FORAGE

Privacy Policy

Last updated: May 15, 2025

1. Overview

Forage ("we," "us," "our") takes your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. By using Forage you consent to the practices described here. If you do not agree, please do not use the Service.

2. Data We Collect

Account & Identity

  • Email address (required for account creation)
  • Display name
  • Google account ID and profile information (if you sign in with Google)
  • Account creation timestamp and last login

Health & Body Data (entered during onboarding)

  • Age, biological sex, height, and weight
  • Fitness goals (e.g., muscle gain, fat loss)
  • Meals per week preference
  • ZIP code / location for local grocery pricing
  • Weekly grocery budget

Nutrition & Activity Data

  • Meal logs: food name, calories, macronutrients, date/time, and source (manual or AI photo)
  • Food photos uploaded for AI analysis
  • Grocery lists and individual grocery items
  • Grocery AI chat message history

Financial & Receipt Data

  • Receipt images you upload
  • Parsed receipt data: store name, date, total, and line items
  • AI-generated nutritional insights about your purchases

Technical Data

  • IP address and device information (collected by Supabase infrastructure)
  • Browser type and operating system
  • Usage patterns and feature interactions (via server logs)

3. How We Use Your Data

  • To provide the Service: Your health stats, goals, and budget are used to personalize AI grocery recommendations, calorie targets, and macro goals.
  • AI processing: Food photos, receipt images, and chat messages are sent to Anthropic's Claude API for analysis. Anthropic processes this data under their own privacy policy.
  • To store your data securely: All data is stored in Supabase (PostgreSQL) with row-level security ensuring only you can access your own data.
  • To improve the Service: We may analyze aggregated, anonymized usage patterns to improve features. We do not sell or share identifiable personal data for this purpose.
  • To communicate with you: If you opt in to notifications, we may send meal reminders or product updates. You can opt out at any time.

4. Health Data — Special Considerations

We collect health-related information including body weight, biological sex, age, and fitness goals. This data is considered sensitive. We handle it as follows:

  • Health data is stored encrypted at rest in our database.
  • Health data is never sold to third parties, advertisers, or data brokers.
  • Health data is only used to personalize your in-app experience.
  • Food photos and receipt images are processed by Anthropic's API and stored in private cloud storage accessible only to your account. They are not used to train AI models without explicit consent.
  • We do not share health data with insurance companies, employers, or healthcare providers.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only as follows:

  • Supabase: Our database and authentication provider. Data is stored on Supabase infrastructure. See supabase.com/privacy.
  • Anthropic: Food photos, receipt images, and chat messages are sent to Anthropic's API for AI analysis. Anthropic's data use policy governs this processing. See anthropic.com/privacy.
  • Google: If you sign in with Google, Google shares your email and profile with us per their OAuth process. See google.com/privacy.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users or others.
  • Business transfers: If Forage is acquired or merged, your data may transfer to the new entity, which will be bound by this Privacy Policy.

6. Data Retention

We retain your data as long as your account is active. Specific retention practices:

  • Meal logs and grocery lists: retained indefinitely while your account exists.
  • Food photos and receipt images: stored in private cloud storage until you delete them or your account.
  • Chat messages: retained with your account for continuity.
  • After account deletion: identifiable data is deleted within 30 days. Anonymized, aggregated data may be retained indefinitely for analytics.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated data ("right to be forgotten").
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing of your data.
  • Withdraw consent: Withdraw consent for optional data processing at any time.

To exercise any of these rights, contact us at privacy@forage.app. We will respond within 30 days.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information (subject to certain exceptions).
  • The right to opt-out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your CCPA rights.

9. European Users (GDPR)

If you are located in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract performance: To provide the Service you signed up for.
  • Legitimate interests: To improve the Service and prevent fraud.
  • Consent: For optional features such as notifications and processing of special category data (health information).

You have the right to lodge a complaint with your local data protection authority. Our data may be stored on servers in the United States; we rely on Supabase's data processing agreements to ensure adequate protection for cross-border transfers.

10. Cookies & Tracking

Forage uses only essential session cookies required for authentication. We do not use advertising cookies, cross-site tracking, or analytics cookies that report to third parties. We do not use Meta Pixel, Google Analytics, or similar advertising tracking technologies.

11. Children's Privacy

Forage is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us data, contact us immediately at privacy@forage.app and we will delete the information promptly.

12. Security

We implement industry-standard security measures including encrypted data storage, row-level security on all database tables (each user can only access their own data), secure HTTPS transmission, and private cloud storage for uploaded files. However, no system is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors outside our control.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact

For privacy-related questions, data requests, or concerns, contact us at: privacy@forage.app

Terms of Service← Back to Forage