Privacy policy

Last updated: April 2026

This is the plain-English version of how Dishtocart handles your data. We're a small project — the policy below describes exactly what we do today, no more.

What we collect

  • Account info: the email address you sign up with, and a hashed password if you sign up with email/password.
  • Recipes you import or create:titles, descriptions, ingredients, instructions, photos, source URLs, tags. Photos you upload are stored only as URLs that point to the original source — we don't host or copy the image bytes.
  • Meal plans, shopping lists, cook sessions, and saved Walmart product preferences you create inside the app.
  • Personal access tokens you generate for the Chrome extension (stored as a SHA-256 hash, never in plain text).
  • Feedback messages you submit through the in-app feedback button, along with the page URL and your browser user-agent at submission time.
  • Error reports: when something crashes in the app, an anonymized stack trace gets sent to our error-monitoring provider (Sentry). These are technical details, not personal content.

What we don't collect

  • We don't use marketing trackers or third-party analytics.
  • We don't share your data with advertisers.
  • We don't track your browsing on other sites. The Chrome extension only activates on walmart.com and on pages where you explicitly click “Import recipe.”
  • We don't access your Walmart account, shopping cart, or payment info. The extension overlays Walmart's own pages with your shopping list — your interactions with Walmart stay with Walmart.

How we use what we collect

  • To run the app for you — store your recipes, generate shopping lists, etc.
  • To send recipe text and images to a large-language-model provider (currently Groq) for parsing imports into structured data. Only the recipe content you import is sent — never your account info or other recipes.
  • To email administrators when you submit feedback (only if email notifications are enabled — your message body is included).
  • To diagnose crashes via stack traces sent to Sentry.

Where it lives

  • Database: Supabase (Postgres). Hosted in the US.
  • Hosting / serverless functions: Vercel.
  • Recipe parsing: Groq (LLM provider).
  • Error monitoring: Sentry.
  • Transactional email (when configured): Resend.

How long we keep it

Your data is kept as long as your account is active. If you delete your account, your recipes, meal plans, shopping lists, cook sessions, ingredient preferences, feedback messages, and tokens are all deleted along with the account record (cascade delete). Error reports in Sentry follow Sentry's retention policy (typically 30-90 days) and don't include personal content.

Your rights

  • Access: everything we have about you is visible in the app under your account.
  • Correction: edit any recipe, meal plan, or list directly in the app.
  • Deletion: contact us via the in-app feedback button or email. Account deletion is honored within 7 days.
  • Export:contact us if you'd like a JSON export of your data.

Cookies

Dishtocart uses one cookie: the Supabase authentication session cookie, which keeps you signed in. We don't use marketing, advertising, or analytics cookies.

Changes to this policy

If we change what data we collect or who we share it with, we'll update the “Last updated” date at the top and, for material changes, notify active users via in-app message or email.

Contact

Questions or requests: use the 💬 Feedback button if you're signed in, or email the address on the project's public listing.

← Back to Dishtocart