Introduction
Welcome to Pantryx ("Pantryx", "Company", "we", "our", or "us").
Pantryx is operated by Volodymyr Mendyk. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use the Pantryx mobile application and related services (the "App" or "Services"). It also explains your privacy rights and choices under the General Data Protection Regulation ("GDPR") and other applicable data protection laws.
Pantryx is a pantry-scanning and recipe recommendation app. The MVP version of the App uses artificial intelligence to recognise items from photos, allows you to confirm or edit your pantry inventory, and recommends recipes from Pantryx's curated recipe database based on confirmed ingredients and selected preferences.
Pantryx does not currently provide an AI cooking chat assistant in the MVP version of the App. Recipes are not generated from scratch by an AI cooking assistant. Pantryx is not a medical, nutritional, dietary, or allergen-management tool.
Privacy Policy URL: https://pantryx.org/privacy
Key Features of the App
The MVP version of Pantryx may include the following features:
- AI Pantry Scanning via Camera: Capture or upload photos of your pantry, fridge, shopping bag, or individual items so Pantryx can suggest recognised items for your confirmation.
- Pantry Confirmation: Review, confirm, edit, or delete recognised items before they are added to your pantry inventory.
- Manual Inventory Management: Add, edit, categorise, and track pantry items manually.
- Recipe Recommendations: Receive recipe suggestions from Pantryx's curated recipe database based on your confirmed pantry inventory and selected preferences.
- Recipe Selection and Cooking Steps: Select a recommended recipe and follow structured cooking steps.
- Dietary Preferences: Optionally enter allergies, intolerances, dietary preferences, or health-related dietary information to help personalise recipe recommendations.
- Cross-Device Access: Access your inventory and saved recipes across your devices when signed in.
- Account Deletion: Delete your account through the in-app account deletion feature or by contacting us.
Personal Data We Collect
We collect only the data that is necessary to provide, secure, maintain, and improve the App.
A. Information You Provide
Account Information
Email address, username, password, authentication identifiers, and authentication-related information used to create, secure, and manage your account.
Profile Information
Optional information such as display name, language preference, and app settings.
Pantry Inventory Data
Items you add manually or through confirmed scans, including item names, quantities, categories, notes, expiration dates, and edits you make during pantry confirmation.
Scan and Recognition Data
Photos submitted for pantry, fridge, shopping bag, or item scanning; recognised item suggestions; confidence or recognition metadata where applicable; and your confirmations, edits, or rejections of recognised items.
Photo Data
Photos captured through the App's camera or selected from your photo library for item recognition. Original uploaded photos are stored temporarily on Pantryx's backend for up to 24 hours for recognition, debugging, security, abuse prevention, and service reliability purposes, and are then automatically deleted.
Dietary, Allergy, and Health-Related Preferences
You may choose to provide allergies, intolerances, dietary preferences, or health-related dietary information, such as nut allergy, lactose intolerance, vegan diet, keto diet, diabetes-related dietary preferences, celiac-related restrictions, or similar information. This information is optional and is used only to personalise, filter, or adjust recipe recommendations where possible.
Because some of this information may reveal health-related data, we process it only with your explicit consent. You may edit or delete this information and withdraw your consent at any time through the App settings or by contacting us.
Recipe Interaction Data
Recipes recommended to you, recipes you view, save, select, or cook, and cooking-step progress where this feature is available.
Support Requests
Information you share when you contact us for support, feedback, questions, complaints, or privacy requests.
B. Information Collected Automatically
Device Information
Device type, operating system, app version, language settings, device identifiers, and technical configuration.
Usage Data
Features used, screens viewed, scan frequency, recipe interaction events, settings changes, performance data, error logs, and crash-related information.
Log Data
IP address, timestamps, server logs, authentication events, and security-related logs used for troubleshooting, fraud prevention, and service protection.
C. Payment Data
Pantryx does not currently offer paid subscriptions, in-app purchases, or premium paid features. We do not currently collect payment card information, subscription status, transaction IDs, or billing history.
If paid features are introduced in the future, this Privacy Policy will be updated before such processing begins.
Purposes and Legal Bases for Processing
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the App and core features | Account data, pantry inventory, scan data, recipe interaction data | Contractual necessity |
| AI item recognition | Submitted photos, scan metadata | Contractual necessity |
| Pantry confirmation and inventory management | Pantry inventory, confirmations, edits | Contractual necessity |
| Recipe recommendations | Confirmed pantry inventory, selected preferences, recipe interaction data | Contractual necessity |
| Dietary and allergy personalisation | Allergy, intolerance, and health-related dietary information | Explicit consent under GDPR Article 9(2)(a), where applicable |
| Account security and authentication | Account data, device data, log data | Contractual necessity / legitimate interest |
| Customer support | Support request data, account data | Contractual necessity / legitimate interest |
| Product analytics and improvement | Usage data, app events, device data | Legitimate interest, with opt-out where required |
| Crash reporting and debugging | Error logs, crash data, device data | Legitimate interest |
| Legal compliance | Relevant account, log, and request data | Legal obligation |
| Marketing communications | Email address and marketing preferences | Consent, where required |
Where we rely on legitimate interest, we balance our interests against your rights and freedoms.
