FreshDate — Food Expiry Tracker & Meal Planner
Last updated: 6 May 2026 • Version 2.1
FreshDate — Privacy Policy
FreshDate Ltd • Last updated: 6 May 2026 • Version 2.1
FreshDate Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (“App”).
Please read this policy carefully. By using the App, you consent to our data practices as described herein. If you do not agree, do not use the App.
Jurisdiction: FreshDate is operated in the United Kingdom and complies with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
Company: FreshDate Ltd
Registered in: England & Wales
Email: info@freshdate.co.uk
Data Protection Officer: info@freshdate.co.uk
Website: https://freshdate.co.uk
For any privacy-related enquiries, contact us at the email address above. We will respond within 30 days as required by UK GDPR.
We collect the following categories of personal data:
Email address
Name
Password (hashed by Supabase — never stored or transmitted in plain text)
Product names, expiry dates, quantities, categories, notes
Item status — consumed, wasted, or still tracking
Timestamps — when items were added, updated, or deleted
Household name and member names
Email addresses of people you invite to share a household
Sharing preferences and access permissions
Profile name (e.g. “Andrew”, “Sarah”)
Age and gender
Activity level
Dietary preferences (e.g. Vegetarian, Vegan)
Dietary restrictions (e.g. gluten-free, dairy-free)
Custom allergies (e.g. peanuts, shellfish)
Calorie targets
Note: Dietary restriction and allergy data is considered sensitive personal data under UK GDPR and is handled with additional care. It is used only to personalise meal suggestions and is never shared with third parties for marketing purposes.
Custom meal plans and what you plan to cook each day
Dietary notes and preferences
Linked food items marked as planned for use
Images of food packaging captured via the camera scanner
OCR-extracted text — dates and product names detected from photos
Important: Photos are uploaded temporarily to secure cloud storage (Amazon S3) and processed by Manus LLM for expiry date extraction. Photos are deleted immediately after processing (within seconds) and are NOT permanently stored. See Section 5 for full details.
Device type, OS version, app version
Unique device identifier
IP address — collected for security and abuse prevention
Push notification device token
Features used, timestamps, session duration
App crashes and error logs
How photos are handled when you use the camera scanner:
The photo is temporarily uploaded to our secure Amazon S3 storage (food-labels/ bucket)
The photo is sent to Manus LLM (forge.manus.im) for AI-powered expiry date extraction
The extracted date is saved to your food inventory
The photo is deleted from Amazon S3 immediately after processing — within seconds
Photos are NOT permanently stored, backed up, or used for any other purpose
You can avoid photo uploads entirely by not using the camera scanner feature
Retention period: Seconds to minutes during processing only. No photos are retained after processing completes.
We share your data with the following third-party service providers to deliver the App. Each is a data processor acting under our instructions.
Data shared: Email address, password hash, auth session tokens
Purpose: User authentication and session management only
What it does NOT store: Food inventory, household data, meal plans — these are stored in MySQL (see 6.2)
Location: EU (GDPR compliant)
Privacy: supabase.com/privacy
Data shared: User profile, food inventory, household data, meal plans, shopping lists, family profiles, push tokens
Purpose: Primary storage for all app data
Access: Data is accessed exclusively via the tRPC backend API; direct database access is restricted
Data shared: Food packaging photos (temporarily, during AI processing only)
Purpose: Temporary storage of photos during expiry date extraction
Retention: Photos deleted immediately after processing (within seconds)
Privacy: aws.amazon.com/privacy
Data shared: Food packaging photos (temporarily)
Purpose: OCR processing to extract expiry dates and product information from photos
Retention: Photos processed on a per-request basis. Manus does not retain photos after the request completes.
Endpoint: forge.manus.im
Data shared: Email, subscription status, entitlements, device ID
Purpose: Manage premium subscriptions and billing
Payment data: NOT shared with us — Apple/Google handle payments directly
Privacy: revenuecat.com/privacy
Data shared: Recipe search queries (ingredient names only; no personal identifiers)
Purpose: Provide recipe and meal planning suggestions
Privacy: themealdb.com
Data shared: Device ID, app version, crash reports, payment data (handled entirely by Apple/Google)
Purpose: App distribution and payment processing
Privacy: apple.com/privacy | policies.google.com/privacy
Data shared: Device push token, notification payload
Purpose: Deliver push notifications for expiring items
Privacy: expo.dev/privacy
We may disclose your data if required by law, court order, or government request. We will notify you of such requests unless legally prohibited from doing so.
