Privacy Policy

Introduction and Purpose

This Privacy Policy applies to all users of the LocalPlate™ mobile application and related services ("LocalPlate™," "we," "us," or "our"). LocalPlate™ is committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, share, and safeguard your data when you use our app, whether at home or in partnership with restaurants.

We comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), and will implement full compliance with the General Data Protection Regulation (GDPR) if we expand to serve users in the European Union.

By using LocalPlate™, you acknowledge and agree to the practices described in this Privacy Policy.

Definitions

• Personal Data: Any information that identifies or can reasonably be linked to an individual.
• Service Providers: Third parties contracted to process data on our behalf under strict confidentiality obligations.
• Sensitive Data: Information about health, diet, or biometric identifiers.

Information We Collect

LocalPlate™ collects various types of information to provide and improve our services. The categories of data we collect include:

Personal Information

When you register for an account, we collect information such as your name, email address, age, and any other details required for account creation and eligibility verification.

Account and Profile Data

This includes your nutrition tracking history, dietary preferences, nutrition goals, and any settings you configure within the app.

Device and Usage Information

We automatically collect data about your device (such as device type, operating system, unique device identifiers), app usage patterns, log data, and interactions with app features.

For security and anti-scraping purposes we also create hashed device identifiers, store truncated IP addresses, and log quota usage, burst-limit checks, and other telemetry in dedicated security tables (e.g., device_sessions, usage_quotas, security_events). These records help us detect abuse and enforce fair-use policies without storing raw hardware IDs.

Health and Dietary Data

To enable macro tracking, we collect information about your food intake, dietary choices, and nutrition diary entries. This may include sensitive health-related data you choose to provide.

Restaurant and Food Data

Through partnerships with restaurants and integration with official food databases (e.g., USDA FoodData Central), we collect nutrition facts, ingredient lists, and allergen information for restaurant dishes and packaged foods.

Receipt Capture Data

When you use Receipt Capture, we collect the photo (or imported image), associated metadata (timestamp, restaurant context, file type), OCR text, and the structured line items that result from processing the receipt. These assets are stored in Supabase Storage and the `receipt_imports`/`receipt_import_items` tables so we can review unmatched lines, surface warnings, and let you confirm entries before logging them to your diary. Free-tier accounts may submit one receipt every rolling seven-day period, while premium accounts have unlimited scans; enforcing this quota requires us to store timestamps and counters in `usage_quotas` alongside the receipt metadata.

Receipt images are retained while your account remains active (or until we complete periodic purges) so we can address disputes, detect abuse, and improve OCR accuracy. You may request deletion at any time via support@localplateapp.com; deleting a stored receipt does not remove diary entries you already saved from it.

Third-Party Integrations

We receive limited data from third-party integrations solely for account linking or functionality, such as the AI nutritionist chat feature powered by third-party providers (e.g., Google Gemini), Google Cloud Vision OCR for receipt parsing, subscription management through RevenueCat and the app stores, rate limiting through Upstash, database hosting via Supabase, and analytics platforms. LocalPlate™ does not use AI chat interactions to train its own models. Data exchanged with the AI nutritionist or OCR providers may be processed by third-party services under their own privacy policies and data-processing agreements, which ensure confidentiality and deletion upon request.

Feedback and Support Communications

If you contact support or submit feedback, we collect the content of your communications and any related contact information.

Only registered users can access nutrition tracking and related features; unauthenticated users are limited to viewing the welcome screen and legal documents. We do not collect user-generated content, photos, or direct restaurant ordering/payment data.

How We Use Your Data

We use the information we collect for the following purposes:

Service Provision

To operate, maintain, and provide the core features of LocalPlate™, including nutrition tracking, macro analysis, and access to restaurant nutrition data.

Personalization

To tailor your experience, such as recommending foods, setting dietary goals, and customizing nutrition insights based on your preferences and history.

App Improvement

To analyze usage patterns, monitor performance, and enhance app functionality, reliability, and security.

Communication

To send you important updates, respond to support requests, provide account-related notifications, and deliver relevant information about your use of LocalPlate™.

Payment Processing

To facilitate premium subscription purchases through RevenueCat and the applicable app marketplace (such as Google Play Billing), manage entitlements linked to your profile, and administer refunds or cancellations in accordance with platform policies. LocalPlate™ does not store full payment card numbers.

Quota Enforcement and Security

To monitor quota usage, detect scraping or suspicious automation, watermark nutrition data, and enforce our freemium policies. Security telemetry (including hashed device IDs, IP metadata, and event logs) is processed to protect restaurant partners and ensure fair access for legitimate users.

Receipt Capture and Diary Logging

To run OCR on partner receipts, auto-detect the submitting restaurant, match line items to verified meals, populate the review modal, and log selected meals to your diary. We also use receipt data to enforce the weekly free-tier scan allowance, troubleshoot OCR issues, and audit potential abuse. Receipt photos and derived metadata may be shared with trusted processors (such as Supabase Storage or Google Cloud Vision) solely for these purposes.

