This policy applies to all information collected or submitted on Carte’s website and our apps for iPhone and any other devices and platforms.
Information we collect
When creating an account you can either use a social account (such as Google), or you will be asked to enter an email address. Email addresses are only used for logging in, password resets, responding to emails that you initiate, notifications that you request, and very occasional news related to the app.
Once logged in, we will also collect a name, and an optional profile photo in order to provide you with a more personalized usage experience.
We store information about your meals, meal plan history, shopping history, and your user preferences in order to sync this information between your devices.
If you enable notifications, we must store a token to send them. We never use notifications for marketing.
Google Cloud Platform and Firebase
If you connect a Google account, we store a read-only Google login token to look up your Google username, email address, first name, last name, and avatar. Carte cannot access your account outside of this basic information and cannot make any changes to your data. You can revoke access to your Google account at any time.
Ads and analytics
Carte’s app collects aggregate, anonymous statistics, such as the percentage of users who use particular features, to improve the app.
We use the information we collect to operate and improve our website, apps, and customer support.
We do not share personal information with outside parties except to the extent necessary to accomplish Carte’s functionality.
We may disclose your information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against legal claims; to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, violations of our policies; or to protect our rights and property.
In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.
We implement a variety of security measures to help keep your information secure. For instance, all communication with the app and website requires HTTPS with certificate pinning.
Accessing, changing, or deleting your information
You may access or change your information or delete your account from the Carte iOS app.
Deleted information may be retained by Firebase for up to 30 days. Backups are encrypted and are only accessed if needed for disaster recovery.
Third-party links and content
Carte may display links and content from third-party sites. These have their own independent privacy policies, and we have no responsibility or liability for their content or activities.
California Online Privacy Protection Act Compliance
We comply with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
Children’s Online Privacy Protection Act Compliance
We never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Information for European Union Customers
By using Carte and providing your information, you authorize us to collect, use, and store your information outside of the European Union.
International Transfers of Information
Information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored, or used.
Changes to this policy
June 3, 2019: First published.
October 24, 2019: Updated “Information we collect” section for better clarity