Shop Chop ChowBack to the app

Privacy Policy

Version 2.1 · Effective 14 July 2026

Shop Chop Chow is a household meal-planning app operated by Joshua Camman (ABN 71 163 089 011), a sole trader ("we", "us"), based in Victoria, Australia. This policy explains what we collect, why, where it goes, how long we keep it, and the controls you have. We've kept it honest and specific — it describes what the app actually does, not boilerplate.

Our approach to privacy law. We handle your information in line with the Australian Privacy Principles and applicable Victorian health privacy principles, and we don't rely on any small-business exemption to do less. Some of what the app holds (allergies, intolerances, nutrition and weight goals, and religious dietary observance such as halal or kosher) can be sensitive information, so we treat it that way — see §2.

The short version: we collect what you give us (account details, your household's recipes, plans, lists and kitchen data) plus a small amount of service data (push tokens, AI usage counters, optional analytics). We use it to run the app for your household — we don't sell it, and we don't use it for advertising. Your household members can see the household's shared data and some things about you. Our servers are run by Google (Firebase) and located overseas.

1. What we collect

You give us:

Collected automatically:

Scanning items. When you scan a product, the barcode reading and text recognition happen on your device (Google ML Kit) — the photo itself is never uploaded, and is held only temporarily on your device. If you then tap "Identify with AI", a short extract of the recognised text (up to 600 characters) is sent to Google Gemini to work out what the product is. If you don't tap it, nothing from the scan leaves your device except the barcode lookup below.

What we deliberately don't collect: your location, contacts, microphone, advertising identifiers, or payment card numbers (payments are handled entirely by Stripe/RevenueCat — §5).

2. Health and dietary information — and your consent

Allergies, intolerances, nutrition and weight goals, and religious dietary requirements can be sensitive information under privacy law. We don't pretend otherwise, and we don't ask you to accept this as part of the Terms — it's a separate, express choice, recorded against your account with the date and version.

We do not use this information for advertising, profiling, or any purpose other than the meal planning features you're using it for.

3. Why we use it

UseDataBasis
Run the app for your householdAccount, household content, per-member settingsProviding the service you asked for
AI features you trigger (recipe import/analysis, categorisation, dish images, scan identification)The recipe text/URL content, the recognised scan text, or the prompt for that actionProviding the feature; sent to Google Gemini (§5)
Personalising AI recipe suggestions to your household's dietary needsYour household's saved dietary profile (allergies, halal/kosher, etc.)Your express consent (§2) — not used unless you allow it, and stopped when you withdraw
Fair-use limits and billingAI usage counters, subscription statusRunning the free tier and PRO
Notifications you or your household trigger (prep/cook assignments, join requests)Push tokens, assignment namesProviding the feature; you can turn notifications off in your device settings
Understanding and improving the productOptional, scrubbed analytics eventsWith your consent, asked before anything is collected (§7)
Telling waitlist members we've launchedWaitlist emailYour request when you signed up

We don't sell personal information, don't share it for advertising, and don't use your content to train AI models. AI features send the content for that action to Google's Gemini API on a paid plan, under which Google does not use it to train or improve its models (§5).

4. What your household sees

Shop Chop Chow is a shared app, and you should know exactly what's shared before you join a household:

You can leave a household at any time (Settings → Leave household). Leaving removes your assignments and your access; the household keeps its shared content.

Exporting. Settings → Export produces a JSON file. If you're the household owner it contains the whole household's data. If you're not the owner, it contains your own data plus the household's shared content, with other members' nutrition goals and photos left out — those aren't yours to export. Either way the file says which kind it is, and lists what it deliberately excludes. Only share it with people you'd share the household with.

5. Who we share data with (our providers)

We use a small set of service providers. They process data to provide their service to us, not for their own marketing.

ProviderWhat they processWhere
Google Firebase (Authentication, Firestore, Storage, Cloud Functions, Hosting)Everything we store: accounts, household content, photos, tokens, logsFirestore household content: Singapore (asia-southeast1); Storage photos and Cloud Functions: United States (us-central1); Cloud Logging: global; Authentication and Hosting use Google's global infrastructure
Google Gemini APIThe recipe text, page content, recognised scan text, or prompt for each AI action you trigger; generated dish imagesUnited States
Google FCMPush delivery to your devicesGlobal (Google)
RevenueCatSubscription state keyed to your account id; checkout hostingUnited States
StripePayment details for web subscriptions (card numbers never touch our systems)United States/global
PostHogOptional analytics events (§7), keyed to your account idUnited States
Open Food Facts and related open databasesWhen you scan a barcode, the app looks it up against the Open Food Facts, Open Beauty Facts, Open Pet Food Facts and Open Products Facts databases (your device connects to their servers, which see your IP address). We fetch the product name, brand, quantity and category — we do not fetch the ingredients or allergen fields. Product images are displayed directly from their servers (hotlinked), so your device requests them from Open Food Facts when shown. Product data is used under the Open Database LicenceFrance

We don't disclose personal information to anyone else except: with your direction (e.g. the export/share feature), or where the law requires it.

