Privacy Policy

1. Who we are

Replenishd is a household pantry management app operated by Replenishd ("we", "us", "our") based in Sydney, Australia.

If you have any questions about this policy or your data, contact us at support@replenishd.app.

2. What this policy covers

This policy explains what personal information we collect when you use the Replenishd mobile app, how we use it, who we share it with, and the rights you have over it.

3. Information we collect

3.1 Information you give us

• Email address. We use this to create your account and to send sign-in links. We do not use it for marketing unless you explicitly opt in.
• Household preferences you set during onboarding (household size, shopping pattern, cooking frequency).
• Inventory data you enter or generate by using the app: items, quantities, storage locations, expiry dates, grocery lists, consumption history, and notes about why an item was thrown away or used.
• Receipt photos and PDFs if you choose to scan a receipt with the camera, or import a receipt PDF you've picked from the Files app on your device (for example, a digital receipt saved from a grocery app). Photos and PDFs are processed to extract item information and are not saved to your photo library, copied out of the Files app, or stored on our servers after processing completes.

3.2 Information collected automatically

• Account identifier (a random UUID generated by our authentication provider) used to associate your data with your account.
• App version, device type, and operating system for crash reporting and diagnostics, if you have crash reporting enabled.
• Subscription status (whether you are on a free trial, active subscription, comped account, or none).

3.3 Information we do not collect

• We do not collect your location.
• We do not access your contacts, photo library, calendar, or microphone outside of the explicit features you trigger (e.g. voice quick-add).
• We do not use third-party advertising trackers.
• We do not use analytics that profile individual users.
• We do not sell your data to anyone, ever.

4. How we use your information

We use the information we collect to:

• Authenticate you and keep your data secure.
• Provide the core features of the app — managing inventory, generating shopping lists, suggesting check-ins, and surfacing waste insights.
• Process subscription payments and trial periods.
• Diagnose crashes and improve app stability.
• Communicate with you about your account or critical service changes.

We do not use your data to train AI models or for any purpose unrelated to running the app.

5. Use of AI

Replenishd uses one AI service for one specific feature: parsing receipts — either photos you take with the camera, or PDFs you pick from the Files app on your device. Nothing else uses AI. We want to be precise about this because AI privacy practices vary widely and we'd rather over-explain than be vague.

5.1 Where AI is used

• Receipt scanning (photo). When you take a photo of a receipt to add items to your inventory, we send that image to Anthropic's Claude API with a short instruction asking it to extract item names, quantities, and storage hints. Claude returns structured text. We use that text to suggest items for your inventory; you confirm or edit before anything is saved.
• Receipt scanning (PDF). When you import a receipt PDF by picking it from the Files app on your device — for example, a digital receipt saved from a grocery app — we send that PDF to the same Anthropic Claude API in the same way. Claude returns the same structured text, and you confirm or edit before anything is saved. We only read the file you explicitly pick; we do not browse, list, or otherwise access anything else in your Files app.

That is the entire role of AI in Replenishd. Predictions about when you'll run out of items, expiry warnings, and the shopping list are calculated on your phone from your data — no machine-learning model, no cloud inference.

5.2 What happens to your receipt photos and PDFs

• The image or PDF is sent to Anthropic over an encrypted (TLS) connection.
• We do not store the file after processing — it is held in memory only for the duration of the request and discarded once Claude returns the extracted text.
• The file is not copied to your photo library, copied out of the Files app, written to our servers, or kept in any backup.
• Anthropic's API terms forbid using customer data to train their models. They retain inputs briefly for safety/abuse monitoring under their published policy. See anthropic.com/legal/privacy and anthropic.com/legal/commercial-terms.

5.3 Your choice

Receipt scanning is optional. You can use Replenishd without ever sending a photo or PDF anywhere — just add items by hand or tap from the common-items list. There is no penalty or reduced functionality for skipping AI features.

If you use scanning and later change your mind, no further action is needed: there's no stored file to delete because we never kept one.

5.4 Automated decision-making

Replenishd does not make any decision about you that has a legal or similarly significant effect, with or without AI. The app is a household tool — at most it suggests items for your shopping list, which you control.

6. Where your data is stored

Your data is stored on servers operated by Supabase Inc. in the Sydney, Australia region. Supabase is our database and authentication provider. Their privacy policy is at supabase.com/privacy.

Subscription billing is handled by Apple (for iOS users) and Google (for Android users) through their respective in-app purchase systems. We never see or store your payment details.

When the in-app purchase system is enabled, subscription entitlement state is managed by RevenueCat Inc. Their privacy policy is at revenuecat.com/privacy.

Crash reports, when enabled, are sent to Sentry.

7. Who we share your data with

We share your data only with the service providers listed in section 5, and only to the extent needed to operate the app. We do not sell, rent, or otherwise share your personal information with third parties for their own purposes.

We may disclose information if required by law (e.g. a valid court order) or to protect the rights, property, or safety of Replenishd, our users, or the public.

8. Your rights and choices

You have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete your account and all associated data. You can do this from inside the app under Profile → Delete Account, or by emailing us. Deletion is permanent and removes all of your data from our systems within 30 days.
• Export your data by emailing us.
• Withdraw consent for any optional feature at any time.
• Lodge a complaint with the privacy regulator in your jurisdiction (in Australia, the Office of the Australian Information Commissioner).

To exercise any of these rights, email support@replenishd.app.

9. Australian Privacy Act

Replenishd is operated from Australia and we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) issued by the Office of the Australian Information Commissioner (OAIC).

