Privacy Policy
FreezerFlow - Frozen Food Inventory Management App
Last Updated: December 10, 2025
Introduction
This Privacy Policy describes how FreezerFlow ("we," "us," or "our") collects, uses, and protects your information when you use our mobile application ("App"). FreezerFlow is a frozen food inventory management application that helps you track items in your freezer, manage expiration dates, and reduce food waste.
We are committed to protecting your privacy and handling your data responsibly. Please read this policy carefully to understand our practices regarding your personal data.
Information We Collect
1. Account Information
When you create an account, we collect:
- Email address (required for authentication)
- Password (securely hashed; never stored in plain text)
- Display name (optional)
- Account creation timestamp
2. Inventory Data
When you use the App, you may provide:
- Item information: Name, quantity, unit of measurement, expiration date, brand, notes
- Categories: Custom category names and colors you create
- Containers: Storage location names and identifiers
- QR codes: Identifier codes for items and containers (alphanumeric strings only)
- Images: Photos of items you choose to upload (optional)
- Timestamps: When items were added or modified
3. Device and Technical Information
We automatically collect limited technical information:
- Device type and platform (Android, iOS, or Web)
- Network connectivity status (online/offline)
- App crash reports and error logs (via Firebase Crashlytics)
4. Local Notifications
If you enable notifications, we store locally:
- Notification preferences
- Notification history (expiration alerts, low stock alerts)
How We Use Your Information
We use your information to:
- Provide the service: Store and sync your inventory data across devices
- Authentication: Verify your identity and secure your account
- Notifications: Send local alerts about expiring items and low stock
- Offline functionality: Enable the App to work without an internet connection
- Improve reliability: Identify and fix crashes and errors via crash reports
- Data sync: Synchronize your data between local storage and cloud backup
We do NOT use your data for:
- Advertising or marketing purposes
- Selling to third parties
- Behavioral tracking or analytics
- Profiling or automated decision-making
Third-Party Services
Supabase (Backend Infrastructure)
We use Supabase as our backend service provider for:
- User authentication
- Database storage (PostgreSQL)
- Real-time data synchronization
- File storage (for item images)
Supabase processes your data as a Data Processor on our behalf. Their privacy policy is available at: https://supabase.com/privacy
Firebase Crashlytics (Crash Reporting)
We use Firebase Crashlytics to collect crash reports and error logs to improve app stability. This includes:
- Error messages and stack traces
- Device type and operating system version
- App version information
Crashlytics does NOT collect personally identifiable information. Firebase's privacy policy is available at: https://firebase.google.com/support/privacy
Data Storage and Security
Local Storage
Your data is stored locally on your device using:
- SQLite database (via Drift library) for offline inventory access
- Encrypted secure storage for sensitive data:
- Android: Encrypted SharedPreferences with AES-GCM encryption
- iOS: iOS Keychain with device-level protection
- AES-256-GCM encryption for sensitive offline data with SHA256 integrity verification
Cloud Storage
Your data is synced to Supabase servers:
- All data transmitted via HTTPS/TLS encryption
- Authentication via JWT tokens
- Database protected by Row Level Security (RLS) policies
- Images stored in encrypted cloud storage
Log Security
We implement comprehensive privacy protection in logs:
- Email addresses are redacted in production logs
- User IDs are hashed in production environments
- Passwords and authentication tokens are never logged
- Sensitive data is sanitized before any logging
Data Retention
Active Accounts
While your account is active, we retain:
- Your account information and inventory data indefinitely
- Notification history for up to 7 days (automatically cleaned)
- Sync queue data until successfully synchronized
Account Deletion
When you delete your account, we delete:
- Your user profile and authentication data
- All inventory items, categories, and containers
- All notification history
- All locally stored data (cache, preferences, secure storage)
To request account deletion, please visit our Account Deletion page or contact us directly at [email protected].
Note: Crash reports previously sent to Firebase Crashlytics are retained according to Firebase's data retention policies.
Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Delete your account and all associated data - Request account deletion
- Portability: Export your inventory data
- Withdraw consent: Disable optional features like notifications
To exercise these rights, you can:
- Use the account deletion feature within the App
- Request account deletion via our website
- Export your data using the App's export functionality
- Contact us at the email provided below
Children's Privacy
FreezerFlow is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.
Offline-First Architecture
FreezerFlow is designed with an offline-first architecture, meaning:
- Your inventory data is stored locally on your device first
- The App functions fully without an internet connection
- Data syncs to the cloud when connectivity is available
- You maintain control over your data even without network access
QR Code Features
The App allows you to scan and generate QR codes for inventory tracking:
- QR codes contain only item/container identifiers (not personal information)
- QR scanning is performed locally on your device
- No QR data is shared with external services
- QR codes are used solely for inventory organization
Notifications
FreezerFlow uses local notifications only:
- Notifications are generated and displayed by your device
- No push notification servers or tokens are used
- Notification data never leaves your device
- You can disable notifications in your device settings
Notification types include:
- Expiration alerts (items expiring soon or expired)
- Low stock alerts (optional)
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Displaying a notice within the App (for significant changes)
We encourage you to review this policy periodically.
Data Protection
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption at rest and in transit
- Secure authentication mechanisms
- Regular security assessments
- Access controls and audit logging
- PII sanitization in application logs
International Data Transfers
Your data may be processed in countries where Supabase and Firebase maintain servers. These transfers are protected by:
- Standard contractual clauses
- Appropriate technical safeguards
- Compliance with applicable data protection laws
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
Summary
| Data Type | Collected | Stored Locally | Stored in Cloud | Shared with Third Parties |
|---|---|---|---|---|
| Yes | No | Supabase | No | |
| Password | Yes (hashed) | No | Supabase Auth | No |
| Inventory Items | Yes | Yes | Supabase | No |
| Categories | Yes | Yes | Supabase | No |
| Item Images | Optional | No | Supabase Storage | No |
| Crash Reports | Auto | No | Firebase | No |
| Analytics | No | - | - | - |
| Advertising IDs | No | - | - | - |
This privacy policy was last reviewed on December 10, 2025.