GROCERLY — PRIVACY POLICY

Last Updated: December 2025

Grocerly (“we”, “our”, “us”) is committed to protecting your privacy and ensuring your personal data is handled securely and responsibly. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Grocerly mobile application (“App”) and related services.

This policy complies with:

• UK General Data Protection Regulation (UK GDPR)

• EU General Data Protection Regulation (EU GDPR)

• Data Protection Act 2018

• App Store and Google Play requirements

By using Grocerly, you agree to the practices described in this policy.

1. Information We Collect

We collect the following types of information:

1.1 Personal Information You Provide

• Name (optional)

• Email address

• Country or region

• Password (encrypted and never accessible to us)

• Profile preferences (dietary needs, stores preferred, currency settings)

1.2 Automatically Collected Information

• Device information (device model, OS, app version)

• Usage data (features used, interactions)

• Log data and crash diagnostics

• IP address and approximate location (to identify local stores)

1.3 Grocery & Shopping Activity Data

• Items you scan

• Shopping lists you save

• Store comparisons and selections

• Meal planning preferences

• Nutrition filters and dietary selections

1.4 Cookies and Tracking

For the website, we may use cookies for:

• Security

• Analytics• Login persistence

• Preference storage

The mobile app uses local storage instead of cookies.

2. How We Use Your Information

We process your data to:

• Provide app functionality (scanning, lists, price comparison)

• Personalise recommendations and meal plans

• Show local store data based on your region

• Improve app performance and debug issues

• Send push notifications (with your consent)

• Analyse usage trends to improve features

• Prevent fraud and secure your account

3. Legal Basis for Processing (GDPR)

We process your data under these lawful bases:

Contractual necessity

To provide core app services such as account creation, syncing, scanning, and shopping lists.

Legitimate interests

To improve Grocerly, enhance user experience, and conduct analytics.

Consent

For:

• Push notifications

• Marketing emails

• Optional personalisation features

• Location services

You may withdraw consent at any time.

4. Data Sharing

We do not sell your personal data.

We may share data with:

4.1 Service Providers

• Firebase (Google) – authentication, crash analytics, cloud hosting

• Revenue analytics tools (optional)• Affiliate networks (CJ, Awin) – only product browsing activity, not your

identity

• Cloud hosting providers (Replit, or your backend infrastructure)

All third parties are GDPR-compliant and bound by data protection agreements.

4.2 Legal Requirements

We may disclose data if required to comply with:

• Court orders

• Legal obligations

• Fraud or abuse investigations

5. International Transfers

Grocerly may process data using international providers such as Google Firebase or affiliate

networks operating in the UK, EU, and US.

When transferring data outside the UK/EU, we rely on:

• UK/EU-approved Standard Contractual Clauses (SCCs)

• Adequacy decisions where available

• Secure encrypted transmission

6. Data Retention

We retain data only as long as necessary for the purposes described:

• Account information — until you delete your account

• Shopping & scanning history — 12 months (or reset anytime by you)

• Diagnostic logs — 90 days

• Analytics — anonymised after 12 months

You can request deletion at any time.

7. Your Rights (UK + EU GDPR)

You have the following rights:

• Right to access – request a copy of your data

• Right to rectification – correct inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to certain processing

• Right to withdraw consent

• Right not to be subject to automated decision-making

To exercise any rights, contact us at the email below.8. Children’s Privacy

Grocerly is not intended for children under 16.

We do not knowingly collect personal data from children.

If we discover such data, we will delete it immediately.

9. Security

We protect your data using:

• Encryption in transit (HTTPS)

• Encryption at rest (via Firebase and secure servers)

• Secure authentication tokens

• Firestore security rules

• Limited employee access

• Ongoing monitoring and logging

Despite robust safeguards, no system is completely immune to security risks.

10. Account Deletion

You may delete your account anytime through:

Settings → Delete Account

This permanently removes:

• Personal details

• Shopping lists

• Scan history

• Stored preferences

Some anonymised analytics may remain for reporting.

11. Changes to This Policy

We may update this Privacy Policy occasionally.

We will notify users through:

• App notifications, or

• Updated policy on our website

Continued use means you accept the updated terms.

12. Contact Us

For privacy questions or GDPR requests:

Grocerly Privacy TeamEmail: grocerly@oakks.com

Website: www.grocerly.club

You may also contact the UK regulator:

ICO (Information Commissioner’s Office)

www.ico.org.uk