Under UK GDPR, you have the following rights:
Right of Access: Request a copy of your personal data. We will provide it within 30 days.
Right of Rectification: Correct inaccurate or incomplete data.
Right of Erasure: Request deletion of your data. We will delete it within 30 days.
Right of Portability: Request your data in a machine-readable format (CSV/JSON).
Right to Object: Object to processing of your data for marketing or analytics.
Right to Restrict Processing: Request that we limit how we use your data.
Right to Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g. push notifications, marketing emails).
To exercise any of these rights, contact us at info@freshdate.co.uk with “Privacy Request” in the subject line. We will respond within 30 days.
We implement industry-standard security measures to protect your data:
HTTPS/TLS encryption: All data in transit is encrypted
Database encryption: Data at rest is encrypted
Password security: Passwords are hashed using bcrypt by Supabase, never stored in plain text
Secure local storage: Auth tokens stored in iOS Keychain / Android Keystore
Access controls: Row-level security policies restrict access to user’s own data
Principle of least privilege: Backend access to personal data is limited to what is strictly necessary
Breach notification: In the event of a data breach, we will notify affected users within 72 hours and report to the ICO as required by UK GDPR.
The App is not intended for children under 13. We do not knowingly collect data from children under 13. If we become aware that a child under 13 has provided personal data, we will delete it immediately. Parents who believe their child has provided data should contact us at info@freshdate.co.uk.
Your data is primarily stored in EU data centres (Supabase). Some third-party services may process data outside the UK/EU:
RevenueCat: US-based (Standard Contractual Clauses in place)
Amazon S3: Multi-region; EU/UK regions used where available
Manus LLM: Processed via forge.manus.im (appropriate safeguards in place)
Expo / Apple / Google: Multi-region (Standard Contractual Clauses in place)
For transfers outside the UK/EU, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement, or other lawful transfer mechanisms.
We do NOT use any data for cross-app tracking or third-party advertising.
Contact info: email address, name
User content: food inventory, meal plans, shopping lists, family profiles (including dietary restrictions and allergies)
Identifiers: user ID, device identifier, push notification token
Purchases: subscription status, purchase history
Usage data: features used, session duration
Diagnostics: crash logs, error reports
Anonymised analytics
Recipe search queries sent to TheMealDB (ingredient names only, no personal identifiers)
None. FreshDate does not use any data for cross-app or cross-site tracking.
The App does not use cookies or similar tracking technologies directly. However, third-party services (Supabase, RevenueCat) may use cookies within their services. Please refer to their privacy policies for details.
The App uses secure local storage (iOS Keychain / Android Keystore) for auth tokens and device preferences. This is not the same as cookies and cannot be used for cross-app tracking.
We may send you:
Transactional emails: Account confirmations, password resets, subscription updates. These are required for the operation of the service and cannot be opted out of.
App notifications: Expiry reminders (can be disabled in Settings or your device notification settings).
Marketing emails: Feature updates, promotions (opt-in only). You can unsubscribe at any time via the link in any marketing email or by emailing info@freshdate.co.uk.
We may update this Privacy Policy from time to time. Changes will be posted at freshdate.co.uk/privacy with an updated “Last Updated” date. For material changes, we will notify you by email or in-app prompt. Continued use of the App after changes constitutes acceptance of the updated policy.
For privacy questions, data requests, or concerns, contact:
Email: info@freshdate.co.uk
Website: https://freshdate.co.uk
Data Protection Officer: info@freshdate.co.uk
We will respond to all enquiries within 30 days as required by UK GDPR.
If you believe we have violated your privacy rights, you may lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
© 2026 FreshDate Ltd. All rights reserved.
Last updated: 6 May 2026