Privacy Policy

Introduction

At Chive, we believe managing your kitchen should be simple and private. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Chive app (the "App").

We take your privacy seriously. We don't sell your data. We don't share it with third parties for marketing. We're transparent about what we collect and why.

1. Information We Collect

Account Information

When you create a Chive account, we collect:

• Name
• Email address
• Authentication method (Sign in with Apple, Google, or email/password)
• Profile picture (optional)
• Push notification preferences

We use third-party authentication providers (Apple and Google) to make sign-up easy and secure. If you sign in with Apple or Google, we receive your name and email address. We don't store your password if you use Apple or Google authentication.

Pantry and Inventory Data

When you use Chive, we collect:

• Items you add to your pantry (product names, brands, quantities)
• Storage locations (zones like "Fridge," "Freezer," "Pantry")
• Expiry dates and purchase dates
• Categories and custom labels
• Notes and photos you attach to items
• Allergen information and dietary preferences
• Nutritional data linked to items

Purchase and Grocery List Data

We collect:

• Items on your grocery lists
• Quantities needed
• Purchase history: what you bought, when, where, and at what price
• Store or merchant names (e.g., "Costco," "Whole Foods")
• Order data you manually share from Instacart

We use this data to help you track spending, plan meals, and avoid overbuying.

Receipt and Photo Data

When you scan receipts or take photos of items, we process them using image recognition to extract text and identify products.

Image Retention and Storage

Photos of receipts and items are uploaded to Supabase cloud storage for your reference. You can review and delete stored photos at any time. We strip location metadata (EXIF GPS data) from photos before uploading to cloud storage to protect your privacy.

When photos are processed, we extract:

• Product names and descriptions
• Quantities
• Prices
• Expiry dates (if visible)
• Brand information

The extracted data is retained in your pantry inventory as long as your account is active. Original photo files remain in cloud storage until you delete them or delete your account.

Barcode Data

When you scan barcodes, we collect the barcode number and link it to product information in our database.

AI Assistant Conversation History

When you chat with Chive's AI assistant (powered by Claude), we collect:

• Your questions and messages
• The assistant's responses
• Context about your pantry and inventory that you share during the conversation (to help Claude provide relevant advice)

We share this conversation context with Anthropic's Claude API to enable the AI features. See Section 8 for more details on AI data handling.

App Usage and Analytics

We collect limited analytics data:

• How you use the app (which features you access, how often)
• Crash reports and errors (to fix bugs)
• Device type and operating system version

We do not track your location. We do not create a detailed profile of your behavior.

Household and Multi-User Data

When you create a household in Chive or invite other users:

• We store the list of household members
• We share pantry inventory, grocery lists, and purchase history with all members of your household
• Each user has their own account and can be removed from the household
• Each user's conversation history with the AI assistant is private to that user

2. How We Use Your Information

We use your information to:

• Provide core app features (tracking pantry items, managing grocery lists, scanning receipts)
• Deliver AI-powered assistance through Claude
• Send you push notifications (based on your preferences, like expiry alerts or low-stock reminders)
• Improve the app (fixing bugs, analyzing which features are most useful)
• Detect and prevent fraud or abuse
• Comply with legal obligations

We don't use your data to:

• Build profiles for marketing or targeted advertising
• Sell to third parties
• Train AI models on your personal data
• Share with anyone except the third-party services listed in Section 3

3. Lawful Basis for Processing (Canada)

Under PIPEDA, we rely on the following legal bases to process your personal information:

• Your Consent: When you create an account or use the AI assistant, you consent to collection and processing of account information, pantry data, and AI conversation history.
• Contractual Necessity: We process your information to provide the Chive service and fulfill your subscription.
• Legal Obligation: We process information to comply with applicable laws and regulations.
• Legitimate Business Interests: We use analytics to improve app functionality, detect fraud, and ensure service security.

You can withdraw consent for non-essential processing at any time through app settings. However, withdrawal of consent for essential services (account information, pantry data) will require account deletion. You can opt out of analytics and AI features independently.