Explicit Consent for Allergy, Dietary, and Health-Related Data
Allergy, intolerance, medical diet, and health-related dietary information may qualify as special-category personal data under applicable data protection laws.
Pantryx processes this information only if you choose to provide it and give explicit consent for Pantryx to use it for the specific purpose of personalising, filtering, or adjusting recipe recommendations.
Before you enter allergy, intolerance, or health-related dietary information, the App will request explicit consent using wording substantially similar to:
I consent to Pantryx processing my allergy, intolerance, and health-related dietary information to personalise recipe recommendations. I understand that Pantryx is not a medical, nutritional, or allergen-management tool and that I must always verify product labels, ingredients, and suitability myself.
This consent must be given actively and will not be pre-selected. You may withdraw this consent at any time by deleting the relevant information, disabling dietary personalisation where available, or contacting us at communication.pantryx@gmail.com. Withdrawing consent does not affect processing that occurred before withdrawal.
Pantryx is not a medical, nutritional, or allergen-management tool. Dietary personalisation is not a guarantee that recipes are allergen-free, medically appropriate, or safe for your individual circumstances. You must always verify product labels, ingredients, allergens, warnings, and recipe suitability yourself.
Camera, Photo Data, and AI Item Recognition
Because Pantryx relies on visual recognition of items, we want to be clear about how photos and device permissions are handled.
When the camera is used
The camera is used only when you actively initiate a scan or upload a photo for item recognition.
iOS camera permission notice
The App may display a camera permission notice such as: "Pantryx uses your camera to scan pantry, fridge, or grocery items so you can confirm your inventory and get recipe recommendations."
iOS photo library permission notice
The App may display a photo library permission notice such as: "Pantryx lets you choose photos of pantry or grocery items for item recognition."
Where photos go
Photos are uploaded to Pantryx's backend for item recognition and temporary processing.
How long photos are stored
Original uploaded photos are retained on Pantryx's backend for up to 24 hours for recognition, debugging, security, abuse prevention, and service reliability purposes. After that period, original photos are automatically deleted.
AI item recognition model
Pantryx uses its own proprietary item recognition model and curated recognition data to analyse submitted photos and suggest recognised items for user confirmation. In the MVP version of the App, AI is used for item recognition only.
What is processed by the recognition model
Submitted photos and limited technical or contextual data needed to return recognition results.
What is not processed by the recognition model
Pantryx does not send your password, full account profile, unrelated personal data, or payment information to the recognition model.
Human access to photos
During the temporary retention period, photos may be processed by automated systems and, in rare cases, accessed by authorised personnel only where necessary for debugging, security, abuse prevention, or support.
Limitations
Item recognition may be inaccurate, incomplete, or misleading. You must review and confirm recognised items before relying on them.
Data Sharing and Third-Party Processing
We do not sell, rent, or trade your personal information. We share personal data only where necessary to provide, secure, maintain, analyse, or improve the App, or where required by law.
A. Service Providers and Tools
Backend Application Framework — Vapor
Vapor is the backend application framework used to power Pantryx's server-side application logic, API endpoints, authentication flows, and communication between the App, database, and Pantryx systems. Vapor is a software framework, not a third-party data processor by itself.
Database — Neon DB
Purpose: Stores user accounts, confirmed pantry inventory, dietary and allergy preferences, saved recipes, recipe interaction data, app settings, and related structured app data.
Data Processed: Account data, inventory data, dietary profile data, recipe interaction data, and related app records.
Security: Access controls, encrypted transport, provider-level security controls, and application-level access restrictions.
Temporary Photo Processing — Pantryx Backend
Purpose: Temporarily stores uploaded pantry, fridge, shopping bag, or item photos for AI item recognition and operational reliability.
Retention: Original uploaded photos are retained for up to 24 hours and then automatically deleted.
Access: Restricted to automated systems and authorised personnel only where necessary.
AI Item Recognition — Pantryx Proprietary Model
Purpose: Analyses submitted photos to suggest recognised items for user confirmation.
Data Processed: Submitted photos and recognition metadata.
External AI Provider: Pantryx does not currently use an external third-party AI model provider for recipe generation or cooking chat in the MVP version of the App.
Email Service — Mailgun
Purpose: Sends transactional email such as account verification, password reset, support communication, and service-related notices. If marketing emails are introduced, they will be sent only where legally permitted and, where required, with consent.
Data Processed: Email address, message delivery metadata, and email content required for delivery.
Analytics — Amplitude
Purpose: Helps us understand how users interact with Pantryx and improve product performance, usability, and feature quality.
Data Processed: Usage events, feature interactions, app version, device type, operating system, and pseudonymised or anonymised user identifiers.
