Carte Privacy Policy

This policy applies to all information collected or submitted on Carte’s website and our apps for iPhone and any other devices and platforms.

Information we collect

When creating an account you can either use a social account (such as Google), or you will be asked to enter an email address. Email addresses are only used for logging in, password resets, responding to emails that you initiate, notifications that you request, and very occasional news related to the app.

Once logged in, we will also collect a name, and an optional profile photo in order to provide you with a more personalized usage experience.

We store information about your meals, meal plan history, shopping history, and your user preferences in order to sync this information between your devices.

Technical basics

If you enable notifications, we must store a token to send them. We never use notifications for marketing.

We use cookies on the site and similar tokens in the app to keep you logged in. Our server software may also store basic technical information, such as your IP address, in temporary memory or logs.

Cloudflare

For performance and overload protection, we direct your traffic through Cloudflare before it reaches Carte’s servers. They have access to some basic technical information to perform this role, such as your IP address. Cloudflare’s privacy policy is here.

Google Cloud Platform and Firebase

We use Google Cloud Platform, specifically Firebase, to perform authentication, store data, and to perform usage and performance analytics. Carte does not have its own servers and all storage and computation is performed on Google’s infrastructure. Firebase’s privacy policy is here.

Google accounts

If you connect a Google account, we store a read-only Google login token to look up your Google username, email address, first name, last name, and avatar. Carte cannot access your account outside of this basic information and cannot make any changes to your data. You can revoke access to your Google account at any time.

Ads and analytics

Carte’s app collects aggregate, anonymous statistics, such as the percentage of users who use particular features, to improve the app.

Information usage

We use the information we collect to operate and improve our website, apps, and customer support.

We do not share personal information with outside parties except to the extent necessary to accomplish Carte’s functionality.

We may disclose your information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against legal claims; to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, violations of our policies; or to protect our rights and property.

In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.

Security

We implement a variety of security measures to help keep your information secure. For instance, all communication with the app and website requires HTTPS with certificate pinning.

Accessing, changing, or deleting your information

You may access or change your information or delete your account from the Carte iOS app.

Deleted information may be retained by Firebase for up to 30 days. Backups are encrypted and are only accessed if needed for disaster recovery.

Third-party links and content

Carte may display links and content from third-party sites. These have their own independent privacy policies, and we have no responsibility or liability for their content or activities.

California Online Privacy Protection Act Compliance

We comply with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

Children’s Online Privacy Protection Act Compliance

We never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Information for European Union Customers

By using Carte and providing your information, you authorize us to collect, use, and store your information outside of the European Union.

International Transfers of Information

Information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored, or used.

Your Consent

By using our site or apps, you consent to our privacy policy.

Contacting Us

If you have questions regarding this privacy policy, you may email [email protected] Please note that account deletion should be done within the Carte app, not via email requests, for security reasons.

Changes to this policy

If we decide to change our privacy policy, we will post those changes on this page. Summary of changes so far:

June 3, 2019: First published.

October 24, 2019: Updated “Information we collect” section for better clarity