MacroPilot Privacy Policy

Last updated: May 8, 2026.

This is the privacy policy for MacroPilot ("the app," "we," "us"), provided by Nick Cash ("Operator"), reachable at support@macro-pilot.com.

This policy explains what data MacroPilot collects, how it's used, and the choices you have. It applies to the iOS and Android apps and to the macropilot-api.onrender.com backend.

1. Information we collect

1.1 Account information

When you create an account we collect: - Email address — required to verify ownership and contact you about your account. - Password — stored as a bcrypt hash. We never store your plaintext password.

1.2 Profile information you enter in the app

Age, sex, height, weight (used to compute calorie + macronutrient targets)
ZIP code (used to find Kroger banner stores near you, if you enable sale-aware planning)
Selected Kroger store ID (only if you choose one in Settings)
Household composition (adult/teen/child counts; used for grocery scaling)
Dietary preferences, allergies, excluded ingredients
Recipe save/skip feedback (heart/dislike state per recipe id)

1.3 Information generated automatically

A short-lived authentication token issued after sign-in
An email-verification token, valid 24 hours, sent only to you via email
Timestamps on profile updates

1.4 Crash + error reports

With your continued use of the app, anonymized crash reports may be sent to Sentry to help us fix bugs. Reports do not include your email, password, profile data, or any data you've entered into MacroPilot. They include device model, OS version, app version, and the call stack at the crash site. You can opt out by deleting the app.

1.5 What we don't collect

We do not collect contacts, location (beyond the ZIP code you enter), photos, microphone, camera, or device identifiers (IDFA / GAID).
We do not track your behavior across other apps or websites.
We do not sell your data to third parties.
We do not display advertisements.

2. How we use your information

We use the information above to: 1. Sign you into the app and keep your session active. 2. Compute your daily calorie + macronutrient targets and a 7-day meal plan. 3. Build your grocery list and (optionally) price it against a Kroger store you choose. 4. Send you transactional email — currently limited to email-verification links and (in the future) password reset flows. 5. Diagnose crashes and bugs (via Sentry).

We do not use your information for advertising, profiling, or any non-essential purpose.

3. Third-party services we use

MacroPilot is built on top of a small set of third-party providers. Each processes some subset of your data on our behalf:

Provider	Purpose	What they see
Render (hosting)	Runs the API and Postgres database	Encrypted data at rest; HTTPS in transit
Resend (email)	Sends verification + transactional email	Your email address, the message body
Kroger Developer API	Looks up store locations and product prices	The ZIP code you enter; the ingredients in our recipe library (not anything personal about you)
Sentry (crash reporting)	Receives anonymized crash reports from the apps	Device model, OS version, stack trace
Cloudflare (DNS + email DNS)	Routes traffic to our servers	Standard DNS query metadata

We do not share your data with any party outside this list.

4. Where your data is stored

Your account data is stored in a Postgres database hosted by Render in the United States. Data is encrypted at rest. All requests between the apps and our backend use HTTPS (TLS 1.2+).

5. Your choices

5.1 Access and update

Open Settings in the app to view and update everything we have on file — profile, household, preferences.

5.2 Delete your account

In the app: Settings → Personal info → Delete account. We immediately delete your account, profile, recipe feedback, and any pending email verification tokens. Recipe data (the publicly available catalog) is unaffected. Once deleted, accounts cannot be recovered.

You can also request deletion by emailing support@macro-pilot.com from the email address on the account.

5.3 Sign out

Settings → Personal info → Sign out clears your session on this device without affecting your account.

5.4 Withdraw consent for crash reports

Crash reporting is not separately toggleable today. If you want to opt out, delete the app — no further reports will be generated.

6. Children

MacroPilot is intended for users aged 13 and up. We do not knowingly collect information from children under 13. If you believe a child has registered an account, please contact support@macro-pilot.com and we'll delete it.

7. Data retention

Active accounts: kept until you delete them.
Pending registrations (email entered but never verified): kept for 30 days, then automatically removed.
Email verification tokens: valid 24 hours; expired tokens are retained for audit but cannot be used.
Crash reports in Sentry: retained for 90 days, then auto-purged.

8. Security

We protect your data with: - bcrypt-hashed passwords (never stored in plaintext) - HTTPS / TLS 1.2+ for all client–server traffic - iOS Keychain / Android EncryptedSharedPreferences for the session token on your device - Rate limiting on authentication endpoints to deter brute-force attempts - Postgres encryption at rest

No system is perfectly secure. If we ever discover a breach affecting your account, we'll notify you by email within 72 hours of confirming the breach.

9. Changes to this policy

If we materially change how we collect, use, or share your information, we'll update this policy and the "Last updated" date above. Material changes will also be announced in-app or by email at least 7 days before they take effect.

10. Contact

Questions, concerns, or data-deletion requests:

support@macro-pilot.com

We aim to respond within 5 business days.