External Data Transmission
| SDK / Service | Information transmitted | Recipient | Purpose |
|---|---|---|---|
| Supabase | User IDs, email addresses, auth tokens, shopping lists, stock, recipes, family group data, IP addresses, logs, and anonymized opt-in error reports with identifiers and user-entered text removed | Supabase, Inc. and its cloud infrastructure | Authentication, cloud sync, data storage, security, abuse prevention, bug investigation, and quality improvement |
| Apple Sign In | User identifiers issued by Apple, email address if shared by the user, and authentication data | Apple Inc. | Login and identity verification through an Apple account |
| Google Sign In | User identifiers issued by Google, email address, profile information, and authentication data | Google LLC | Login and identity verification through a Google account |
| RevenueCat | App user IDs, purchase transaction IDs, receipt data, subscription plan and entitlement data, and device information | RevenueCat, Inc. | Subscription status verification, enabling paid features, purchase restoration, and purchase fraud prevention |
| Firebase Cloud Messaging | FCM registration tokens, device information, and identifiers required for notification delivery | Google LLC | Push notification delivery and maintaining notification reachability |
| Google AdMob / Google Mobile Ads | Advertising identifiers (IDFA / GAID), device information, ad impression and interaction data, coarse location, and consent status | Google LLC and Google-managed ad partners | Free-tier ad delivery, ad measurement, ad fraud prevention, and personalized or non-personalized ads based on consent |
| App Store / Google Play | Store account information, purchase information, subscription status, and information required for payment processing | Apple Inc. / Google LLC | App distribution, subscription billing, cancellation and refund procedures, and purchase verification |
Advertising ID restrictions, personalized ads opt-out, and ATT permission changes can be managed from device settings or in-app settings. In some regions, Google UMP / CMP may show a consent management screen. For Google ad partners, see Google’s ad technology provider list. Anonymized error reports can be disabled in app settings. Transmissions needed for authentication, subscription verification, cloud sync, or notification delivery can be stopped or reduced by disabling the relevant feature, logging out, changing notification settings, or deleting the account, but some functions may become unavailable.