Privacy Policy

Last updated: 18 June 2026

Mai Pantry ("we", "us", "our") operates the Mai Pantry mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

1.1 Information You Provide

Profile information: Your name (optional) and home address or suburb, used solely to find nearby grocery stores and optimise your shopping route.

Price reports: When you submit a price correction, sold-out report, or missing product report, we collect the product details, price, and store information you provide.

Feedback: When you use Submit Feedback, we collect the message you write and the category you choose (for example, bug, pricing issue, or wrong image).

Shared shopping lists: If you create or join a Shared Shopping List (a Mai Pantry Pro feature), the list's name, its items, and an anonymous device identifier are synced to our servers so the list can be shared in real time with the people you invite. We do not attach your name or email address to a shared list.

Reporter identifiers: If your device sends a device identifier or user identifier with a report or feedback, we hash it using a one-way SHA-256 algorithm before storage. The original identifier is never stored.

1.2 Information Collected Automatically

Location data: With your permission ("When In Use"), we access your device's GPS location to show nearby stores and calculate distances. Location data is processed on-device and is not sent to our servers.

Network requests: When the App syncs catalogue data from our servers, we log the HTTP method, URL path, response status code, and response time for operational monitoring. We do not log your IP address in these records.

Rate limiting: To prevent abuse, our servers temporarily track IP addresses in memory for rate-limiting purposes. This data is not persisted to disk and is discarded when the server restarts.

1.3 Information We Do Not Collect

We do not use any third-party analytics, advertising, or tracking SDKs.

We do not collect your Apple ID, contacts, photos, health data, or browsing history.

We do not use the Identifier for Advertisers (IDFA) or App Tracking Transparency framework.

We do not sell, rent, or share your personal information with third parties.

We do not collect or store any payment information. Mai Pantry Pro subscriptions are processed entirely by Apple through your Apple ID; we never see your payment details.

2. How We Use Your Information

Purpose	Data Used	Legal Basis
Show nearby grocery stores	Location (on-device only)	Your consent
Display personalised prices	Home suburb/address	Legitimate interest
Process price reports	Report details, hashed reporter ID	Legitimate interest
Prevent abuse & rate limiting	IP address (in-memory only)	Legitimate interest
Operational monitoring	Request method, path, status code	Legitimate interest

3. Data Storage and Security

On-device storage: Your profile, personal shopping lists, pantry, and cached product data are stored locally on your device using Apple's SwiftData framework. This data stays on your device unless you submit a report or feedback, or create or join a Shared Shopping List.

Server storage: Reports and feedback you submit, and any Shared Shopping Lists you create or join, are stored on our servers in Australia. Device or user identifiers attached to reports and feedback are hashed before storage using SHA-256, making them irreversible; Shared Shopping Lists use an anonymous device identifier and are not linked to your name or email.

Security measures: Our servers use HTTPS encryption, rate limiting, input validation, and security headers to protect your data.

4. Data Retention

On-device data: Remains on your device until you delete the App or clear its data.

Reports: Retained on our servers indefinitely or until you request deletion (see Section 6). Reports may be trimmed on a first-in-first-out basis when storage limits are reached.

Rate-limiting data: Held in server memory only; discarded on server restart.

5. Data Sharing

We do not sell or share your personal information with third parties for their own purposes. The contents of a Shared Shopping List are visible to the other people you choose to share it with via its share code. Product catalogue data displayed in the App is sourced from publicly available grocery retailer websites.

6. Your Rights

You have the right to:

Access the data we hold about you.

Delete your submitted reports by using the data deletion feature in the App or by contacting us.

Withdraw consent for location access at any time through your device's Settings.

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

Requesting Data Deletion

To delete all reports associated with your device, use the "Delete My Data" option in the App's settings, or contact us at the address below. Because reporter identifiers are stored as one-way hashes, we can only match and delete reports if you provide the same device identifier that was used when submitting them.

7. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

8. International Users

Our servers are located in Australia. If you access the App from outside Australia, your report data (with hashed identifiers) will be transferred to and processed in Australia. By using the App, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: info@jinhong.org

---

*This privacy policy applies to version 1.0 and later of the Mai Pantry app.*