Cartify
Privacy Policy
Last updated: March 24, 2026
Cartify does not sell your personal data to any third party. Ever.
1. Who We Are
Cartify ("we", "us", or "our") is a mobile application that uses artificial intelligence to help users make informed grocery shopping decisions. Our app is operated by Agustin Benitez.
For privacy-related questions, contact us at: privacy@cartify.app
2. Information We Collect
We collect the minimum information necessary to provide the service:
- Account information: Email address and name when you create an account or sign in with Google.
- Health profile: The dietary goal you select (e.g. Weight Loss, Build Muscle). This is stored to personalize your analysis results.
- Scan history: Product names, brands, nutritional information, and AI verdicts from products you scan. This is stored in your account to show your history.
- Camera images: Photos taken when you scan a product are sent to our AI service for analysis. We do not store these images — they are processed and immediately discarded.
- Usage data: Anonymous analytics about how features are used (e.g. which screens you visit, scan counts). This data cannot be linked to your identity.
- Device information: Basic device type and OS version for debugging purposes.
3. How We Use Your Information
- To provide and improve the Cartify service
- To personalize AI analysis results to your dietary profile
- To show your scan history and cart analyses
- To send optional weekly reminders (only if you grant notification permission)
- To improve our AI models and product database (using anonymized scan data only)
- To manage your Pro subscription if applicable
4. Third-Party Services
Cartify uses the following third-party services to operate:
- Anthropic (Claude AI): We send product images and text to Anthropic's Claude API for nutritional analysis. Images are not stored by Anthropic beyond the processing of your request. See Anthropic's Privacy Policy.
- Supabase: We use Supabase to store your account data and scan history. Your data is stored on servers in the United States. See Supabase's Privacy Policy.
- Open Food Facts: We query Open Food Facts (a public database) to retrieve verified nutritional information for products. No personal data is shared with Open Food Facts.
- PostHog: We use PostHog for anonymous usage analytics. Analytics data is anonymized and cannot be linked to your identity.
- Google Sign-In: If you sign in with Google, Google provides your name and email address to us. See Google's Privacy Policy.
5. Health Data Notice
Cartify collects your dietary preference (health profile) and scan history, which may be considered health-related information. We treat this data with the highest level of care:
- We do not share health-related data with advertisers
- We do not sell health-related data to any third party
- Health profile data is used exclusively to personalize your in-app experience
Cartify is not a medical application and does not provide medical advice. All nutritional analysis is for informational purposes only.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data associated with your account is permanently deleted within 30 days.
Anonymous analytics data may be retained for up to 2 years.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and all associated data
- Export your data in a portable format
- Opt out of analytics tracking (contact us to disable)
To exercise any of these rights, contact us at privacy@cartify.app or use the "Delete Account" option in the app settings.
8. Children's Privacy
Cartify is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately.
9. Data Security
We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- API keys stored as server-side secrets, never in the app
- Row-level security on our database (users can only access their own data)
- Authentication via Supabase Auth with secure session management
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact
For privacy questions or to exercise your rights: