers and database. Your data is stored securely in their data centers. (Azure Legal)
  • Communications: We use SMTP services for transactional email delivery and Firebase Cloud Messaging (Google) to deliver push notifications. These services process your device tokens or email addresses only to facilitate communication. (Firebase Privacy)

These providers are authorized to use your information only as necessary to provide these services to us and are contractually obligated to keep your information confidential.

6. Data retention

We retain personal data only as long as necessary for service delivery, security, legal compliance, and legitimate business operations. Retention periods may differ by data type.

7. Account and data deletion

You can request account deletion from within the app. Deletion removes the account and related application data under our normal deletion flows. Some limited records may be retained where required for security, legal, or dispute-resolution purposes.

8. Security

We use reasonable technical and organizational measures to protect personal data, including hashed password storage, access controls, and transport security. No method of transmission or storage is completely secure.

9. Children's privacy

The service is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children in violation of applicable law.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict use of your data, and to object to certain processing. To exercise these rights, contact us at [privacy@your-domain.com].

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post updates on this page. Effective date: 2026-05-19.