Privacy Policy for NanaPantry
Effective date: 2026-06-02 Last updated: 2026-06-02
The short version
NanaPantry is a chat-first kitchen companion app (the AI assistant inside it is named “Nana”). To run, it needs to know who you are (an email + name), what’s in your pantry and shopping list, and what you say to Nana in chat. Here’s the honest summary of what happens with that data:
- Your account info, pantry items, and shopping list are stored on Google’s cloud infrastructure (Firebase) in the United States.
- Your chat messages and voice transcripts are processed by Google’s Gemini AI service to generate Nana’s responses. On supported iPhones with Apple Intelligence enabled, some interactions may run entirely on your device.
- We do not sell your data to anyone. We do not run advertising in NanaPantry. We do not use third-party tracking services.
- You can delete your account and all your data at any time from Profile → Account → Delete Account.
- You can export your pantry history as CSV from Profile → Data Storage.
Below is the full detail on what we collect, why, and what your rights are.
1. Who we are
NanaPantry is operated by Omar Ghaleb, an individual developer based in Canada. For the purposes of Canadian PIPEDA, EU GDPR, UK GDPR, and California CCPA, Omar Ghaleb is the data controller of NanaPantry user data.
Contact for privacy questions, data access requests, or deletion: support@nanapantry.com
2. Information we collect
2.1 Information you give us directly
| What | Why we need it | Source |
|---|---|---|
| Email address | To create your account and let you sign in | Sign-Up form / Apple Sign-In / Google Sign-In |
| Display name | To personalize the app (“Hi, Sarah!”) and label items in shared household pantries | Sign-Up form / extracted from Apple/Google identity |
| Pantry items | The core service — tracking what you’ve added | You add them via chat, voice, or manual entry |
| Shopping list items | Same — core service | You add them via chat, voice, or manual entry |
| Chat messages with Nana | To respond and to take actions (like adding an item) | You type or speak them |
| Household membership data | To share your pantry with family if you choose to | You create or join a household via an 8-character invite code |
| Notification preferences | To send you the alerts you want, when you want them | You configure them in Profile → Notifications |
| Custom location names (“Home Fridge”, “Office”) | To organize items by where they live | You enter them in Profile → Locations |
2.2 Information collected automatically
| What | Why | How |
|---|---|---|
| App usage events | To understand which features get used and which need work | Our analytics service records events tagged with a pseudonymous account identifier (your Firebase user ID — not your email or name) |
| Crash reports | To find and fix bugs | Our crash-reporting service records the crash details tagged with a pseudonymous account identifier (your Firebase user ID — not your email or name) |
| Device info | To diagnose issues and adapt the app to your device | iOS version, device model, app version, locale |
| Push notification token | To send you reminders | Apple Push Notification Service registers a device token |
| Subscription status | To know whether you’re a Pro user | StoreKit transactions verified by Apple — Apple sends us a transaction receipt but no payment card info |
2.3 What we do NOT collect
- We do not collect your payment card information. All purchases go through Apple’s StoreKit; Apple handles your payment data and we only receive a transaction ID confirming the purchase.
- We do not access your contacts, photos, or camera.
- We do not collect precise location data. The “Locations” feature in the app is just user-named labels like “Home Fridge” — no GPS coordinates are stored.
- We do not use any third-party advertising or tracking SDKs. There is no advertising in NanaPantry.
- We do not store your voice audio or send it to our servers. When you speak to Nana, your voice is transcribed to text by Apple’s speech recognition (on your device, or on Apple’s servers when on-device dictation isn’t available); only the resulting text reaches our backend and is saved with your chat history. Your raw audio never reaches our servers or Google.
3. How we use your information
We use the information we collect to:
- Run the app — show your pantry items, let Nana respond to chat, send you expiry reminders, share your pantry with your household if you’ve joined one.
- Improve the app — analyze which features are used and where users get stuck, so we know what to build and fix next.
- Fix bugs — investigate crashes and errors via Crashlytics.
- Communicate with you — send push notifications you’ve opted into (item expiry reminders, household activity, etc.). We do not send marketing email and do not sign you up for any newsletter.
- Process payments — record your subscription status so Pro features unlock for you.
We do not:
- Sell your data to data brokers or anyone else.
- Use your pantry items or chat messages to train AI models — see the AI section below for details on what happens with your chat data.
- Run targeted advertising.
- Share your data with anyone except the third-party processors listed in Section 5.
