Privacy Policy

Effective date: March 5, 2026 · Domain: mypantry.dev

Short version: MyPantry Clip is designed privacy-first. Your recipe data lives on your device by default. We never sell your data, run ads, or track your browsing. Cloud sync is opt-in and secured end-to-end by Supabase Auth. Your LLM API key is encrypted locally and is never transmitted to our servers.

1. Who We Are

MyPantry ("we", "us", or "our") is the operator of the MyPantry browser extension ("MyPantry Clip") and the cloud synchronisation API hosted at mypantry.dev. For questions about this policy, contact us at support@mypantry.dev.

2. What This Policy Covers

This policy applies to:

The MyPantry Clip Chrome extension (the "Extension").
The MyPantry Cloud API at https://mypantry.dev (the "Service").
Any authentication flows conducted via Supabase (Google OAuth / Email OTP).

It does not apply to third-party services you may connect (e.g., Google, Anthropic, or OpenAI) — their own privacy policies govern your use of those services.

3. Data We Collect & How

Data element	Where it lives	Shared with us?
Saved recipes (title, ingredients, steps, image URL)	Browser `IndexedDB` Local	Only if you enable Cloud Sync
Recipe vector embeddings (mathematical arrays)	Browser `IndexedDB` Local	Only if you enable Cloud Sync
Your LLM API key (BYOK mode)	AES-GCM encrypted in `chrome.storage.local` Local	Never
Session password / encryption salt & IV	`chrome.storage.session` Local	Never
Supabase user ID + auth token (Cloud mode)	Supabase Auth + `chrome.storage.local` Cloud	Yes — required for authentication
Raw recipe page HTML (during extraction)	Sent transiently to our API, pruned before LLM routing Cloud	Yes — discarded after processing
Request timestamps & endpoint hit counts	Upstash Redis (anonymous per user-ID) Cloud	Yes — used solely for rate-limiting
Server-side request logs (latency, endpoint, user ID hash)	Fly.io log stream, rotated regularly Cloud	Yes — used for debugging only
Browsing history / page content outside recipe extraction	N/A	Never collected

4. How We Use Your Data

Recipe extraction & normalisation: The raw page content you trigger via the Extension is sent to our API, stripped of images and scripts, and forwarded to an LLM (currently Gemini) to produce structured JSON. We do not store the raw HTML beyond the lifetime of the request.
Ingredient substitution: Your current recipe JSON is sent to the API and forwarded to an LLM to compute a science-backed substitution. Likewise not stored.
Cloud sync: If you sign in with Google OAuth or Email OTP, your normalised recipe JSON and pre-computed embedding vectors are stored in Supabase Postgres / pgvector under your Supabase user ID. This is the only persistent cloud storage we use.
Abuse prevention: We maintain an atomic per-user request counter in Redis to enforce weekly rate limits (configurable, default 50 requests/week per endpoint). No content is stored in Redis — only numeric counters keyed by your Supabase user ID.
Service improvement: Aggregated, anonymised request latency metrics may be reviewed to improve performance. Individual requests are not profiled.

5. Bring Your Own Key (BYOK) Mode

BYOK mode lets you use MyPantry without a cloud account. Your LLM API key is encrypted locally in your browser using AES-256-GCM via the Web Crypto API, keyed with a password you create via PBKDF2. The raw key material is held only in ephemeral memory for up to 1 hour after decryption to avoid repeated password prompts, and is cleared upon browser restart or logout.

In BYOK mode, your API key is never transmitted to our servers. All LLM calls are routed through your own key against the provider's API directly from our server acting as a stateless proxy — we never log or store the key value.

6. Artificial Intelligence & Third-Party LLMs

Recipe extraction and ingredient substitution use the Google Gemini API. The text payload we send is the pruned page content or your stored recipe JSON — no personally identifiable information is deliberately included. Please review Google's Privacy Policy for how Gemini processes data.

Semantic search embeddings are generated entirely on-device using Transformers.js (Xenova/all-MiniLM-L6-v2, quantized WASM build). No text is sent to any external service at the vectorisation step.

7. Chrome Extension Permissions

MyPantry Clip requests the following Chrome permissions and uses them strictly as described:

activeTab: Read the current tab's URL and title when you click the extension icon. We read only the tab you explicitly activate.
scripting: Inject a content script into the active tab on demand to extract the page's DOM for recipe parsing. The content script runs only when you initiate an extraction.
storage: Persist your encrypted API key, auth token, and local recipe database (IndexedDB) between sessions.
offscreen: Spawn an offscreen document to run the Transformers.js WASM pipeline without blocking the UI thread.

We do not request <all_urls>, broad host permissions, or access to browser history.

8. Data Retention & Deletion

Local data: Persists until you uninstall the Extension or use the "Export & clear" function in Settings. We have no access to it.
Cloud sync data: Stored in Supabase linked to your user ID. You may delete your account and all associated data at any time by emailing support@mypantry.dev. Deletion is processed within 30 days.
Request logs: Retained for up to 30 days on Fly.io log streams, then automatically purged.
Redis counters: Rate-limit counters are keyed to a rolling 7-day window and expire automatically.

9. Data Sharing & Sub-processors

We do not sell your data. We share data only with the following sub-processors, all of which are necessary for the service to function:

Sub-processor	Purpose	Data shared
Supabase	Auth & cloud database	User ID, email (OAuth), recipe JSON, embedding vectors
Upstash	Rate-limit counters	Supabase user ID (no content)
Fly.io	API hosting	Server logs (IPs, request metadata)
Google (Gemini)	LLM inference	Pruned page text / recipe JSON (transient)

10. Security

All data in transit is encrypted via TLS 1.2+.
API keys stored locally use AES-256-GCM with a PBKDF2-derived key — the server never sees plaintext keys.
All cloud API endpoints require a valid Supabase JWT; unauthenticated requests are rejected with HTTP 401.
CORS is restricted to chrome-extension://<your-extension-id> and localhost for local development.

11. Children's Privacy

MyPantry is not directed at children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us at support@mypantry.dev and we will delete it promptly.

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you.
Rectification: Correct inaccurate data.
Erasure: Request deletion of your account and associated cloud data.
Portability: Export your local recipe database at any time via the "Export to JSON" feature in the Extension settings.
Objection / Restriction: Object to or restrict certain processing.

To exercise any of these rights, email support@mypantry.dev.

13. Changes to This Policy

We may update this policy to reflect changes in the service or legal requirements. Material changes will be announced on our website at mypantry.dev. The "Effective date" at the top of this page is always updated when changes are published.