Privacy Policy
Effective July 6, 2026 · Applies to the LocalFresh website (localfresh.org) and the LocalFresh iOS app
This policy explains what information LocalFresh ("we," "us") collects when you use our website and iOS app (the "Platform"), how we use it, and the choices you have. It is part of our Terms of Service.
1. Information we collect
- Account details — email address, password (stored as a hash), display name, and optional profile details you add (birthday, avatar, dietary and allergen preferences).
- Location— a ZIP code or address you enter to find nearby vendors, and (only if you grant iOS permission) your device's approximate location. Delivery orders include the delivery address you provide.
- Orders and activity — items you buy or sell, order history, reviews, saves, follows, and messages you exchange with vendors or buyers through in-app messaging.
- Payments — processed by Stripe. We never see or store your full card number; we receive transaction identifiers, amounts, and payment status. Vendors setting up payouts provide identity and bank details directly to Stripe.
- Vendor details — storefront name, address, photos, product listings, and the regulatory attestations vendors make about their products.
- Technical data — device type, app version, log data, and cookies/local storage used for sign-in sessions and your cart. We do not run third-party advertising trackers.
2. How we use information
- Operating the marketplace: accounts, listings, carts, orders, pickup windows, and messaging.
- Processing payments, payouts, refunds, and calculating sales tax at checkout.
- Sending transactional notifications and emails (order placed, status updates, restock alerts).
- Showing vendors the information they need to fulfill your order (your display name, order contents, delivery address when applicable).
- Keeping the Platform safe: preventing fraud and abuse, enforcing our Terms, and handling reports and blocks.
- Understanding aggregate usage so we can improve the product. Aggregate analytics are only accessible to the founder.
3. What we share — and what we don't
We do not sell your personal information. We share it only with:
- Vendors/Buyers you transact with — the counterparty to your order sees what's needed to fulfill it (name on the order, items, window, delivery address if applicable, and your messages).
- Service providers — Supabase (database, authentication, storage), Stripe (payments, payouts, tax calculation), Resend (transactional email), and Vercel (website hosting). Each processes data only to provide its service to us.
- Legal — when required by law, to protect the safety of users, or in connection with a business transfer.
4. Cookies and local storage
We use first-party cookies to keep you signed in and browser local storage to remember your cart and chosen location. We do not use third-party advertising cookies. You can clear these in your browser settings; signing out clears your session.
5. Data retention and deletion
We keep your information while your account is active. Order and payment records are retained as long as needed for tax, accounting, and legal purposes even after account deletion. To delete your account and associated personal data, email localfreshorg@gmail.com from your account email — we'll confirm and process it within 30 days.
6. Your choices and rights
- Edit your profile, preferences, and notification settings in the app or on the website at any time.
- Request a copy, correction, or deletion of your personal data by emailing us.
- Location permission on iOS is optional and can be revoked in Settings; you can always enter a ZIP code instead.
- Transactional emails (order confirmations) are part of the service; marketing emails, if we ever send them, will include an unsubscribe link.
7. Security
Data is encrypted in transit (TLS) and at rest by our providers. Access to production data is restricted, and database access is protected by row-level security so users can only read what belongs to them. No system is perfectly secure — if we learn of a breach affecting your data we will notify you as required by law.
8. Children
The Platform is not directed to children and is only for users 18 and older. We do not knowingly collect information from anyone under 18; if we learn we have, we will delete it.
9. Changes and contact
If we make material changes to this policy we'll notify you through the Platform or by email before they take effect. Questions or requests: localfreshorg@gmail.com, or LocalFresh, Utah County, UT.
This policy describes our actual data practices as built. It is not legal advice — have a licensed attorney review it before launch.