Privacy Policy

Last updated: March 24, 2026

Overview

Grombear ("we", "our", or "us") is a food logging app that helps you track, remember, and discover meals. This policy explains what data we collect, how we use it, and your rights.

Information We Collect

Account Information

Email address and password when you create an account
Display name and avatar photo (optional)

Food Logs

Photos of meals you choose to upload
Voice recordings and their transcriptions when you describe a meal
Dish ratings and sentiment about meals
Prices and portion size ratings (optional)

Location Data

GPS coordinates from your device to identify nearby restaurants (only with your permission)
Location metadata (EXIF data) from photos you upload, including GPS coordinates, timestamps, and camera information
Restaurant details from Google Places (name, address, hours, ratings)

Food Preferences

Dietary preferences (e.g., meat preference, spice level)
Favorite cuisines and dishes
Preference interviews (audio and transcriptions)

Connected Accounts

If you connect a food delivery account (e.g., DoorDash, Toast), we store your credentials using AES-256-GCM encryption to import your order history
Imported data includes order items, prices, and totals

Social Data

Who you follow and who follows you
Reactions to food logs

Usage Data

App version, platform (iOS/Android), and session information
API request logs to monitor performance and errors
Error reports including stack traces for debugging

How We Use Your Information

To analyze your food photos using AI to identify dishes, cuisines, and tags
To transcribe your voice recordings and extract meal descriptions
To identify restaurants from your location and photo metadata
To build your food history, stats, and personalized recommendations
To display your public logs to people who follow you
To import order history from connected delivery accounts
To monitor app performance and fix errors

Third-Party Services

To provide our features, your data is processed by these services:

OpenAI — Your food photos are sent to OpenAI's Vision API for dish identification and analysis. Voice transcriptions are processed for sentiment analysis.
Google Cloud — Audio recordings are sent to Google Speech-to-Text for transcription. Google Places API is used to identify and enrich restaurant information.
Supabase — Provides authentication, database storage (PostgreSQL with row-level security), and secure file storage for photos and audio.

We do not sell your data to any third party. Data shared with the services above is used solely to provide Grombear's features.

Data Storage & Security

All data is stored using Supabase with row-level security — you can only access your own data
Photos and audio files are stored in encrypted cloud storage with signed, expiring URLs
Connected account credentials are encrypted with AES-256-GCM before storage
Passwords are hashed using industry-standard algorithms (Argon2 via Supabase Auth)
API access is rate-limited (100 requests/minute, 5 auth attempts per 15 minutes)

Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed, including food logs, photos, audio files, avatars, preferences, and social connections. This action is not reversible.

Your Rights

Access: View all your data within the app at any time
Deletion: Delete your account and all associated data permanently from within the app
Location: Deny or revoke location permissions at any time through your device settings
Connected Accounts: Disconnect imported accounts at any time

Children's Privacy

Grombear is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or by email.

Contact

Questions about this policy? Contact us at privacy@grombear.com

← Back to Home