Data Not Sent: Pantry photos, allergy profile, health-related dietary data, full pantry inventory, full recipe-step content, passwords, or payment information are not sent to Amplitude.
Crash Reporting and Error Logs
Pantryx does not currently use a named third-party crash reporting provider. The App and backend may process basic error logs, device model, operating system version, app version, and anonymised session identifiers for debugging, security, and service reliability.
B. Legal Requests and Safety
We may disclose personal data where necessary to:
- Comply with legal obligations, court orders, or valid regulatory requests.
- Enforce our Terms of Use.
- Investigate fraud, abuse, security incidents, or technical issues.
- Protect the rights, safety, and security of Pantryx, users, or others.
C. Aggregated and Anonymised Data
We may use aggregated or anonymised data for analytics, reporting, product improvement, and business planning. This data does not identify individual users.
International Data Transfers
Some service providers may process personal data outside the European Economic Area (EEA), the United Kingdom, or your country of residence.
Where required, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, contractual data protection obligations, and provider security commitments to protect transferred data.
You may request more information about these safeguards by contacting communication.pantryx@gmail.com.
Data Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion or as required for legal/security purposes |
| Pantry inventory | Until you delete items or delete your account |
| Dietary, allergy, and health-related preferences | Until you edit/delete them, withdraw consent, or delete your account |
| Recipe interaction data | Until you delete your account or the data is no longer needed for the App |
| Original uploaded pantry/item photos | Up to 24 hours, then automatically deleted |
| Recognition metadata | Retained as part of scan/inventory records where needed for the App; recognition metadata does not include original uploaded photos after the 24-hour deletion period |
| Support communications | Up to 12 months unless needed longer for legal, security, or dispute purposes |
| Security logs | Retained for a limited period necessary for security, debugging, and abuse prevention |
| Backups | Stored securely and deleted or overwritten according to backup cycles, generally within 90 days unless required by law |
| Payment data | Not currently collected |
When you request account deletion, we delete or anonymise personal data unless retention is required for legal compliance, security, fraud prevention, dispute resolution, or legitimate business records.
Your Privacy Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interests or direct marketing.
- Withdraw Consent: Withdraw consent where processing is based on consent, including explicit consent for dietary or health-related data.
- Complaint: Lodge a complaint with your local data protection authority.
To exercise your rights, contact us at communication.pantryx@gmail.com. We may need to verify your identity before processing your request.
We aim to respond to privacy requests within 30 days. For complex requests, this period may be extended where permitted by law, and we will notify you if this happens.
User Controls
You can control your data in the following ways:
- Edit or delete pantry inventory items inside the App.
- Edit or delete dietary and allergy preferences inside the App where available.
- Withdraw consent for dietary personalisation by deleting relevant profile information or contacting us.
- Delete your account through the in-app account deletion feature or by contacting us.
- Manage camera and photo library permissions through your device settings.
- Unsubscribe from marketing emails through the link in the email, where applicable.
In-App Account Deletion
If you create an account, Pantryx provides an in-app account deletion option. The account deletion flow allows you to request deletion of your account and associated personal data from inside the App.
Deleting your account will remove or anonymise your pantry inventory, dietary preferences, recipe interaction data, account information, and associated personal data, except where retention is required for legal compliance, security, fraud prevention, dispute resolution, or legitimate business records. Original uploaded photos are retained only for up to 24 hours and then automatically deleted.
Security Measures
We use reasonable technical and organisational measures to protect personal data, including:
- TLS encryption for data in transit.
- Password hashing using industry-standard methods such as bcrypt or argon2.
- Access controls for backend and database systems.
- Restricted administrative access.
- Logging and monitoring for security and operational issues.
- Separation of user data from analytics where possible.
- Temporary photo retention limited to up to 24 hours.
No system can guarantee 100% security. You should use a strong, unique password and keep your device and App updated.
Children's Privacy
Pantryx is not directed to children under 16. We do not knowingly collect personal data from children under 16.
If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take reasonable steps to delete it. If you believe this has happened, contact communication.pantryx@gmail.com.
California Privacy Rights
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, access, delete, correct, and opt out of certain uses of personal information.
Pantryx does not sell personal information and does not share personal information for cross-context behavioural advertising.
To exercise California privacy rights, contact communication.pantryx@gmail.com. We may need to verify your identity before processing your request.
Data Protection Officer and Supervisory Authority
Pantryx is a small independent app and does not currently have a formally appointed Data Protection Officer (DPO). Privacy-related enquiries and data subject requests are handled directly by Pantryx at communication.pantryx@gmail.com.
If you are located in the EEA or UK and believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the App, data practices, providers, legal requirements, or business operations.
Material changes may be communicated through in-app notifications, email, or policy update banners. The updated Privacy Policy will become effective on the date stated in the updated version.
If you do not agree with the updated Privacy Policy, you should stop using the App and may request account deletion.
Contact
For privacy questions, data requests, or complaints, contact:
Volodymyr Mendyk
Email: communication.pantryx@gmail.com