1. What we collect
When you create an account: your email address (via Auth0), the name you choose, and basic info you provide during onboarding — family members, dietary preferences, kitchen equipment, baseline food spending, preferred stores.
When you use the service: the meal plans we generate for you, your cook/skip status on each recipe, pantry items you add (manually or via kitchen scan), recipe ratings, and the photos you upload for kitchen scans.
Automatically: basic usage logs (request timestamps, IP address, device type) for security and to debug problems. We don't use third-party analytics or advertising trackers in the app.
2. What we don't collect
We don't store your payment card details — Stripe handles that.
We don't access your phone's contacts, location, or other photos beyond the kitchen-scan photos you explicitly upload.
We don't collect facial-recognition or biometric data.
3. How we use your data
To run the service: generate plans, build shopping lists, send weekly meal reminders, process payments.
To improve the product: aggregated, non-identifying patterns (e.g. "what cuisines are popular among family-of-4 households") help us tune the recommendation engine. Your individual data is never used to train AI models that other users see.
To contact you: account-related emails (welcome, plan ready, savings refund eligibility), and occasional product updates which you can unsubscribe from any time.
4. Third parties we share data with
Auth0 — handles sign-in / sign-out. Receives your email.
Stripe — handles subscription payments. Receives the email associated with your account.
Anthropic (Claude) — processes recipe generation and kitchen-scan photo analysis. Receives the household preferences relevant to a request and any photos you upload for scanning. Anthropic does not retain or use this data to train their general-purpose models.
Resend — sends our outgoing email. Receives your email address.
Railway — hosts our database and API. Receives any data needed to serve your requests.
Cloudflare — hosts our web frontend and email-capture worker.
Instacart (when enabled) — receives your shopping list when you choose to hand it off for delivery. Until you tap that button, no data is shared.
We don't sell your data. We don't share it with advertisers. We don't share it with data brokers.
5. Kitchen-scan photos
Photos you upload for kitchen scans are sent to Anthropic for vision analysis, then deleted from our servers within 24 hours. We don't retain originals; we keep only the extracted text (the identified pantry items).
You can delete identified pantry items anytime in the Kitchen tab.
6. Children
Plento Pasto is intended for adults 18+. We don't knowingly collect data from children. You can add children as family members in your household (we ask for an age bracket so we can tailor plans — for example, "include kid-friendly options"), but that information represents your child as a meal context, not as a separate user with their own account.
7. Data retention
Active accounts: we retain your data as long as your account is open.
Closed accounts: data is retained for 30 days after closure in case you change your mind, then permanently deleted. If you want immediate deletion, email
[email protected].
Backups: encrypted database backups are kept for up to 90 days for disaster recovery, then rotated out.
8. Your rights
You can:
• View the data we have about you (Settings → Your data export — coming soon; in the meantime email
[email protected]).
• Update your preferences and family members anytime in Settings.
• Delete your account from Settings → Sign out → Delete account (or email Ashley for immediate purge).
• Ask us to stop emailing you (one-click unsubscribe in every email).
If you're a California resident, you also have rights under CCPA. If you're in the EU/UK, GDPR rights apply. Email
[email protected] to exercise any of these.
9. Security
We protect your data with industry-standard practices: encrypted connections (HTTPS), encrypted database storage, two-factor authentication on operator accounts, and the principle of least privilege for who can access production data. No system is perfectly secure though — if you suspect a breach affecting your account, email
[email protected] immediately.
10. Changes to this policy
We may update this policy over time. Material changes will be announced via email at least 14 days before they take effect.