4. How We Share Your Information

Third-Party Services

We share limited information with:

Anthropic (Claude AI): When you use the AI assistant, we send your messages and relevant pantry context to Anthropic's API. Anthropic uses this data to provide the response, but does not use your conversations to train or improve Claude. Your conversations are subject to Anthropic's privacy policy as well. See Section 8 for details.

Apple and Google: We use their authentication services. They receive your name and email address when you sign in. They are subject to their own privacy policies.

Push Notification Services: We use Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to send you notifications. These services receive notification preferences and device tokens, but not your pantry data.

Supabase: We use Supabase cloud infrastructure to store photos and backup data. Supabase is our cloud storage provider and is subject to their privacy policies.

We do not directly connect to Instacart or other services. You manually paste Instacart order data into the app if you choose to import your orders.

Household Sharing

If you add other household members to your kitchen in Chive, they can see:

• Your pantry inventory
• Grocery lists
• Purchase history
• Photos and notes you've added to items

You control who can access this data by managing household membership.

Legal Requirements

We may disclose your information if required by law (subpoena, warrant, court order) or if we believe in good faith that disclosure is necessary to:

• Comply with legal obligations
• Protect the safety of our users
• Investigate fraud or violation of our Terms of Service

5. Data Storage and Security

Where Your Data Is Stored

Your data is stored on secure servers. We use standard industry practices to protect your information, including encryption in transit and at rest. Photos are stored on Supabase cloud infrastructure.

Data Breach Notification

If we discover that your personal information has been compromised due to a security breach, we will:

• Notify you without undue delay (within 30 days or as required by law)
• Provide details of the breach, including what information was compromised and what steps we have taken
• Contact you via the email address on file or through the app
• Cooperate with law enforcement and relevant data protection authorities as required

If the breach affects a large number of users or involves sensitive information, we may also notify affected users through public announcement.

If you believe you have been a victim of a breach, please contact privacy@chivepantry.app immediately.

Retention

We store your data for as long as you have an active Chive account.

Deleted Accounts: Upon account deletion:

• We delete your data from our primary database within 48 hours
• Backup copies may be retained for an additional 30 days for data recovery and security purposes, then deleted
• Analytics and aggregated usage data may be retained indefinitely in de-identified form (not linked to your identity)
• Error logs and crash reports containing your data are deleted within 30 days of account deletion

Household Data: If you are removed from a household, your contributions to the household pantry remain visible to other members. You have 30 days to request a copy of your contributions before they are considered jointly owned household data.

Security Measures

We take reasonable steps to protect your information:

• Encrypted transmission (HTTPS/TLS)
• Encrypted storage for sensitive data
• Regular security audits
• Limited employee access to personal data

However, no security measure is perfect. We cannot guarantee absolute security.

6. Your Privacy Rights and Controls

Access and Portability

You have the right to access your data and request a copy of it in a portable format. Contact us at privacy@chivepantry.app to request your data.

Deletion

You can delete individual items from your pantry at any time. You can delete your entire account and associated data through the app settings. We will delete your data within 48 hours, except where required by law.

Preferences

You control:

• Whether to receive push notifications
• Whether to use the AI assistant
• Who can access your household data
• Whether to import Instacart orders or other data

Offline Use

Chive's core features (viewing and managing your pantry, grocery lists) work offline. You don't need to connect to the internet for basic functionality.

7. Children's Privacy (COPPA Compliance)

Chive requires users to be at least 13 years old. We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13.

For Children Under 13

• Chive is not designed for children under 13
• We do not knowingly collect personal information from anyone under 13
• If a parent or guardian believes their child under 13 has created an account or provided information to Chive, please contact privacy@chivepantry.app immediately
• Upon notification or discovery, we will delete the child's account and all associated data within 30 days
• We will not use any data inadvertently collected from children under 13 for any purpose

For Children and Teens 13-17

• Chive is available to users age 13 and older
• If you are under 18, you must have your parent or guardian's permission to use Chive
• By using Chive, you confirm that a parent or guardian has reviewed and consented to these terms

Reporting Children's Privacy Concerns

If you believe Chive has collected information from a child under 13 in violation of COPPA, or if you have privacy concerns about a teen user, please report it immediately to privacy@chivepantry.app. We will investigate and respond within 10 business days.