Firebase Analytics is not enabled. The only analytics we use is PostHog, described in §7.

AI content and model training. We use the Google Gemini API on a paid plan. Under Google's paid-tier terms, the content you send for an AI action (recipe text, page content or prompt) and the result it returns are not used by Google to train or improve its models and are not human-reviewed for that purpose. We only send the content needed for the action you trigger.

Overseas storage. Our infrastructure is hosted by Google and our other providers on servers outside Australia, including Singapore, the United States and global infrastructure. Before your information is disclosed overseas we tell you here, and — for the sensitive information in §2 — we ask for your express consent (§2). We take reasonable steps to ensure our providers handle it consistently with the Australian Privacy Principles.

6. Waitlist and email

If you join the waitlist we store your email and use it to tell you when Shop Chop Chow launches. That's the scope of the consent — we won't add you to an ongoing marketing list without asking separately. Launch and any service emails will identify us and include a working unsubscribe. We'll delete waitlist emails within 90 days of launch.

7. Analytics and crash reporting — and turning it off

If our build has analytics enabled, we use PostHog to understand product usage (events like "meal planned" or "recipe imported") and to receive crash reports.

You can turn it off at Settings → This device → Analytics & diagnostics — the switch stops collection from that device immediately. (If analytics isn't enabled in your build, nothing is collected at all and you'll never see the notice.)

8. How long we keep things (retention)

DataKept
Account (profile, preferences, push tokens)Until you delete your account — deletion removes them and your sign-in
Household contentUntil the household deletes it, or the household itself is deleted (deleting a household deletes its recipes, plans, lists, pantry data and photos)
Health/dietary information (§2)With the household until deleted in-app, or until the household is deleted. Withdrawing consent stops it being used for AI; it doesn't delete it — delete it in-app if that's what you want
Consent record (§2)Kept while your account exists, including after withdrawal, so we can show what you agreed to and when
AI usage event records90 days (automatic expiry)
Monthly AI usage countersWhile the household exists (they're the billing/fair-use record)
Waitlist emailsUntil 90 days after launch (§6)
Server logsGoogle Cloud _Default bucket: 30 days
Caches on your deviceRecipe/content caches up to 7 days; saved AI results up to 1 year; the offline sign-in snapshot up to 1 year. Signing out clears your household's cached content, recipes and AI results from that device. Device settings you chose (theme, notification and analytics preferences) are kept, and anything you saved while offline that hasn't synced yet is kept so it isn't lost. Deleting the app removes everything
BackupsFirestore: seven-day point-in-time recovery plus daily scheduled backups retained for 60 days. Firebase Storage objects are not covered by Firestore backups

9. Your controls and rights

All of these exist in the product today:

We'll respond to emailed requests within 30 days. We may need to verify you control the account's email address before acting.

10. Security

Household data is isolated per household and enforced server-side (security rules with deny-by- default, tested in CI); billing and usage records can't be written by clients; AI keys never leave our servers; transport is encrypted (HTTPS); stored data is encrypted at rest by Google. No system is perfectly secure — use a strong, unique password. If we become aware of a data breach likely to cause you serious harm we'll assess it promptly and notify you (and the OAIC where required).

11. Children

Shop Chop Chow accounts are for people 16 and over.

Households routinely include children — you can create a member profile for a child (their name, serving size, dietary needs and any nutrition goals) without them having an account. That profile is managed by the adults in the household, and when an adult consents to the handling in §2 they're asked to confirm they're doing so as that child's parent or guardian.

If you believe someone under 16 has created their own account, email us and we'll delete it.

12. Changes to this policy

Material changes will be announced in-app before they take effect, with the version and date updated above. Where a change means we'd handle your information in a way your existing consent doesn't cover, we'll ask you again rather than assume it. The current version always lives at https://shopchopchow.com/privacy.

13. Complaints and contact

Questions, requests or complaints: [email protected]. We'll acknowledge within a week and aim to resolve within 30 days.

If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au). If your concern relates to health information and you're in Victoria, you can also contact the Office of the Victorian Information Commissioner (ovic.vic.gov.au) or the Health Complaints Commissioner (hcc.vic.gov.au).