Privacy Policy

Effective Date: April 1, 2026

At Chive, we believe managing your kitchen should be simple and private. This Privacy Policy explains how we collect, use, share, and protect your information.

We don't sell your data. We don't share it with third parties for marketing. We don't use it to train AI models. We're transparent about what we collect and why.

1. Information We Collect

Account Information

When you create a Chive account, we collect your name, email address, authentication method (Google or email/password), and push notification preferences.

Pantry and Inventory Data

Items you add to your pantry (product names, brands, quantities, categories), storage zones, expiry dates, purchase dates, notes, photos, allergen information, and dietary preferences.

Purchase and Grocery List Data

Items on your grocery lists, purchase history (what you bought, when, where, and at what price), and order data you manually share from services like Instacart.

Recipe Data

Recipes you save, import, or scan from cookbooks, including ingredients, instructions, and associated photos.

Receipt and Photo Data

When you scan receipts or take photos, we process them using AI (Claude by Anthropic) to extract product names, quantities, prices, and expiry dates. We strip location metadata (EXIF GPS data) from photos before uploading to cloud storage. You can delete stored photos at any time.

Barcode Data

When you scan barcodes, we collect the barcode number and look up product information from third-party databases.

AI Conversation Data

When you chat with Chive's AI assistant, your messages are processed in real-time but are not permanently stored on our servers. Conversation history is kept in your browser session only and is cleared when you close the chat or clear your browser data. When you use the AI assistant, relevant context from your account, including inventory items, shopping list, purchase history, and recipes, is sent to Anthropic for processing to provide helpful responses.

App Usage

We collect minimal technical data: crash reports and errors to fix bugs. We do not use tracking cookies, analytics SDKs, or behavioral profiling tools. We do not track your location or create behavioral profiles.

2. How We Use Your Information

We use your information to:

We do not use your data for marketing, targeted advertising, or AI model training.

3. How We Share Your Information

Household Members

If you join or create a household in Chive, all household members can view and edit the shared pantry inventory, shopping list, purchase history, and recipes. The household owner controls membership and can invite or remove members. You can leave a household at any time.

AI Processing (Anthropic)

When you use AI-powered features, the following data is sent to Anthropic (the maker of Claude AI) for processing:

Anthropic does not use your data to train or improve Claude. Anthropic retains conversation data briefly for safety monitoring, then deletes it. You can review Anthropic's privacy policy and usage policy for full details. You can choose not to use AI features. All other app features work without them.

Authentication (Google)

If you sign in with Google, we use Google's authentication service. We receive your name and email address. We do not request access to your contacts, calendar, or other Google data.

Cloud Infrastructure (Supabase)

Your data is stored on Supabase cloud infrastructure. Supabase acts as a data processor on our behalf under a data processing agreement.

Push Notifications

We use the Web Push API to deliver notifications. Push services receive device tokens and notification content, but not your pantry data.

Product Data Services

To enrich product information (names, categories, images, nutrition, allergens), we query the following services using only product identifiers (names and barcodes). No personal data is sent:

Our service providers operate under data processing agreements or terms of service that govern how your data is handled in compliance with applicable privacy laws.

4. Cookies, Local Storage, and Tracking

Chive does not use tracking cookies, third-party analytics, or advertising pixels. We use browser local storage and service workers solely for app functionality: offline caching, session management, and UI preferences. These are essential for the app to work and cannot be used to track you across websites.

Because we do not track users, Do Not Track (DNT) browser signals have no effect. There is no tracking behavior to disable.

5. Data Storage and Security

Your data is stored on Supabase cloud infrastructure with encryption in transit (HTTPS/TLS) and at rest. We use row-level security policies to isolate your data so that only you and your household members can access it.

If we discover a data breach affecting your personal data, we will notify you as required by applicable law, and in any event within 30 days of discovery, via email with details of what was compromised and steps taken.

6. Your Privacy Rights

Access and Export

You can export your data (inventory, grocery list, purchase history) in CSV or JSON format through app settings at any time.

Deletion

You can delete individual items at any time. You can delete your entire account through app settings. Your data will be removed from our primary servers immediately upon request. Backup copies are retained for up to 30 days before automatic deletion.

Notifications

You control whether to receive push notifications and can disable them at any time in settings.

AI Features

You can choose not to use AI-powered features. All core app features (pantry tracking, shopping lists, manual item entry, barcode scanning) work without AI.

7. Children's Privacy

Chive requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact [email protected] and we will delete it promptly.

8. International Data and Privacy Regulations

GDPR (EU/UK)

If you are in the EU or UK, you have rights under GDPR including: access, correction, deletion, restriction of processing, data portability, and objection. Our lawful basis for processing is your consent (account creation) and legitimate interest (app functionality). Contact [email protected] to exercise these rights. We will respond within 30 days.

CCPA/CPRA (California)

If you are in California:

PIPEDA (Canada)

We comply with Canada's Personal Information Protection and Electronic Documents Act. Your data is collected and used only with your knowledge and consent for identified purposes. You may withdraw consent at any time by deleting your account.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account, we remove your data from primary servers immediately. Backup copies are deleted within 30 days. De-identified, aggregated analytics may be retained indefinitely. Server error logs that may contain technical request data are retained for up to 30 days.

10. Changes to This Policy

We'll notify you of significant changes via email or in-app notification at least 14 days before they take effect.

11. Contact Us

Last Updated: March 30, 2026