9.1 How the APPs apply to us

• APP 1 — Open and transparent management. This policy is our open and transparent statement of how we handle personal information.
• APP 3 — Collection. We only collect personal information that is reasonably necessary to provide the Service. The categories are listed in section 3.
• APP 5 — Notification of collection. By accepting this policy when you sign up, you are notified of the matters in APP 5.1 — including who we are, why we collect, who we disclose to, and how to access or correct your data.
• APP 6 — Use and disclosure. We only use and disclose your data for the purposes in section 4 ("How we use your information") or with your consent. We do not use it for direct marketing.
• APP 8 — Cross-border disclosure. Some of our service providers operate outside Australia. See section 15 (International transfers) for the details and safeguards.
• APP 11 — Security. We take reasonable steps to protect your information, as described in section 13 (Security), and to delete or de-identify it when no longer needed.
• APP 12 — Access and APP 13 — Correction. You can access and correct your personal information at any time — see section 8 (Your rights and choices).

9.2 Anonymity and pseudonymity

Where practical, we let you interact with Replenishd without identifying yourself. The app does not require a real name — only an email address for authentication. You can use any email you control. You cannot use the Service entirely anonymously because authentication and subscription management require an identifier.

9.3 Sensitive information

We do not collect "sensitive information" as defined in the Privacy Act (e.g. health, racial, religious, or political information). The closest we come is your medicine inventory, which lists product names and expiry dates only — no health condition, dosage instruction, or prescription information is collected. You choose what to enter; we recommend not including condition-revealing notes.

9.4 Complaints

If you believe we have breached the APPs or the Privacy Act, please contact us first at support@replenishd.app so we can try to resolve the issue. We will respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992

10. EU and UK users (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR. This section explains how we comply.

10.1 Data controller

The data controller for your personal information is Replenishd (see section 1). Contact us at support@replenishd.app for any data protection matter. We have not appointed a Data Protection Officer because the scale and nature of our processing does not require one under Article 37 GDPR; the contact email above reaches the person responsible for data protection within our team.

10.2 Lawful basis for processing

We rely on the following lawful bases under Article 6(1) GDPR:

• Performance of a contract (Art. 6(1)(b)) — for creating your account, authenticating you, syncing your inventory, and processing your subscription. You cannot use the Service without these.
• Legitimate interests (Art. 6(1)(f)) — for crash diagnostics, security monitoring, and product analytics. Our legitimate interest is in keeping the Service stable and secure. You can object to any of these — see section 10.4.
• Consent (Art. 6(1)(a)) — for any optional feature that we add later requiring it (e.g. marketing emails, if we ever offer them). You can withdraw consent at any time without affecting other use of the Service.
• Legal obligation (Art. 6(1)(c)) — where we are required by law to retain or disclose information.

10.3 Your rights as a data subject

In addition to the rights in section 8, GDPR gives you these specific rights:

• Right of access (Art. 15) — confirm whether we hold your data and obtain a copy.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure / "right to be forgotten" (Art. 17) — delete your data, subject to legal retention requirements.
• Right to restriction of processing (Art. 18) — limit how we use your data while a dispute is resolved.
• Right to data portability (Art. 20) — receive your data in a machine-readable format and have it transmitted to another service.
• Right to object (Art. 21) — object to processing based on legitimate interests at any time, including profiling. We will stop unless we have compelling grounds that override your interests.
• Right not to be subject to solely automated decision-making (Art. 22) — Replenishd does not make any such decisions, but you have this right regardless.
• Right to withdraw consent (Art. 7) — at any time, where processing is based on consent.

Email support@replenishd.app to exercise any of these rights. We will respond within one month, as required by GDPR. There is no charge for a request.

10.4 International transfers

Some of our service providers (notably Anthropic, used for receipt scanning) are based in the United States. When your data is transferred outside the EEA/UK, we rely on appropriate safeguards under Article 46 GDPR — typically Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by technical measures (encryption in transit and at rest). See section 15 for the full list of transfer destinations.

10.5 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority — typically the data protection authority in the EU member state where you live, work, or where the alleged infringement took place.

• UK: Information Commissioner's Office — ico.org.uk/make-a-complaint
• Ireland: Data Protection Commission — dataprotection.ie
• Other EU countries: see edpb.europa.eu/about-edpb/members for your local authority

We'd prefer you contact us first so we can try to resolve any issue directly, but you don't have to.

11. Data retention

• Active accounts: we keep your data for as long as your account is open.
• Deleted accounts: all personal data is removed within 30 days of deletion. Anonymised aggregate data (e.g. total active users) may be retained.
• Inactive accounts: if you have not opened the app for 24 months and have no active subscription, we may delete your account after giving you 30 days' notice via email.

12. Children

Replenishd is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

13. Security

We use industry-standard measures to protect your data:

• All data in transit is encrypted using TLS.
• Authentication is passwordless (email magic links) — we never store passwords.
• Database access is restricted to your account only via Row-Level Security policies.
• Production keys are stored in secure environment variables, never in the app code.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

14. International transfers

Replenishd is operated from Australia. Your data may be transferred to and processed in the following countries:

• Australia — primary data storage (Supabase Sydney region).
• United States — Anthropic (receipt-scanning AI), Apple (iOS subscription billing), Google (Android subscription billing), RevenueCat (subscription state management). Crash reporting, if enabled, is also processed in the US.

For users outside Australia, by using the app you consent to your data being transferred to and processed in Australia. For EU/UK users, transfers to non-adequate countries (notably the United States) are protected by Standard Contractual Clauses or equivalent safeguards as described in section 10.4.

15. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app or via email at least 30 days before they take effect. The "Last updated" date at the top of this policy reflects the latest revision.

16. Contact

For any questions, requests, or concerns about this policy or your data, email support@replenishd.app.