8. International Data Transfers and GDPR

If you access Chive from outside the United States, your data may be transferred to, stored in, and processed in the United States. By using Chive, you consent to this transfer.

GDPR (European Union)

If you are a resident of the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your data
• Right to correct inaccurate data
• Right to request deletion ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with your local data protection authority

We process your data based on:

• Your consent (for most uses)
• Legitimate business interests (fraud prevention, improving the app)
• Legal obligations
• Contractual necessity

To exercise these rights, contact privacy@chivepantry.app. We will verify your identity and respond within 30 days. For complex requests, we may extend the timeline by an additional 30 days with notice.

CCPA (California)

If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of the sharing of personal information
• Right to non-discrimination for exercising your rights

Chive does not sell your personal information. We do not "sell" your data under CCPA's definition. However, sharing with service providers like Anthropic for AI assistance or Apple/Google for authentication may constitute "sharing" under CPRA. You have the right to opt out.

To exercise these rights, contact privacy@chivepantry.app. Include your name, email, and description of your request. We will verify your identity and respond within 45 days.

9. AI and Claude Data Handling

How Claude Processes Your Data

When you use Chive's AI assistant, your messages and pantry context are sent to Anthropic's Claude API. Here's what happens:

• Your message is processed by Claude to generate a response
• Your pantry inventory and grocery data are sent to Claude only if relevant to your question
• Claude processes this information and returns a response to you
• The response is delivered back through the Chive app

Training and Model Improvement

Your conversations are not used to train or improve Claude. Anthropic does not use your chat history to make Claude smarter or better. Your data remains private and is not part of any machine learning training process.

Anthropic retains your conversation data briefly for safety and abuse detection purposes, then deletes it. Anthropic may review conversations to detect harmful content or policy violations. For more details on Anthropic's data practices, see their privacy policy at https://www.anthropic.com/privacy.

Limitations and Risks

• While Chive sends pantry data to Claude only when relevant to your question, once transmitted to Anthropic, that data is subject to Anthropic's data security and handling practices
• Anthropic may be required to disclose your conversation data in response to lawful legal process (subpoena, court order, law enforcement request)
• If Anthropic's systems are compromised, your pantry data could be exposed. Anthropic maintains security measures but cannot guarantee absolute protection
• Chive is not responsible for how Anthropic handles, retains, or discloses your data once transmitted to their API

Disabling AI Features

You can choose not to use the AI assistant. All other Chive features work without sending any data to Anthropic.

10. Household Data Ownership and Deletion

Data Ownership: You own the pantry data you personally add (items, photos, notes you create). However, once added to a shared household, all household members can view and edit that data. Chive treats the household pantry as jointly owned by all active members.

Individual Account Deletion: When you delete your individual account but remain in a household, your user profile is removed, but pantry items you added remain in the household inventory (since other members may rely on this data). Your conversation history with the AI assistant is deleted.

Household Deletion: When the household creator deletes their account, the household is deleted and all associated pantry data is removed. All household members lose access.

Data Portability for Household Members: Before deleting your account, you can export your personal data (including all pantry data visible to you) through app settings. This export is available in standard format (CSV/JSON).

Removal from Household: If you are removed from a household by another member, you lose access to household data but can request a copy of any items you personally added by contacting privacy@chivepantry.app within 30 days.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or by posting a notice in the app. Your continued use of Chive after changes means you accept the new policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For privacy-related questions: privacy@chivepantry.app

For legal or terms questions: legal@chivepantry.app

We will respond to privacy inquiries within 10 business days.

Last Updated: April 1, 2026