Privacy Policy
1. Who We Are and How to Contact Us
Data controller: FusionFirstStudios ("we", "us", or "Plenishd")
Address: [YOUR ADDRESS — UPDATE BEFORE LAUNCH]
Email: support@plenishd.co.uk
ICO Registration: Pending — FusionFirstStudios is in the process of registering with the Information Commissioner's Office (ICO) at ico.org.uk
If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at support@plenishd.co.uk.
2. What This Policy Covers
This Privacy Policy explains how Plenishd collects, uses, stores, and shares your personal data when you use our mobile application and related services. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using Plenishd, you acknowledge that your personal data will be processed as described in this policy.
3. Data We Collect About You
We collect the following categories of personal data:
3.1 Identity and Account Data
When you create an account, we collect:
- Email address (from your authentication provider)
- Display name (chosen by you)
- Household name
- Subscription tier and subscription status
3.2 Household and Inventory Data
- Names and details of items you add to your kitchen inventory
- Storage zone names and configuration
- Item expiry dates (optional)
- Shopping list items and sources (manual or auto-generated)
- Dietary profile information (if provided)
3.3 Voice and Photo Data
- Voice notes: Audio recordings you make using the voice input feature. These are transcribed to text on your device using Apple's or Google's operating-system speech recognition (forced to on-device mode so audio never leaves the phone). If on-device transcription is unavailable, the audio may be transcribed server-side via Deepgram (Nova-2) as a fallback. The audio file is deleted after transcription completes.
- "Hey Plenishd" wake word (Pro feature, opt-in): If you turn on the wake word in Settings → Notifications, the Plenishd app listens for the phrase "Hey Plenishd" while the app is open on your screen. This is an ambient, real-time process: no audio is recorded, stored, transmitted, or analysed unless and until the wake phrase is detected — at which point a voice note begins exactly as if you had tapped the voice button. All wake-word processing happens entirely on your device; the audio stream is never sent to our servers or to any third party. Wake-word listening stops immediately when you background or close the app, and can be turned off at any time.
- Photo scans: Images you take of your kitchen or receipts. These are analysed using Anthropic's Claude AI to identify food items. Photo blobs are stored securely in Convex storage.
- Voice transcripts: The text output of transcribed voice notes, stored in your account for history purposes.
Important: Voice patterns may be considered biometric data under UK GDPR Article 4. We only process voice data for the purposes of transcription and wake-word detection, and we do not store biometric templates or use voice data for identification purposes. Wake-word detection is a simple phrase match, not voice biometrics.
3.4 Payment and Subscription Data
- Subscription tier (Free, Plus, or Pro)
- Subscription duration and renewal dates
- RevenueCat transaction identifiers (managed by RevenueCat — see Section 6)
- We do not store payment card details directly; these are handled by Apple App Store or Google Play Store
3.5 Device and Notification Data
- Push notification tokens (stored securely, used only for sending app notifications)
- Device type and app version (for troubleshooting)
- Operating system version (for compatibility)
3.6 Dietary and Health-Related Data
- Dietary requirements and preferences (e.g., vegetarian, vegan, halal, kosher)
- Food allergies (if voluntarily provided)
- This data is considered special category data under UK GDPR Article 9 — see Section 5.3
3.7 Usage and Activity Data
- Voice interaction history (transcripts and confirmed actions)
- Photo scan history
- Inventory changes and shopping list activity
- Feedback and support submissions
3.8 Analytics and Error Monitoring Data
- Anonymous usage events (e.g., feature interactions, screen views) — collected via PostHog
- Error logs and crash reports (stack traces, device info, app version) — collected via Sentry
- We do not collect browsing history, location data, or advertising identifiers
- Analytics data is used solely to improve app stability and functionality — never for advertising
4. How We Use Your Data and Our Legal Basis
We only process your personal data when we have a lawful basis under UK GDPR Article 6:
4.1 Contract Performance (Article 6(1)(b))
We process your identity, account, and household data to:
- Create and maintain your account
- Provide the services you have requested (inventory management, shopping lists, recipe suggestions)
- Notify you about expiring items and restocking reminders
4.2 Legitimate Interests (Article 6(1)(f))
We process certain data under legitimate interests, which are balanced against your rights:
- App stability monitoring: Crash reports and error logs (stack traces, device info, app version) — to identify and fix bugs. Processed via Sentry.
- Product analytics: Anonymous usage events (feature interactions, screen views) — to understand which features are used and improve the app. Processed via PostHog. No personal identifiers are included in analytics events.
- App functionality improvements: Device type, app version, and anonymised usage patterns — to improve app stability and features. We do not sell this data.
- Security: Activity logs and authentication data — to protect against unauthorised account access.
