We built Prep Passport to be private by default. This page explains, in plain English, exactly what information the app handles, who it’s shared with, and the choices you have. We don’t run ads, and we never sell your information.
The short version
- Prep Passport needs a free account to use. You get a sample preview during setup, then sign in with Apple or Google. An account lets us sync your plans across devices and keep the AI service from being overused or abused.
- Your meal plans, recipes, and food profile live on your device and in your private account.
- To create a plan or recipe, the details of that request are sent to Google Gemini, the AI that writes your meals. On Google’s paid API, those inputs are not used to train AI models.
- We use a small number of trusted services to run the app (listed below). We share with them only what each one needs.
- No ads. No selling your data. You can export or erase your data anytime.
What we collect, and where it lives
| Information | Where it’s kept |
|---|---|
| Account basics: your email and name, from signing in with Apple or Google | Stored in your private account (Supabase). An account is required to use the app, after a sample preview during setup. |
| Your food profile: allergies, dietary rules, foods to avoid, cuisines, household size, budget, kitchen setup, and the area you shop in | On your device and in your account. This includes allergy information, which we treat as sensitive and use only to personalize your meals. |
| Your cooking: meal plans, recipes, favorites, and saved lists | On your device and in your account. |
| Usage analytics: events like “a meal plan was generated” (including which cuisines and options you picked), to understand what’s used. These are anonymous until you sign in; once you sign in, they’re linked to your account. | PostHog. Not sold, not used for ads. |
| Error reports: crash logs and a small sample of session replays, so we can fix bugs | Sentry. Replays mask on-screen text by default, so your allergy list isn’t captured in them. |
| A scrambled (hashed) version of your IP address: to stop spam and abuse | Kept about 40 days. Your real IP address is never stored. |
Sign in with Google, and how we handle your Google data
You can create your account and sign in with Sign in with Google. When you do, Google shares a limited amount of information with Prep Passport through the Google sign-in (OAuth) process:
- What we access: your email address and basic Google profile (your name and profile picture), via the standard sign-in scopes (openid, email, profile). We do not request or access anything else in your Google Account — no Gmail, Drive, Contacts, Calendar, photos, or files.
- How we use it: only to create and secure your Prep Passport account, sign you in, sync your meal plans across your devices, and greet you by name in the app.
- How we store and process it: your email and name are kept in your private account (Supabase). We do not combine this information with data from other sources, and we do not use it to build advertising or marketing profiles.
- Who we share it with: no one. We never sell it, never use it for advertising, and never use it to train AI models.
- How long we keep it: for as long as your account is active. When you delete your account, this information is deleted with it.
Prep Passport’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What we send out in the moment, then drop
Some things are used to answer a single request, then discarded. We never save them:
- Building a menu, recipe, or prep plan: the details for that request (your cuisines, dietary rules, and allergies) are sent to Google Gemini to write your plan, and used to answer that request only.
- Fridge photos: if you snap a photo of your fridge or pantry, it’s sent to Google Gemini to read the ingredients, then discarded. We never store the photo.
- Voice input: if you dictate instead of typing, your device’s own built-in speech-to-text (provided by Apple or Google, depending on your device) turns the audio into words. We never receive or store the audio, just the typed-out words you choose to keep.
- Finding nearby markets: when you look up shops near you, your search location is sent to OpenStreetMap to find matching markets.
- Hearing a dish name: when you tap to hear how a dish is pronounced, just that dish name (text) is sent to Google Cloud Text-to-Speech and cached so it loads faster next time. It isn’t tied to your identity.
We don’t send your name or contact details to these services, just what’s needed to answer the request.
The services we rely on
To run the app we use a few trusted providers. Each one only receives what it needs for its job:
- Supabase: your account and synced data.
- Google: Gemini (the AI that writes your meals), Cloud Text-to-Speech (pronunciation), and Google sign-in.
- Apple: Sign in with Apple.
- PostHog: usage analytics (anonymous until you sign in, then linked to your account).
- Sentry: crash and error reporting.
- OpenStreetMap: nearby-market lookups.
Some of these providers are based in the United States, so if you’re outside the U.S., your data may be processed there.
How AI is used, and what it means for you
Prep Passport’s meals and recipes are written by Google Gemini, an AI service. AI-generated content can be incomplete or wrong, including about ingredients and allergens, so please see the allergy and health section of our Terms of Use. On Google’s paid Gemini API, the information you send is used to generate your results and is not used to train Google’s AI models. More broadly, we never use your data, including the email and name from Sign in with Google, for advertising, for selling to data brokers, or for training AI models. We use it only to provide and improve Prep Passport.
How we keep your data safe
Your connection to Prep Passport is encrypted in transit with HTTPS, and your account data is encrypted at rest by the providers that store it (Supabase and Google). We limit who can access your information, and we only collect what the app needs to work.
How long we keep your information
We keep your account and saved data for as long as your account is active. When you delete your account, we remove the data stored with it. Usage and crash data are held by our analytics providers for a limited time and then deleted, and the hashed version of your IP address that we use to prevent abuse is kept about 40 days. Fridge photos and the details sent to write a single plan are used only for that request and are not stored.
Your control and your rights
You can download a full backup of your data, restore it on another device, or erase everything from this device using Reset local data in the app’s settings. You can also delete your account, which removes the data stored with it. Depending on where you live, you may have the right to access, correct, or delete your personal information, and to object to certain uses. Just email us and we’ll help.
Children
Prep Passport is made for adults planning meals for their households. It isn’t directed to children, and we don’t knowingly collect information from anyone under 13.
Changes
If we change how the app handles your information, we’ll update this page and the date at the top, and for a meaningful change we’ll ask you to review it again the next time you open the app.
Contact
Questions about your privacy? Reach us at [email protected].