Privacy Policy

Effective date: 21 May 2026 · Last updated: 21 May 2026

This Privacy Policy explains how Boxtro ("we", "us", "our") collects, uses, and shares information when you use the Boxtro Kitchen mobile application and related services (collectively, the "Service"). We've tried to write it in plain language. If anything is unclear, email us at privacy@boxtro.com.

1. Who this policy applies to

This policy covers Boxtro Kitchen on iPhone (via the App Store) and on Android (via Google Play), and any account, family, recipe, meal-plan, or shopping-list data you create through the app. Boxtro Kitchen is intended for general audiences and is not directed at children under 13. If we learn we've collected personal information from a child under 13 without parental consent, we'll delete it.

Some sign-in options are platform-specific (Sign in with Apple on iOS, Sign in with Google on Android). Where that affects the data described below, we call it out inline.

2. What we collect

We collect only what we need to make the Service work.

Account information

• Email address — used to sign you in, verify your identity, and send transactional messages (one-time codes, password resets, email verification). If you sign in with Apple and choose to hide your email, we receive Apple's private relay address instead.
• Display name (optional) — shown to other members of your family inside the app.
• Authentication identifiers — an internal user ID plus, when applicable, a Sign in with Apple identifier (on iPhone) or a Sign in with Google identifier (on Android). We do not see or store your Apple ID or Google account password.
• Password (only if you choose email + password) — handled and stored by our cloud authentication provider. We never see your plaintext password.

Family and content data

• Family records — the family name you set, the 8-character family code (stored only as a hash), and which user accounts belong to which family.
• Recipes — title, ingredients, instructions, notes, tags, category, servings, cook time, and any photo you attach.
• Recipe photos — stored in our cloud file storage and visible only to authenticated members of your family.
• Meal plans and shopping lists — the entries you add and which recipes they reference.
• Per-user favorites — which recipes you personally marked as a favorite.

Device and diagnostic data

• Crash reports and diagnostics — collected through our crash-reporting service to help us fix bugs. This may include device model, OS version, app version, a non-resettable installation identifier, and the stack trace at the time of a crash. It does not include the contents of your recipes.
• App usage and performance — basic information about how the app is functioning (load times, errors).

What we do not collect

• We don't track you across other apps or websites.
• We don't sell personal information.
• We don't show ads or use ad networks.
• We don't access your camera roll, contacts, location, microphone, or health data. Camera access (for scan-a-recipe) is requested only when you tap the scan button, and the image is processed on-device for text recognition.

3. Why we collect it

• To create your account and let you sign in.
• To let you share recipes, meal plans, and shopping lists with your family in real time.
• To send transactional emails (verification, one-time codes, password resets).
• To diagnose crashes and fix bugs.
• To enforce our Terms and prevent abuse.
• To comply with law when required.

We do not use your recipe content to train machine-learning models or any other product.

4. Service providers we share data with

We use a small number of third-party services to run Boxtro Kitchen. These providers process data on our behalf, under contract, and are not permitted to use it for their own purposes.

• Google LLC — Provides our cloud infrastructure (authentication, database, file storage, application logic, and crash reporting) and the Sign in with Google option on Android. Data is stored in Google Cloud's United States region. See policies.google.com/privacy.
• Resend, Inc. — Sends transactional emails (one-time codes, password resets, verification). Resend receives your email address and the message content for those emails. See resend.com/legal/privacy-policy.
• Apple, Inc. — If you use Sign in with Apple on iPhone, Apple handles the authentication and, optionally, the private email relay. See apple.com/legal/privacy.

We may also share information when required by law, to enforce our Terms, or in the event of a merger or acquisition (in which case we'll notify you and any successor will be bound by this policy).

5. How long we keep data

• Account and recipe data — kept for as long as your account is active.
• One-time codes (OTPs) — expire and are deleted shortly after issuance.
• Crash and diagnostic logs — retained for up to 90 days by our crash-reporting service.
• After account deletion — we delete your account and your personal data within 30 days. Recipes and meal plans you contributed to a family remain with the family unless you ask us to remove them as well. Backups may retain copies for up to 90 additional days before being overwritten.

6. Your choices and rights

• Access and correction. You can view and edit your profile and recipe content directly inside the app.
• Leaving a family. You can leave a family at any time; your personal favorites are removed and you lose access to the shared library.
• Account deletion. Email privacy@boxtro.com and we'll delete your account and associated personal data within 30 days. We plan to add in-app account deletion before public launch.
• Regional rights. Depending on where you live, you may have additional rights — for example, to request a copy of your data, to object to processing, or to lodge a complaint with a supervisory authority (in the EEA/UK) or your state's regulator (in California and other US states). Contact us to exercise any of these rights.

7. International transfers

Boxtro is operated from the United States and our service providers store and process data primarily in the United States. If you use the Service from outside the US, you understand that your information will be transferred to and processed in the US, where data-protection laws may differ from those of your jurisdiction.

8. Security

We use TLS in transit, encryption at rest through our cloud providers, and access controls so that recipe content is only visible to members of the family it belongs to. No system is perfectly secure, but we treat your data the way we'd want ours treated.

9. Children

The Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we'll delete it.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll let you know in the app or by email before they take effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact us

Questions, requests, or concerns? Email privacy@boxtro.com.