4. AI and chat — exactly what happens with your messages
This is the section that matters most, because Nana’s whole value is AI chat. Here’s what happens, in plain English:
4.1 Cloud chat (default for most users)
When you send a message to Nana in chat:
- Your iPhone sends the message to our backend service, hosted in the US.
- Our backend forwards your message to Google’s Gemini AI service for processing.
- Gemini returns a response, which our backend streams back to your iPhone.
- The message and response are saved to your chat history so you can see them later.
Google’s data handling for Gemini: We use the paid tier of the Gemini API. Under Google’s Gemini API Additional Terms of Service, content you send on the paid tier is not used to train Google’s AI models and is not retained beyond a short period needed to deliver the response and to detect abuse. See that page for the authoritative version.
4.2 On-device processing (supported iPhones)
On supported iPhones with Apple Intelligence enabled, some interactions may be processed entirely on your device without leaving your iPhone. Whether this happens depends on your device, your iOS version, and the type of interaction. We have no visibility into anything processed on-device.
4.3 Voice input
When you tap the mic to speak to Nana, your voice is transcribed to text by Apple’s speech recognition (the system SFSpeechRecognizer) — not by us:
- On devices that support on-device dictation, transcription happens entirely on your device and the audio never leaves it.
- Otherwise, Apple may process the audio on Apple’s speech-recognition servers to produce the transcript, governed by Apple’s Privacy Policy.
The audio is used only to produce that transcript. Your raw voice audio is never sent to our servers or to Google, and we never store it — only the resulting text transcript reaches our backend (and, for cloud chat, on to Gemini as text).
4.4 What’s never shared with the AI
- Your email address is never sent to the AI service.
- Your payment or subscription details are never sent to the AI service.
- Other users’ chat messages are never sent to your AI session — your chat history is private to you.
- Household members can see the pantry items you’ve added (because that’s the point of household sharing) but not your chat messages — your chat is private even within a shared household.
5. Third parties we share data with
We share data only with these service providers, only for the purposes described:
| Provider | What they get | Why | Where data lives |
|---|---|---|---|
| Google Firebase | Account info, pantry and shopping items, chat messages, push tokens, analytics events, and crash reports | Backend infrastructure: authentication, database, push delivery, analytics, crash reporting | Google Cloud, United States |
| Google Gemini | Chat messages and voice transcripts you send to Nana | AI responses | Google Cloud, United States |
| Apple | Subscription transaction info, push notification delivery, Sign in with Apple authentication (no Apple password is ever shared with us) | App distribution, in-app purchases, notifications, optional sign-in | Apple data centers |
| Google (only if you use Sign in with Google) | An OAuth token confirming your Google identity (no Google password is shared with us) | Optional sign-in | Google data centers |
We do not use any other third-party processor. We do not share data with marketing partners, ad networks, or data brokers.
Sharing within a household. If you create or join a household, the other members of that household can see the shared pantry’s items and the email address and display name on your account (they appear in the household member list). This is inherent to household sharing — if you’d rather not share your email with a group, don’t join a household. Your chat with Nana is never shared with household members.
6. Where your data is stored, and how it’s protected
6.1 Storage location
Your data is stored on Google Cloud infrastructure in the United States via Firebase. As a Canadian operator and as a user-facing service, this means your data crosses the Canadian border into the US. This is a typical cross-border data transfer for any app built on a major cloud platform.
6.2 Security measures
- Encryption in transit: all communication between the NanaPantry app and our backend uses HTTPS / TLS.
- Encryption at rest: Google encrypts all stored data at rest using infrastructure-level encryption.
- Authentication: passwords are never stored in plain text — our authentication provider handles cryptographic hashing on our behalf. If you sign in with Apple or Google, we never see your password at all.
- On-device encryption: sensitive content stored on your device (such as notification history) is encrypted using industry-standard cryptography, with the encryption key held in your iPhone’s secure storage (Keychain).
- Server-side access controls: rules on our backend enforce that each user can only read and write their own data; household members can only read the household pantry they belong to.
6.3 Breach notification
If we become aware of a security breach affecting your personal data, we will notify you by email (sent to the address on file) and post a notice in the app within a reasonable time, in accordance with PIPEDA and applicable laws.
7. Your rights and choices
You have the following rights with respect to your data:
7.1 Rights everyone has
- Access — see what data we hold about you. Use Profile → Data Storage → Export Data to download a CSV of all your pantry history. For a complete dump including chat messages, email support@nanapantry.com.