Legal Compliance

To comply with applicable laws, regulations, and platform requirements (e.g., Apple App Store, Google Play Store), and to respond to lawful requests from authorities.

Analytics and Research

To aggregate and anonymize data for internal analytics, product development, and business insights.

AI Nutritionist Feature

LocalPlate™'s AI nutritionist feature is powered by third-party providers (currently Google Gemini). When you use this feature, your inputs (such as meal descriptions or dietary questions) are processed by these providers to generate responses. LocalPlate™ does not use this data to train its own models. Third-party AI providers may temporarily store and review interactions to improve their systems' performance and safety in accordance with their own privacy policies.

By using this feature, you acknowledge that your data may be processed by these third-party providers under their terms of service and data use policies. You can choose not to use the AI nutritionist feature if you prefer not to share such data.

We receive limited data from third-party integrations solely for account linking or functionality (for example, RevenueCat entitlements, Upstash rate limiter responses, Supabase authentication, and AI nutritionist providers). We do not use your data for social networking features, user-generated content, or direct payments to restaurants. All data processing is conducted in accordance with this Privacy Policy and applicable legal requirements.

Sharing and Disclosure of Data

LocalPlate™ is committed to safeguarding your personal information and only shares data in limited circumstances, as described below:

Restaurant Partners

Nutrition facts, ingredient lists, and allergen information are obtained through direct partnerships with restaurants. However, your personal data (such as account details or dietary history) is not shared with restaurant partners unless you provide explicit consent or as required to fulfill a specific service request.

Third-Party Service Providers

We engage trusted third-party providers to support core app functions, including the AI nutritionist feature powered by third-party providers (currently Google Gemini), subscription and entitlement management through RevenueCat and the applicable app stores, rate limiting via Upstash, authentication and database hosting through Supabase, analytics, and cloud hosting. When you use the AI nutritionist feature, your inputs (such as meal descriptions or dietary questions) are processed by these providers to generate responses.

LocalPlate™ does not use this data to train its own models. Third-party AI providers may temporarily store and review interactions to improve their systems' performance and safety in accordance with their own privacy policies. By using this feature, you acknowledge that your data may be processed by these third-party providers under their terms of service and data use policies. You can choose not to use the AI nutritionist feature if you prefer not to share such data.

To enforce security limits, certain providers (such as Upstash and Supabase) may process hashed device identifiers, IP metadata, and quota counters strictly for rate limiting and abuse prevention. RevenueCat receives identifiers needed to link purchase receipts to your LocalPlate™ account.

We receive limited data from third-party integrations solely for account linking or functionality. These providers may access or process your data solely for the purpose of delivering their services to LocalPlate™ and are contractually obligated to maintain confidentiality and comply with applicable privacy laws.

Legal Authorities

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of LocalPlate™, our users, or others.

Business Transfers

In the event of a merger, acquisition, asset sale, or other business transfer, your data may be transferred to the successor entity. We will provide notice and ensure that any new entity continues to honor this Privacy Policy or provides equivalent protection.

Aggregated and Anonymized Data

We may share aggregated or anonymized data insights (which do not identify individual users) with restaurant partners, business affiliates, or for research and analytics purposes.

No Sale of Personal Data

LocalPlate™ does not "sell" user data as defined by the California Consumer Privacy Act (CCPA). You may opt out of certain data processing activities as described in the "User Rights and Choices" section.

We do not share your data with restaurants for marketing purposes, nor do we disclose sensitive health or dietary information except as necessary to provide the service or with your explicit consent.

Data Security and Retention

LocalPlate™ employs robust security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: Data is encrypted both in transit and at rest using industry-standard protocols.
• Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions.
• Regular Security Audits: We conduct periodic reviews and audits of our systems and processes to identify and address potential vulnerabilities.
• Data Storage Location: User data is stored in secure cloud infrastructure (currently AWS US-West).

Data Retention

We retain your personal data while your account is active and for up to 90 days after account deletion for backup integrity, fraud prevention, or dispute resolution, unless otherwise required by law. Security telemetry stored in device_sessions, security_events, and related tables is retained for up to 90 days to investigate abuse and protect restaurant content, after which it is anonymized or deleted. You may request deletion of your account and associated data at any time by contacting support at support@localplateapp.com. Upon account deletion, we will delete or anonymize your personal data within 30 days, unless otherwise required by law.

Data Breach Response

In the event of a data breach, LocalPlate™ will promptly investigate, mitigate risks, and notify affected users and relevant authorities as required by law.

User Rights

You have the right to access, correct, or delete your personal data. Requests can be made by contacting us at support@localplateapp.com. We will respond to such requests in accordance with applicable laws, including the CCPA and, if applicable, GDPR.

