GroceryTrackGroceryTrack

Privacy Policy

Last modified: April 19, 2026

GroceryTrack, a product of Slash Dev Slash Null LLC, is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, protect, and disclose the information we collect when you use the GroceryTrack services (the "Services") through our website, mobile applications on devices ("Apps"), and through APIs.

IF YOU DO NOT ACCEPT THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

Changes to this Privacy Policy: If we make a material change to this Privacy Policy with respect to how we collect and use your personal information, we will provide at least 30 days' prior written notice to you by email, so that you have sufficient time to evaluate the change.

The Information We Collect and Store

Information You Provide

When you use the Services, you may provide the following personally identifiable information ("Personal Information") through your Google Account:

  • Email address (associated with your Google Account)
  • Display name (from your Google profile)
  • Profile photo (from your Google profile)
  • Receipt images and their contents ("User Content")
  • Grocery Snap photos — pictures of grocery items themselves (bags, counter, fridge, etc.) uploaded in place of a receipt so AI can identify the products
  • Forwarded receipt emails and their contents, when sent to our receipt ingestion address
  • Alternative email addresses for household receipt forwarding
  • Budget preferences and questionnaire responses
  • Trip notes — free-form text you attach to a receipt (e.g., product quality observations, price comparisons, packaging differences)
  • Manual corrections to extracted data, including store names, item names, prices, totals, receipt type (Grocery/Restaurant), and non-grocery exclusions
  • Feedback messages and optional screenshots
  • Subscription and payment information (processed by Stripe; see "Payment Information" below)

Email-Forwarded Receipts

When you forward a receipt email to our ingestion address (receipts@updates.grocerytrack.food), we receive and process:

  • Sender email address (used to match your account or household alternative emails)
  • Email subject line
  • Email body content (HTML and plain text)
  • Image attachments (receipt photos)

Email forwarding is handled by Resend, our transactional email provider. Resend receives and temporarily stores the inbound email to deliver it to our webhook endpoint. Resend Privacy Policy

AI-Extracted Data

When you upload a receipt image or forward a receipt email, our AI processing extracts the following information:

  • Store name and date of purchase
  • Individual item names, cleaned names, prices, and categories
  • Item quantity and unit price, when available
  • Item weight with unit (e.g., "1.5 lb"), when sold by weight
  • Item flags: whether an item is organic and whether it is perishable
  • Receipt total amount

Grocery Snap (AI-Estimated Data)

When you use Grocery Snap to photograph grocery items instead of a receipt, our AI identifies the products and creates a receipt entry that includes estimated prices (marked with a hasPriceEstimates flag so you can tell estimates from receipt-accurate totals). Prices are inferred from general market data, not from any individual retailer, and you should treat them as approximations. You can edit or delete any Grocery Snap receipt from the receipt detail view just like a scanned receipt.

Third-Party AI Assistant Access (MCP)

GroceryTrack exposes a Model Context Protocol (MCP) server at /api/mcp that lets you grant third-party AI clients (such as Claude, ChatGPT, or any other MCP-compatible assistant) authorized access to your data. When you connect a client:

  • You complete an OAuth 2.1 authorization flow (with PKCE) signed in as your Google account
  • A scoped, time-limited access token is issued (default expiry: one hour) and stored in Cloud Firestore
  • Your OAuth client registration details (client ID, redirect URI, registration metadata) are stored in Cloud Firestore
  • While the token is valid, the authorized client can call read-only MCP tools to retrieve your receipts, line items, trip notes, and spending summaries; the nutrition catalog is public and does not require authentication

You can revoke access at any time by contacting support. Once access is connected, any data returned through the MCP tools is transmitted to and processed by the third-party AI client according to that client's own privacy policy — GroceryTrack does not control what they do with your data after it leaves our systems.

Usage Data

When you use our Services, the following types of information may be logged automatically ("Usage Information"):

  • Client application type (web, iOS, Android) and version number
  • Analytics events such as sign-in, receipt uploads, tab navigation, and feature usage
  • Date and time stamps associated with actions
  • Technical information about your device and browser
  • Error and performance data, including stack traces, browser metadata, and session replays when errors occur (collected via Sentry)

Payment Information

When you subscribe to a paid plan, payments are securely processed by Stripe. GroceryTrack does not directly collect or store your credit card number, CVV, or full payment card details. Stripe collects and processes this information on our behalf in accordance with Stripe's Privacy Policy. The following payment-related data is stored by GroceryTrack for account management and record-keeping:

  • Stripe customer ID and subscription ID
  • Subscription status (active, canceled, etc.)
  • Payment amounts, currency, and billing period dates
  • Invoice URLs for your payment history

How We Use Your Information

We use your information to:

  • Provide and improve our Services, including AI-powered receipt extraction, AI product identification with estimated prices via Grocery Snap, spending analytics, budget insights, and organic/perishable item tracking
  • Display your personalized dashboard, receipt history, spending charts, and item-level details such as quantity, weight, and freshness indicators
  • Surface your own trip notes in context (e.g., on the relevant receipt and on the store profile page for the store the note was attached to); trip notes are private to your account and are not shared with other users
  • Summarize your trip notes on request via Google Gemini AI when you click "Summarize" — the notes you have saved for a given store are sent to Gemini to produce a short recap
  • Build public, de-identified store directory pages (/store and /store/[slug]) that aggregate only canonicalized store names from receipts across all users; no receipt contents, notes, prices, or user identifiers are included in the public directory
  • Generate and cache AI item images for faster loading across all users
  • Administer your account and process your requests
  • Monitor service health and usage patterns via aggregated analytics
  • Process subscription payments and maintain your billing history
  • Communicate with you about updates, changes, or issues with the Services

If you submit Personal Information to us, we will only use it for the purpose for which it was collected or for any purpose you subsequently authorize. GroceryTrack will never sell your information or use it to build a marketing profile.

