Privacy Policy

Last updated: 12 April 2026

1. Who We Are

Freshli is operated by Freshli ("we", "us", "our"). This policy explains how we collect, use, and protect your personal information when you use the Freshli iOS app and freshli.app website.

Contact: [email protected]

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address — for authentication and account recovery
• Display name — shown in the community marketplace
• Apple ID metadata — if you use Sign in with Apple (name, email relay)

2.2 Pantry Data

Items you add to your pantry (names, quantities, expiry dates, categories, storage locations) are stored:

• Locally on your device via SwiftData — always available offline
• On our servers (Supabase, EU-West region) — for cross-device sync and backup, encrypted in transit and at rest

2.3 Community Data

If you list surplus food on the community marketplace, your listing details (item name, description, general area) are visible to other users. Your exact address is never shared unless you choose to include pickup details.

2.4 Usage Analytics

We collect anonymous product analytics to improve the app:

• Which features you use (e.g., Rescue Chef, Weekly Wrap) — never the content
• App version, session duration, crash-free rate
• No device identifiers, no advertising IDs, no third-party trackers

2.5 AI Processing

2.6 Face Data (TrueDepth API) — Optional Accessibility Feature

Freshli offers an optional accessibility feature called Gaze-Adaptive UI that uses Apple's ARKit face tracking on devices with a TrueDepth camera (iPhone X and later, iPad Pro 11-inch and later, iPad Air with TrueDepth). This feature is disabled by default and must be explicitly enabled by the user in Settings → Accessibility within the Freshli app.

What face data is used: ARKit provides Freshli with the real-time 3D transform matrices for the left eye and right eye relative to the face. Freshli averages these two eye transforms to compute a single normalised gaze point on the screen (for example, "the user is looking at the top-right area of the screen"). Nothing else from the ARKit face anchor is used — no face mesh, no blendshapes, no face geometry, no identity features, and no photographic image of the user's face.

Purpose: The gaze point is used solely to very subtly scale up interactive UI elements the user appears to be looking at (a 4% inflation, within ARKit's stated accuracy). This helps users with limited mobility navigate the app hands-free. The feature is purely visual — the gaze point never triggers taps, purchases, or any automated action.

Processing: All face tracking is performed entirely on-device by Apple's ARKit framework. The TrueDepth camera preview is never shown, never recorded, and never written to disk. Camera frames are processed inside ARKit's protected process and are never exposed to Freshli's application code. Freshli only receives the derived gaze vector (two CGFloat values and a confidence score).

Retention & sharing: Face data is never retained (no local storage, no caching to disk) and is never shared with Freshli's servers, Apple's servers, advertising networks, analytics providers, or any other third party. There are no exceptions. When the user disables the feature or closes the app, the ARSession stops immediately and no residual face data exists.

User control: The feature is opt-in, can be disabled at any time in Settings → Accessibility → Gaze-Adaptive UI, and can additionally be revoked via iOS Settings → Privacy & Security → Camera → Freshli. The app functions fully without this feature enabled.

3. How We Use Your Information

• To provide and maintain the Freshli service
• To sync your pantry data across your devices
• To send expiry reminder notifications (with your permission)
• To display your listings in the community marketplace
• To calculate and display your environmental impact (CO2 avoided, money saved)
• To improve the app through anonymous, aggregated analytics

We never sell your personal data to third parties. We never use your data for advertising.

4. Data Storage and Security

• Server data is hosted on Supabase (EU-West-3 region, AWS infrastructure)
• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Row Level Security (RLS) ensures you can only access your own data
• Passwords are checked against HaveIBeenPwned to prevent use of compromised credentials

5. Data Sharing

We share your data only in these limited circumstances:

• Community marketplace — your listing details are visible to other users (you control what you share)
• Legal requirements — if required by law, court order, or regulatory authority
• Service providers — Supabase (database hosting), Apple (authentication, push notifications) — under strict data processing agreements

6. Your Rights

You have the right to:

• Access your data — available in Settings within the app
• Delete your account and all associated data — Settings → Delete Account
• Export your pantry data — contact [email protected]
• Withdraw consent for notifications — via iOS Settings
• Opt out of analytics — via the app's Settings screen

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed from our servers within 30 days. Anonymous, aggregated analytics data may be retained indefinitely.

8. Children's Privacy

Freshli is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or by email. The "Last updated" date at the top of this page indicates the most recent revision.

10. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: [email protected]