Privacy Policy

We only collect information we actually need to run the service, and we tell you why:

• Account — your email address, to sign you in (we use a one-time code, not a password).
• Your profile — body stats (sex, age, weight, height), goal, preferred supermarket, meals per day, household size, and foods you avoid — used to build your meal plan and macro target.
• Your recipes — recipes you add or photograph, used to build your plan and shopping list.
• Subscription — your plan, status and billing dates. Card details are entered directly with our payment provider (Stripe) and are never seen or stored by us.
• Technical — standard server logs needed to operate and secure the service.

We collect this information directly from you, lawfully and fairly. We do not collect more than we need.

When you photograph a recipe, the image is sent to our vision provider to read the ingredients in that request only, then discarded. We keep the extracted recipe (its ingredients and method), never the photo itself.

We use your information only for the purposes above — building and pricing your meal plan, running your account and subscription, and improving and securing the service. We do not use it for unrelated purposes, and we do not sell it or use it for third-party advertising.

We share personal information only with the service providers we rely on to run Pottle, and only as needed. Some are based outside New Zealand, so your information may be stored or processed overseas. In each case we take reasonable steps to ensure comparable privacy protections, as required by IPP 12:

• Stripe (United States) — payments and subscription billing.
• Resend (United States) — sending your sign-in code by email.
• Google (Gemini) (United States) — reading recipe photos you choose to upload (the photo is not retained, see section 2).
• Vercel (United States) — application hosting.
• Neon — database hosting for your account and recipes.

We do not otherwise disclose your information except where the law requires or permits it.

We take reasonable technical and organisational steps to protect your information against loss, misuse and unauthorised access — including encrypted connections, hashed sign-in codes, and access controls. You can keep your profile accurate by editing it any time on the “You” page.

You can ask us for a copy of the personal information we hold about you, and ask us to correct anything that’s wrong. Email support@pottle.co.nz and we’ll respond as soon as we reasonably can (and within the time the Privacy Act allows). Much of your information is already visible and editable in the app.

We keep your information for as long as your account is active. If you delete your account, we delete your personal information, except where we must keep limited records (for example, billing records we’re legally required to retain). We don’t keep information longer than we need it.

If a privacy breach happens that has caused, or is likely to cause, anyone serious harm, we will notify the Office of the Privacy Commissioner and the people affected as soon as we are practically able, as required by the Privacy Act 2020.

Questions or concerns about your privacy? Email support@pottle.co.nz. If you’re not satisfied with our response, you can contact the Office of the Privacy Commissioner at privacy.org.nz.