Privacy Policy

Stocked is operated by the entity named on our Impressum page. For anything privacy- or data-related, email privacy@stocked-app.com.

• Inventory items, quantities, units, and storage areas
• Receipt photos you take in the app
• OCR text produced locally by Tesseract
• Learned receipt-to-item mappings
• Saved local recipes and your category list

This data lives in your browser's IndexedDB. Clearing site data, or using "Wipe all data" in Settings, removes it.

• Your email and authentication credentials
• Your display name (if you set one)
• Which plan you own and when you purchased
• Items, recipes, and membership of any shared household you join
• A hash of your inventory plus the AI's recipe suggestions (cached so we don't re-call the AI for the same fridge)
• Your active-household preference

Backend storage is provided by Supabase (EU region) via Lovable Cloud. Row-level security limits each table to the user or household it belongs to.

• AI receipt scan (Stocked+): the image bytes of the receipt you just photographed
• Voice entry (Stocked+): the audio bytes of the clip you just recorded
• Recipe ideas (Stocked+): item names, quantities, units, and storage areas — no photos, no purchase history
• Recipe import from a link (Stocked+): the URL and the visible text of that page

Requests are routed through Lovable's AI Gateway, which forwards them to large-language-model providers (currently Google Gemini and OpenAI). We do not persist these payloads server-side after the response returns — only the hash + generated recipes are cached, as noted above.

We can speak for our own systems, but we can't independently audit what every upstream provider does with API traffic. We pick providers whose published API terms say API inputs are not used to train their general models, and we send them only the minimum the feature needs. If that matters to you, the base Stocked tier sends nothing to AI providers at all.

• Your camera roll or photos you didn't explicitly scan
• A profile of your shopping history or habits
• Third-party analytics, advertising, or behavioural tracking SDKs — the app ships with none
• Location data
• Contacts

We don't use advertising or analytics cookies. The app uses browser storage (localStorage and IndexedDB) to remember your preferences and inventory, and Supabase sets a session cookie after you sign in so you stay logged in. That's it.

If you join a shared household (a Stocked+ feature), other members of that household can see and edit the items, recipes, and membership of that household. Items you added before joining stay private unless you move them in. Items already shared with a household remain visible to other members if you later leave or delete your account.

You can export, correct, or delete your data at any time:

• Local data: Settings → "Reset inventory" or "Wipe all data" clears it from this device.
• Account and server-side data: Settings → Danger zone → "Delete account and data" removes your account, subscription record, profile, and household memberships you own.
• Access, correction, complaints: email privacy@stocked-app.com. You also have the right to lodge a complaint with your local data-protection authority.

Stocked isn't designed for children under 16 and we don't knowingly collect data from them.

When this policy changes, we'll update the date at the bottom of the page. Material changes will be flagged inside the app.