- Feedback: Feedback submissions — to improve the product. We may follow up via email if you provide contact details.
You have the right to object to processing under legitimate interests — see Section 8.
4.3 Consent (Article 6(1)(a))
We obtain your consent for:
- Marketing communications: We do not send marketing emails. If we introduce promotional notifications, we will obtain your explicit consent first.
- Dietary profile data: We ask for your consent before storing special category dietary data.
- "Hey Plenishd" wake word (Pro feature): Before the app begins listening for the wake phrase, we show a disclosure screen explaining what will happen, confirm that processing is on-device, and ask you to explicitly opt in. We record the timestamp of your consent as an audit trail. You can withdraw consent at any time by turning off the toggle in Settings → Notifications.
4.4 Legal Obligation (Article 6(1)(c))
We may process data to comply with legal obligations, including:
- Financial record keeping for subscription transactions (retained for 7 years as required by UK tax law)
5. Special Category Data
Some data we collect is classified as "special category" under UK GDPR Article 9 and requires additional safeguards.
5.1 Dietary Requirements and Allergies (Article 9(2)(a) — Consent)
Dietary preferences (vegetarian, vegan, halal, kosher) and food allergies are special category data. We process this data only:
- With your explicit consent, given freely and informed
- For the purpose of filtering recipe suggestions and warning you about allergens
- Stored with encryption at rest
You can withdraw consent at any time by deleting or editing your dietary profile in the app.
5.2 Voice Transcripts (Potentially Biometric — Article 9(2)(a))
Voice patterns in audio recordings may constitute biometric data. We address this by:
- Processing audio only for transcription (discarding the audio after transcription)
- Storing only the transcript text, not voice patterns or biometric templates
- Not using voice data for identification or authentication purposes
6. Third Parties Who Process Your Data
We use the following third-party processors. Each is a data processor acting on our behalf under a data processing agreement:
| Third Party | Data Processed | Purpose | UK/International |
|---|---|---|---|
| Convex (our backend provider) | All data categories | Database, authentication, file storage, serverless functions | US-based — Standard Contractual Clauses apply |
| RevenueCat | Subscription tier, transaction IDs | In-app subscription management | US-based — Privacy Policy |
| Anthropic (Claude API) | Voice transcripts, photo images | AI-powered voice extraction, photo recognition, recipe generation | US-based — Privacy Policy |
| Deepgram | Voice audio recordings | Speech-to-text transcription (fallback) | US-based — Privacy Policy |
| Apple App Store | Payment and subscription data | Processing in-app purchases | Ireland/EU — Privacy Policy |
| Google Play Store | Payment and subscription data | Processing in-app purchases | US-based — Privacy Policy |
| Open Food Facts | Barcode numbers only (no personal data) | Product name, brand, and image lookup from barcode scans | France — Privacy Policy |
| Sentry | Error logs, device info, app version, crash stack traces | Application error monitoring and stability tracking | EU-based (DE ingest) — Privacy Policy |
| PostHog | Anonymous usage events, feature interactions, subscription tier | Product analytics to improve app functionality | EU-based — Privacy Policy |
6.1 Open Food Facts
When you scan a barcode, your device sends the barcode number to the Open Food Facts API to look up product information. Open Food Facts does not receive your identity, account, or location data. Their use of the data is governed by their Open Database License.
6.2 Apple Sign-In and Google Sign-In
If you sign in with Apple or Google, those providers act as independent data controllers. Their use of your data is governed by their own privacy policies.
7. International Transfers
Your data may be transferred outside the United Kingdom:
- Convex, Anthropic, Deepgram, RevenueCat are US-based companies. We rely on Standard Contractual Clauses (SCCs) approved by the UK ICO as the transfer mechanism, supplemented by the supplementary measures where required.
- Apple (App Store payments) processes data in Ireland and the US under Apple's Binding Corporate Rules.
- Open Food Facts is hosted in France (within the EEA — no special transfer mechanism needed).
- Sentry processes error data through its EU (DE) ingest endpoint. Data remains within the EEA.
- PostHog processes analytics data through its EU instance. Data remains within the EEA.