How We Collect Usage Data

GroceryTrack collects some information using Firebase Analytics to track anonymous and identified usage across users. We use this information to monitor and analyze use of our Services, for technical administration, and to increase functionality and user-friendliness.

As of the date this policy went into effect, we use:

  • Firebase Analytics — to collect and analyze usage data. Firebase Privacy Policy
  • Sentry — to monitor application errors, performance, and session replays for debugging. Sentry may collect your IP address, browser information, user ID, and actions leading up to an error. Sentry Privacy Policy
  • Google Gemini AI — to process receipt images for text extraction and item image generation. Google AI Terms
  • Resend — to receive forwarded receipt emails and deliver transactional emails. Resend processes sender email addresses, email content, and attachments. Resend Privacy Policy

Data Ownership

All data remains your property and is solely owned and controlled by you. You grant GroceryTrack a non-exclusive, royalty-free license to use your data solely for the purpose of providing, maintaining, and supporting you with the Services. GroceryTrack may use and distribute de-identified, aggregated data for analytics and service improvement purposes.

Data Storage

Your data is stored using Google Cloud services:

  • Cloud Firestore — account data, receipts (including trip notes and manual corrections), budget profiles, item catalog, feedback, MCP OAuth client registrations, and MCP access/refresh tokens
  • Cloud Storage — receipt images and AI-generated item images
  • Firebase Authentication — account credentials and session management

Data is stored in the United States and protected by Google Cloud's security infrastructure. If you reside outside the U.S., the information we collect will be transferred to the U.S. and processed and stored there under U.S. privacy standards.

Information Sharing and Disclosure

We do not sell your personal information. Your data may be shared with the following third parties solely for the purpose of providing the Services:

Service Providers used for the technical infrastructure:

  • Google Cloud Platform — Firestore, Cloud Storage, and Firebase Authentication for data storage and account management
  • Google Gemini AI — receipt image processing and item image generation
  • Firebase Analytics — usage tracking and analytics
  • Sentry — error monitoring, performance tracking, and session replay for debugging. Sentry Privacy Policy
  • Stripe — payment processing for subscription plans. Stripe Privacy Policy
  • Resend — inbound email processing for receipt forwarding and transactional email delivery. Resend Privacy Policy

Third-Party AI Clients You Authorize via MCP:

If you connect a third-party MCP client (e.g., Claude, ChatGPT) to your GroceryTrack account, receipts, line items, trip notes, and spending summaries retrieved by that client through our MCP tools are transmitted to the client you authorized. These clients are not our service providers — they are independent parties acting under your direction — and their handling of your data is governed by their own terms and privacy policies. You can stop this sharing at any time by revoking the client's access (contact support).

We may disclose information about you if we become subject to a subpoena or court order, or if we are otherwise legally required to disclose information. We may also use and disclose information about you to establish or exercise our legal rights, to enforce the Terms of Service, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities.

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you of any change in control or use of your Personal Information.

Non-private or Non-Personal Information. GroceryTrack may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Services. In such cases, your usage data is aggregated with the usage data of others and does not identify you individually.

Data Security

GroceryTrack takes reasonable steps to help protect information against loss, misuse, unauthorized access, or disclosure. Our security measures include:

  • Firebase Security Rules ensuring users can only access their own data
  • Server-side authentication via Firebase ID tokens for all API requests
  • HTTPS encryption for all data in transit
  • Gemini API key stored server-side only, never exposed to client applications

GroceryTrack expressly disclaims any representation or warranty, whether express or implied, with respect to offering any definitive promise of security in connection with the information we collect.

Your Rights and Choices

You have the following rights with respect to your data:

  • Access: View all your stored data through the app, including receipts, trip notes, items, and budget profile
  • Export: Export your receipt data via the CSV export feature in Receipt History
  • Delete: Delete individual receipts at any time through the app
  • Edit trip notes: Add, edit, or clear the free-form notes on any receipt from the receipt detail view — clearing a note removes it from our records
  • Revoke MCP client access: Disconnect any third-party AI client you previously authorized by contacting support; this invalidates their access tokens so they can no longer read your data
  • Account deletion: Request complete deletion of your account and all associated data by contacting support
  • Correction: Update your display name and budget settings through the Profile page, and correct AI-extracted store names, item names, prices, totals, and item flags directly from the receipt detail view

Deleting Your Information

You may delete individual receipts directly within the app. To delete your entire account and all associated data, please contact us at privacy@grocerytrack.app. Upon receiving such a request, we will delete your account information from our live databases and all information and data stored for such account. When we delete Personal Information, it will be deleted from our active databases but may remain in our archives and backups for a reasonable period.

Our Policy Toward Children

The Services are not intended for children under 13 years of age. We do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us at privacy@grocerytrack.app.

Linked Sites

Our Services may contain links to other websites whose privacy practices may differ from those of GroceryTrack. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

Special Considerations by State

California — GroceryTrack will not use your data for any purpose beyond the indicated purposes in the Terms of Service and this Privacy Policy. This includes GroceryTrack's policy to never use personal information to engage in targeted advertising. In accordance with the California Consumer Privacy Act (CCPA), California residents have the right to request disclosure of data collection practices, request deletion of personal information, and opt out of the sale of personal information (note: GroceryTrack does not sell personal information).

Contact

For privacy-related questions, contact us at privacy@grocerytrack.app.