Last updated: June 22, 2026
Introduction
Flocery ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information about you when you use our grocery shopping application.
Information We Collect
Account Information
When you create an account, we collect your email address and name to personalize your experience and enable household sharing features.
Shopping Data
We store your shopping lists, frequently purchased items, and store preferences to provide personalized recommendations and improve your shopping experience.
Scanned Content
When you use our scanning features (recipes, receipts, price tags), images are processed to extract relevant information. We do not permanently store the original images.
How We Use Your Information
- Provide and improve our grocery shopping services
- Organize your shopping lists by store aisle
- Match your items to weekly deals and sales
- Enable household sharing and collaboration
- Send notifications about deals on items you frequently buy
- Analyze usage patterns to improve the app
Data Sharing
We do not sell your personal information. We may share data with:
- Service providers: Companies that help us operate our services (hosting, analytics, payment processing)
- Household members: Users you invite to share lists
- Legal requirements: When required by law or to protect our rights
Data Security
We use industry-standard security measures to protect your data, including encryption in transit and at rest. Your account is protected by secure authentication through trusted providers.
Sub-Processors
We use the following third-party services (“sub-processors”) to operate Flocery. Each handles a specific slice of your data under their own privacy and security commitments.
- Vercel— web and API hosting, CDN, logs. Processes request data including IP addresses.
- Neon— managed PostgreSQL hosting our primary database. Stores your account, lists, items, and household data.
- Stripe— payment processing for Pro subscriptions. Stores billing information; we never see your full card number.
- OpenAI / Anthropic— AI features (recipe suggestions, receipt and flyer parsing). Item names, store names, and recipe text may be sent for processing; we do not send your account identifiers.
- Resend— transactional email (password reset, household invitations, problem-report notifications).
- Upstash— rate-limiting state, used to protect public share endpoints from abuse. Stores hashed IPs with short TTLs only.
- Google— OAuth sign-in (for users who choose that path) and Places API (store search and address resolution).
We do not sell your data, and we do not share it with sub-processors beyond what is necessary to provide the feature you are using.
Data Retention
- Account data (your user row, household membership, lists, items, recipes): retained while your account is active. Deleted on account deletion via
DELETE /api/user/deleteor by emailing privacy@flocery.com. - Completed shopping lists: auto-archive 48 hours after every item is checked off. You can still access archived lists; nothing is auto-deleted on your behalf.
- Public share activity (view counts, hashed IPs of share viewers): retained for 90 days, then purged.
- Billing records: retained for the period required by tax and financial regulation, typically 7 years, via Stripe.
- Operational logs(request logs at Vercel, error traces, rate-limit counters): retained per Vercel and Upstash defaults — generally less than 30 days.
Your Rights
You have the right to:
- Accessyour personal data — download a JSON export via
GET /api/user/export while signed in, or from the Privacy section of Settings on mobile. - Correctinaccurate data — from Settings on either web or mobile.
- Delete your account and associated data via
DELETE /api/user/delete or by emailing privacy@flocery.com. - Export your shopping data in the same JSON bundle as access.
- Opt out of marketing communications.
Contact Us
If you have questions about this Privacy Policy, please contact us at privacy@flocery.com