LocalPlate™ is committed to maintaining the confidentiality and integrity of your data and continuously improving our security practices to address emerging threats.

User Rights and Choices

LocalPlate™ respects your rights regarding your personal data and provides mechanisms for you to exercise these rights in accordance with applicable laws, including the California Consumer Privacy Act (CCPA) and, if applicable, the General Data Protection Regulation (GDPR).

• Access and Portability: You have the right to request access to the personal data we hold about you. Where required by law, you may also request a copy of your data in a portable format.
• Rectification: You may request correction of inaccurate or incomplete personal information associated with your account.
• Deletion ("Right to be Forgotten"): You may request deletion of your personal data and account at any time by contacting support@localplateapp.com. Upon verification, we will delete or anonymize your data within 30 days, unless otherwise required by law.
• Restriction and Objection: Where applicable, you may request restriction of processing or object to certain types of data processing, such as direct marketing or profiling.
• Opt-Out of Data Sale (CCPA): LocalPlate™ does not "sell" your personal data as defined by CCPA. However, California residents may opt out of certain data processing activities by contacting us.
• Withdraw Consent (GDPR): If processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Non-Discrimination: Exercising your privacy rights will not result in discriminatory treatment or denial of service.

To exercise any of these rights, please contact us at support@localplateapp.com. We will respond to requests in accordance with applicable laws and may require verification of your identity before fulfilling your request.

Cookies and Tracking Technologies

LocalPlate™ uses cookies, pixels, and similar tracking technologies to enhance your experience, analyze app usage, and support core functionality. These technologies may be used to:

• Remember your preferences and settings
• Authenticate your account and maintain session security
• Analyze usage patterns and improve app performance
• Deliver relevant content and notifications

Some third-party service providers (such as analytics platforms or AI chat providers) may also use cookies or similar technologies in connection with their services.

User Controls

You can manage your cookie preferences through your device or browser settings, which may allow you to block or delete cookies. Please note that disabling cookies may affect the functionality of certain features within LocalPlate™. Where required by law, we will provide in-app options to manage tracking technologies and obtain your consent for their use.

LocalPlate™ does not use cookies for targeted advertising or behavioral profiling.

Children's Privacy

LocalPlate™ is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age. If you are under 18, you may only use the Service with parental consent and supervision.

If we become aware that we have inadvertently collected personal data from a child under 13, we will promptly delete such information in accordance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

Parents or guardians who believe their child has provided personal information without consent should contact us at support@localplateapp.com to request deletion.

International Data Transfers

LocalPlate™ stores and processes user data in the United States, in secure cloud infrastructure (currently AWS US-West). By using the app, you consent to the transfer and processing of your information in the U.S., which may have different data protection laws than your country of residence.

If LocalPlate™ expands to serve users in the European Union or other jurisdictions with specific data protection requirements, we will implement appropriate safeguards to ensure compliance with the GDPR and other applicable laws. This may include standard contractual clauses, explicit consent mechanisms, and data portability and deletion rights.

We are committed to protecting your data regardless of where it is processed or stored.

Changes to This Privacy Policy

LocalPlate™ may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or app functionality. When material changes are made, we will update the effective date at the top of the policy and provide notice within the app or via email, where appropriate. We encourage users to review this Privacy Policy periodically to stay informed about how their information is protected and used.

Contact and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Legal Compliance and Lawful Bases

LocalPlate™ processes personal data in accordance with applicable laws, including the California Consumer Privacy Act (CCPA) and, where relevant, the General Data Protection Regulation (GDPR). The lawful bases for processing your data include:

• Consent: When you provide explicit consent for specific data processing activities, such as health or dietary data.
• Contractual Necessity: To fulfill our obligations in providing the LocalPlate™ service and managing your account.
• Legitimate Interests: For purposes such as improving app functionality, ensuring security, enforcing usage quotas, preventing scraping or fraud, and conducting analytics, provided these interests do not override your rights and freedoms.
• Legal Obligations: To comply with applicable laws, regulations, and law enforcement requests.

We ensure that all data processing is conducted transparently and in accordance with the principles of fairness, necessity, and proportionality.

Additional Disclosures

LocalPlate™ may process data for marketing, analytics, and third-party integrations, but does not use sensitive health or dietary information for marketing purposes. Data shared with third-party providers (such as AI nutritionist chat, payment processors, and analytics platforms) is limited to what is necessary for service delivery and is subject to contractual safeguards.

Aggregated or anonymized data may be used for research and business insights without identifying individual users. LocalPlate™ may link to third-party websites or services not operated by us. We are not responsible for their content or privacy practices.

If you have concerns about specific data uses, please contact us for more information or to exercise your rights as described in this Privacy Policy.

Last Reviewed: October 22, 2025