Pantry
Legal

Privacy Policy

Last updated: 24 April 2026

Pantry (“we”, “us”, or “our”) is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our meal planning service at justpantry.app.

We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018. If you have questions about this policy, contact us at privacy@justpantry.app.

1. Information We Collect

We collect information in the following ways:

Information You Provide Directly

  • Account Information: Name, email address, and password when you create an account.
  • Profile Information: Dietary preferences, food allergies, household size, cooking time preferences, and health goals.
  • Payment Information: Processed securely via our payment provider. We do not store your card details.
  • Communications: Messages you send to our support team.

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, and interaction data.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies & Tracking: See our Cookie Policy for details.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Pantry service
  • Generate personalised meal plans and shopping lists
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, password resets)
  • Send service updates and, where you have consented, marketing emails
  • Analyse usage patterns to improve our algorithms and user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

3. Legal Bases for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to deliver the service you have subscribed to.
  • Legitimate Interests: Improving our service, preventing fraud, and ensuring security — where these interests are not overridden by your rights.
  • Consent: Marketing communications and optional analytics. You may withdraw consent at any time.
  • Legal Obligation: Where we are required by law to process your data.

4. Sharing Your Information

We do not sell your personal data. We may share your information with:

  • Service Providers: Cloud hosting (AWS), database (Supabase), payment processing, email delivery, and analytics tools — all under data processing agreements.
  • Legal Requirements: When required by law, court order, or to protect our rights, property, or the safety of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. You may delete your account at any time. Following deletion, we retain anonymised usage data for analytical purposes. Backups may retain data for up to 90 days.

Financial transaction records are retained for 7 years to comply with HMRC requirements.

6. International Transfers

Your data may be processed in countries outside the UK, including the United States. Where we transfer data internationally, we rely on UK adequacy decisions or UK International Data Transfer Agreements (IDTAs) to ensure appropriate safeguards are in place.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“right to be forgotten”).
  • Restriction: Request that we restrict processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@justpantry.app. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure. We encourage you to use a strong, unique password for your account.

9. Children’s Privacy

Pantry is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by displaying a prominent notice in the app. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related queries or to exercise your rights:

← Back to Pantry
Terms of ServiceCookie Policy