Stella Privacy Policy

Stella ("the app", "we") is a meal-planning assistant operated by Seth Baker. This policy explains what data we collect, how it's used, and your rights.

What we collect

When you create an account and use Stella, we collect:

• Account data: email address (for authentication), hashed password (managed by our auth provider), account-creation timestamp.
• Profile preferences you enter: diet tags, allergens, household size, calorie targets, preferred stores.
• Content you create inside the app: saved recipes, meal plans, grocery lists, pantry items, cookbooks.
• Chat messages you send to Stella and the assistant's responses.
• Receipt and recipe photos you choose to upload for extraction. These are uploaded to our private storage (Supabase Storage) and deleted automatically after successful extraction. If extraction fails, they persist until you retry or delete your account.
• Push notification token, if you enable notifications.
• Device crash telemetry (optional, via Sentry if configured): stack traces, device model, OS version, your user ID (no email or content). Disable by revoking consent in your device settings.
• Purchase records: if you subscribe or buy a recipe pack, RevenueCat records the transaction against your anonymous app-user-id.

We do not collect: precise location, contacts, browsing history, microphone data, or advertising identifiers.

How we use your data

• To provide the app's features (meal planning, recipe search, grocery lists, pantry tracking, assistant chat).
• To enforce subscription access.
• To improve reliability via crash reports.
• To send you notifications you've opted into.

Third parties we share data with

Stella sends specific data to the following services, each for a specific purpose:

• Supabase (auth, database, file storage): all of the data above. Their privacy policy: https://supabase.com/privacy
• OpenAI (recipe extraction, Stella chat, nutrition estimation, receipt parsing): we send OpenAI the content you're asking the assistant to process (recipe text / image / PDF, receipt image, your chat messages) and your profile context (diet tags, allergens, household size). We do not send your email, auth token, or push token. OpenAI's business terms for our API usage: https://openai.com/enterprise-privacy
• Spoonacular (recipe search + details): your search queries and recipe IDs. No user identity is attached. https://spoonacular.com/food-api/terms
• Open Food Facts (barcode lookups): the barcode you scanned. No user identity. https://world.openfoodfacts.org/terms-of-use
• Apple / Google (in-app purchases): transaction processing via RevenueCat. Their respective store privacy policies apply.
• Sentry (optional crash reporting): crash stack traces and your user ID if the app is configured with a Sentry DSN.

We do not sell your data. We do not share it with advertisers.

Your rights

• Access: you can view everything we have by opening the app (all your data is visible in the UI).
• Correction: edit profile preferences, recipes, plans, pantry items directly in the app.
• Deletion: Profile → Delete account. This permanently erases your profile, recipes, meal plans, grocery lists, pantry items, chat messages, and receipt uploads. It cannot be undone. Full instructions and what gets deleted vs. retained: delete-account.html.
• Export: request a copy by emailing the address below. We'll provide a JSON dump of your content within 30 days.
• Opt out of push: iOS/Android Settings → Notifications → Stella → disable.
• Opt out of crash reports: contact us to have your user ID excluded.

Data retention

• Active accounts: we retain your data until you delete your account.
• Deleted accounts: all user-scoped rows cascade-delete immediately. Receipt/recipe images in storage are purged on a best-effort schedule (within 30 days).
• Chat messages: kept indefinitely under your account so Stella can reference past context. Deleted with your account.

Children

Stella is not directed at children under 13. We do not knowingly collect data from children under 13.

International transfers

Supabase hosts data in US East (Ohio). OpenAI processes requests in the US. If you access Stella from outside the US, your data is transferred to and processed in the US.

Changes to this policy

We'll update the "Last updated" date at the top. If changes are material, we'll notify you in the app before they take effect.

Contact

Seth Baker — benjibakerassistant@gmail.com