We take reasonable steps to ensure that all international transfers are subject to appropriate safeguards.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this policy:
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion |
| Voice note audio files | Deleted immediately after transcription completes |
| Voice transcripts | Until you confirm or delete them (auto-deleted after 30 days if not confirmed) |
| Wake-word audio stream | Never stored or transmitted — processed in real time on device and discarded frame-by-frame |
| Wake-word consent timestamp | Until you delete your account |
| Photo scan blobs | Until confirmed or deleted |
| Inventory and shopping list data | Until account deletion |
| Activity logs | 12 months, then anonymised for aggregate statistics |
| Subscription records | 7 years from transaction (legal obligation) |
| Push notification tokens | Until you revoke permission or delete the app |
| Feedback submissions | 3 years from submission |
8.1 What Happens When You Delete Your Account
When you delete your account, we delete or anonymise all personal data associated with it within 30 days, except:
- Subscription records (retained 7 years for legal compliance)
- Anonymised aggregate data that cannot identify you
9. Your Rights Under UK GDPR
You have the following rights. To exercise any of them, contact us at support@plenishd.co.uk:
9.1 Right of Access (Article 15)
You can request a copy of all personal data we hold about you. We will provide this within 30 days. You can export your data at any time from Settings → Account → Export My Data.
9.2 Right to Rectification (Article 16)
You can correct inaccurate personal data in the app directly (e.g., your name, dietary preferences). For data you cannot correct directly, contact us.
9.3 Right to Erasure — "Right to be Forgotten" (Article 17)
You can delete your account at any time from Settings → Account → Delete Account. This triggers a cascade deletion of all your personal data (see Section 8.1). Deletion must be confirmed by typing "DELETE" to prevent accidental loss of data.
9.4 Right to Data Portability (Article 20)
You can export all your data as a JSON file from Settings → Account → Export My Data. This includes your inventory, shopping lists, voice transcripts, dietary profile, and activity history.
9.5 Right to Restriction of Processing (Article 18)
You can request that we restrict processing of your data in certain circumstances (e.g., if you contest the accuracy of the data). Contact us to discuss your situation.
9.6 Right to Object (Article 21)
You can object to processing based on legitimate interests at any time. We will cease the relevant processing unless we have compelling legitimate grounds that override your rights. Contact us with your objection.
9.7 Rights Related to Automated Decision-Making (Article 22)
AI-generated recipe suggestions, price comparisons, and expiry predictions are not solely automated decisions — they are presented to you for review and confirmation before any data is committed. You are always in control.
9.8 Right to Withdraw Consent (Article 7(3))
Where we rely on consent (e.g., dietary profile, wake word), you can withdraw it at any time:
- Dietary profile: edit or delete your dietary data in the app.
- "Hey Plenishd" wake word: turn off the toggle in Settings → Notifications. The app stops listening immediately.
9.9 Right to Lodge a Complaint (Article 77)
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: ico.org.uk/privacy
We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first.
10. Children's Data
Plenishd is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at support@plenishd.co.uk and we will delete the data promptly.
11. Automated Decision-Making and Profiling
Plenishd uses AI in the following ways:
| AI Feature | How It Works |
|---|---|
| Voice extraction | Transcribes voice notes and suggests inventory actions — you confirm before anything is saved |
| Photo recognition | Identifies food items from photos — you confirm before anything is saved |
| Recipe generation | Suggests recipes based on inventory — you choose whether to save |
| Price comparison | Maps informal item names to specific products — you confirm purchases |
| Expiry predictions | Predicts when items may expire based on dates you provided |
None of these are solely automated decisions that produce legal or similarly significant effects. All AI outputs are presented to you for review and require your explicit confirmation before any data is committed.
12. Data Security
We take the security of your data seriously:
- All data is transmitted over HTTPS (TLS 1.2+)
- Data at rest is encrypted where supported by our infrastructure provider (Convex)
- Access to personal data is restricted to authorised personnel on a least-privilege basis
- Convex is SOC 2 certified (Type II) — see convex.dev/security
- Anthropic and Deepgram are contractually bound as data processors and do not retain audio or images after processing
No method of transmission or storage is 100% secure. If you have concerns about a security issue, please contact us at support@plenishd.co.uk.
13. Data Breach Notification
If we become aware of a personal data breach that is likely to risk your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is high risk, we will also notify affected users directly.
14. Cookies
Plenishd is a mobile application and does not use web cookies. We may use local storage for app preferences, but this does not involve transmitting data to third parties.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes (e.g., new third-party processors, changes to data retention, or new AI features), we will:
- Notify you by updating the "Last updated" date at the top of this policy
- For significant changes, we will provide in-app notice or email notification
- Request renewed consent if required under UK GDPR
We encourage you to review this policy periodically.
16. Accessible Complaint Mechanism (Data (Use and Access) Act 2025)
In accordance with the Data (Use and Access) Act 2025 (complaints regime effective from 19 June 2026), we provide an accessible mechanism for you to raise data protection complaints:
How to complain:
- Email: support@plenishd.co.uk with the subject "Data Protection Complaint"
- We will acknowledge complaints within 30 days
- We will investigate and respond without undue delay
If you are not satisfied with our response, you may contact the ICO directly (see Section 9.9).
This Privacy Policy was last updated on 9 April 2026.