- Correct — edit any item, your display name, or your email directly in the app.
- Delete — Profile → Account → Delete Account permanently deletes your account, all your pantry items, all your chat history, all your shopping list items, your household memberships, and your notification history. Deletion takes effect immediately and cannot be undone (backups are purged within 30 days — see Section 8). If you signed in with Apple, deletion also revokes NanaPantry’s access to your Apple ID.
- Withdraw consent — you can stop using NanaPantry at any time. Push notifications can be disabled in iOS Settings → Notifications → NanaPantry, or in Profile → Notifications. You can turn off usage analytics any time in Profile → Data Storage → Share Usage Analytics. To stop all data collection entirely, delete your account.
- Export — Profile → Data Storage → Export Data produces a CSV with your full item history.
7.2 Additional rights for EU / UK users (GDPR, UK GDPR)
In addition to the above, you have the right to:
- Restrict processing of your data while we investigate a complaint
- Object to processing based on legitimate interest
- Data portability in machine-readable format (CSV via the in-app export, JSON on request)
- Lodge a complaint with your local data protection authority (e.g., Ireland’s DPC, France’s CNIL, the UK ICO)
The legal basis we rely on for processing your data is:
- Contract — to provide the service you signed up for
- Consent — for push notifications and optional features you opt into
- Legitimate interest — for analytics and crash reporting (you can object by deleting your account)
7.3 Additional rights for California users (CCPA)
You have the right to:
- Know what categories of personal information we collect
- Know whether we sell or share personal information (we do not)
- Opt out of the sale of personal information (not applicable — we do not sell)
- Non-discrimination for exercising your rights
To exercise any of these, email support@nanapantry.com from the address associated with your NanaPantry account.
7.4 Additional rights for Canadian users (PIPEDA)
You have the right to:
- Access your personal information held by us
- Challenge the accuracy and completeness of the information
- Withdraw consent for processing (by deleting your account)
- File a complaint with the Office of the Privacy Commissioner of Canada if you believe we’ve mishandled your data
8. Data retention
We hold your data for as long as your account is active. After you delete your account:
- Active databases: your data is removed immediately from our active systems.
- Backups: Firebase keeps automatic point-in-time recovery snapshots for up to 30 days. After 30 days, your data is purged from backups as well.
- Aggregated and anonymized data: analytics data that cannot be linked back to you (e.g. “X% of users use voice add”) may be retained indefinitely for product-improvement purposes.
- Crash reports: our crash-reporting service retains crash data for up to 90 days by default.
- Legal holds: in the unlikely event we receive a legal demand to preserve specific data, we may retain it longer than the periods above; we will not voluntarily provide it to any party without lawful process.
9. Children’s privacy
NanaPantry is rated 9+ in the App Store but is intended for users 13 years of age and older. We do not knowingly collect personal information from anyone under 13. In jurisdictions where the digital consent age is higher (e.g., 16 in some EU member states), the minimum age applies. If you are a parent or guardian and believe your child under the applicable minimum age has provided us with personal information, please contact support@nanapantry.com and we will delete it.
10. International transfers
Because we use Firebase (US) and Gemini (US) as service providers:
- From Canada: data leaves Canada and enters the US. By using NanaPantry, you consent to this transfer.
- From the EU/UK: data is transferred outside the EEA/UK to the US. Google Cloud (Firebase) provides Standard Contractual Clauses (SCCs) as the legal mechanism for this transfer, in line with EU Commission requirements.
- From other countries: similar transfer conditions apply. The data protection standards in the US may differ from those in your country.
11. Changes to this policy
We may update this Privacy Policy from time to time as the product evolves. When we do:
- Minor changes (clarifications, typos): we update the “Last updated” date at the top of this page.
- Material changes (new categories of data collected, new third-party processors, new uses of data): we notify you in-app and via email at least 30 days before the change takes effect, giving you the option to delete your account before the new terms apply.
The most recent version of this policy is always available at https://nanapantry.com/privacy.
12. Contact
For any privacy-related question, data access request, or complaint:
Email: support@nanapantry.com Operator: Omar Ghaleb, Canada
If you don’t receive a response within 7 days, please re-send — emails occasionally get caught in spam filters. We respond to every legitimate privacy request.
This policy was last reviewed on 2026-06-02. It is written in plain English to be readable by humans. If you need a more formal legal version for compliance review, please contact us.