Privacy Policy

Last updated: March 24, 2026

1. Information We Collect

When you create an account, we collect your name, email address, and optionally your phone number, location (city, state, ZIP), and organization name (for food banks and businesses).

When you post a donation, we collect the item description, photos, weight estimate, pickup location, and category.

We automatically collect device information, IP address, and usage data (pages visited, features used) to improve the Platform.

2. Google Login

If you sign in with Google, we receive only your name and email address from Google. We do not access your contacts, calendar, drive, photos, or any other Google data. We use Google login solely for authentication purposes.

3. How We Use Your Data

We use your information to:

  • Connect food donors with nearby food banks and pantries
  • Generate tax-deductible donation receipts
  • Send transactional notifications (donation claimed, pickup scheduled, receipt ready)
  • Improve the Platform and fix bugs
  • Respond to support requests

4. Data Sharing

We do not sell your personal data to third parties. We do not share your data with advertisers, data brokers, or marketing companies.

We share limited information only when necessary:

  • Food banks: When you post a donation, food banks can see your donation details and first name to coordinate pickup.
  • Courier services: If you request courier delivery, your pickup address and name are shared with the courier provider (e.g., Uber Direct).
  • Payment processors: If you make a payment (delivery fees, donations), Stripe processes your payment securely. We do not store credit card numbers.

We rely on the following third-party service providers to operate the Platform. They process data only on our behalf and only as needed to provide their service:

  • Google / Firebase: We use Firebase Authentication for account sign-in (including Google login), the Firebase Realtime Database to power in-app messaging between donors and food banks, and Google Maps to display locations and provide directions. These services process your account identifiers, messages, and location data as part of those features.
  • Resend: Our transactional and notification emails (donation claimed, pickup scheduled, receipt ready, etc.) are delivered through Resend, which processes your email address and message content to send those emails.
  • Vercel: Our web application is hosted on Vercel, which processes requests to the Platform (including device information and IP address) in order to serve and operate the site.

5. Cookies and Local Storage

We use cookies and browser storage solely for authentication (keeping you logged in) and session management. Specifically, when you sign in we store Firebase Authentication tokens in your browser's local storage, and we may set session cookies, so that you stay signed in across visits. We do not use advertising cookies, tracking pixels, or behavioral analytics cookies from third parties.

To understand overall traffic, we use a privacy-friendly analytics service (Vercel Web Analytics) that counts aggregate page views. It does not build a profile of individual visitors.

6. Real-Time Location During Pickups

During an active pickup, the app may process real-time GPS location shared between the donor and the food bank or courier so the parties can coordinate hand-off. This live location is held ephemerally in our server's memory (a short-lived in-memory store) only for the duration of the active pickup and is discarded shortly afterward. Real-time GPS is not written to Firebase or to long-term storage.

7. Data Security

We use industry-standard security measures including HTTPS encryption, secure authentication tokens, and access controls. Your password is hashed and never stored in plain text.

8. Data Retention

We retain your account data and donation history as long as your account is active. You may request deletion of your account at any time.

When you delete your account, we anonymize your account and the donor-identifying content of your donation records (such as your name, contact details, and personal account information). However, aggregate and legally required donation records — including the information underlying tax-deductible donation receipts — may be retained for up to 7 years to comply with IRS record-keeping requirements and other legal obligations. After anonymization, these retained records are no longer linked to your identity.

9. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information in your profile
  • Delete your account and associated data
  • Export your donation history

To exercise any of these rights, email jeff@pantrydonate.com.

10. Children

Pantry is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the Platform after changes constitutes acceptance.

12. Contact

For privacy questions or data requests, contact jeff@pantrydonate.com.

Pantry · Hallowell, Maine