FreshBox

FreshBox Privacy Policy

Last updated: 2026-04-29

This Privacy Policy explains what information FreshBox ("we", "the app") handles and how. FreshBox is designed to be local-first: most of your data lives only on your device. We collect as little as possible.

If you have questions, contact us at support@freshboxapp.com.

Data we store on your device

The following data lives in the local SwiftData store on your iPhone or iPad and is not transmitted to us:

• Fridge inventory: ingredient names, quantities, units, storage location, expiry dates, photos you choose to attach.
• Shopping list items and purchase history.
• Recipe favourites, custom recipes, recipe step notes.
• Reminder preferences and per-category lead times.
• App settings and usage counters used to enforce the daily free AI quota.

You can delete this data at any time from inside the app, or by deleting the app.

Data sent to our AI proxy

When you ask FreshBox to recommend recipes or estimate shelf life, the app sends a minimal, anonymous payload to our Cloudflare Worker proxy at https://api.freshboxapp.com. The proxy forwards a sanitised request to Google Gemini and returns the response.

The payload contains:

• For recipe recommendations: a list of ingredient names, quantities, units, storage types, and expiry dates that you currently have in the app.
• For shelf-life estimates: the food name and storage type you are asking about.
• The interface language preference (e.g. english or chinese).
• A short-lived HMAC signature header used to prevent abuse of the proxy.

The payload does not include:

• Your name, email, phone number, Apple ID, or any account identifier.
• Device identifiers, IDFA, or advertising IDs.
• Photos, audio recordings, or location data.
• Free-text notes, custom recipe text, or shopping-list memos.

We do not store ingredient names, food names, or any user-supplied content after the request is served. Cloudflare may keep short-lived edge-cache copies of identical responses to reduce cost; these expire automatically.

Photos, camera, microphone, and speech recognition

FreshBox can use the camera, photo library, microphone, and Apple Speech Recognition to make adding ingredients faster.

• Camera and photos are used for receipt scanning and ingredient recognition. Vision processing happens on-device. Photos you select or capture are not sent to any server.
• Microphone and speech recognition are used only when you tap the voice input button. Audio is converted to text by Apple's on-device speech engine and discarded after each session.

You can revoke any of these permissions at any time in iOS Settings → FreshBox.

In-app purchases and subscriptions

FreshBox uses Apple's StoreKit framework to offer FreshBox Pro. Apple processes payment, manages renewals, and validates purchases. We receive only a non-personal entitlement signal indicating that the device has an active Pro subscription or lifetime purchase. We do not see your name, payment method, or Apple ID.

You can manage or cancel subscriptions at any time from https://apps.apple.com/account/subscriptions.

Children

FreshBox is not directed to children under 13 and we do not knowingly collect personal information from children. The app does not include behavioural advertising or tracking SDKs.

Tracking and analytics

FreshBox does not use third-party analytics, tracking, or advertising SDKs. The app does not implement App Tracking Transparency tracking and does not share data with data brokers.

Security

All requests to our AI proxy use HTTPS with TLS. Each request is signed with an app-side HMAC key and rejected if the signature is invalid or older than five minutes. Apple's standard sandboxing protects the on-device data store.

Changes to this policy

We will update the date above when this policy changes and surface material changes inside the app. Continued use after a change constitutes acceptance of the new policy.

Contact

Questions, requests for data deletion, or privacy concerns: support@freshboxapp.com.