Tablespread Privacy Policy
Last Updated: June 26, 2026 • Effective Date: June 26, 2026
Plain-Language Summary
Before the legal detail, here is the short version. If anything here conflicts with the full policy below, the full policy controls.
- What Tablespread is: a menu-planning web app. You capture recipes, plan meals, build shopping lists, keep a pantry, and share it all within your household.
- What we collect: your account info (via Google Sign-In); the recipes, meal plans, shopping lists, and pantry items you create; food allergies and dietary preferences you record for yourself and for named household members; receipts you scan; barcodes you scan; who is in your household; and subscription/billing status. Plus basic usage data like device and IP address.
- What our AI sees: to generate recipes, parse recipes from photos/links, build lists, and estimate nutrition, we send the relevant inputs (e.g., your request, the recipe text or image, your dislikes/allergies/dietary settings) to Anthropic, our AI provider, which processes them and returns a result.
- Allergy and dietary data: food-allergy information tied to a named person may be treated as sensitive “consumer health data” in some states. We handle it accordingly, do not sell it, and do not use it for advertising.
- What we don’t do: we don’t sell your personal information, we don’t use it for advertising or marketing profiling, and we don’t use your individual content to train AI models for advertising purposes.
- Payments: Stripe processes payments. Tablespread does not store your full card number — Stripe does.
- Your rights: you can access, correct, export, or delete your data. Depending on your state or country, you may have additional rights (CCPA/CPRA, Washington/Nevada/Connecticut health-data laws, GDPR).
- Deleting your data: email us to request deletion; we remove it from active systems within 30 days, with backups purging within 90 days.
- Who we are: SanctumTools LLC, High Point, NC. Questions: melanie@sanctumtools.com.
1. Who We Are
SanctumTools LLC (“SanctumTools,” “Tablespread,” “we,” “us,” or “our”) provides Tablespread, a menu-planning and household food-management web application and related services (the “Service”). By using the Service, you agree to the collection and use of information as described in this Privacy Policy. Capitalized terms not defined here have the meaning given in the Tablespread Terms of Service.
Contact: SanctumTools LLC, 413 Cable Street, High Point, NC 27260 · melanie@sanctumtools.com · (336) 695-7270
2. What Data We Collect
2.1 Account Information
When you create an account or join a Household, we collect: - Name and email address (typically via Google Sign-In / Firebase Authentication); - Authentication identifiers managed by Firebase; - Account creation date and your Household role (Owner / Member; planner, shopper, view-only, or staff).
2.2 Content You Create (“Service Content”)
Data you enter, capture, or generate in the Service, including: - Recipes you capture by photo/screenshot, link (URL), or typed text, and the parsed/structured versions of them; - Recipes and meal plans generated by the AI “Sous Chef”; - Your recipe library and per-recipe metadata (favorites, family-favorite tags, times cooked, last-made and date-added labels, like/dislike signals); - Weekly menus and meal plans; - Shopping lists and check-off status; - Pantry items (added by barcode scan, photo, or manual entry), including optional light quantity/weight for fresh items; - Food dislikes and dietary preferences/goals (e.g., vegetarian, vegan, low-sodium, heart-healthy); - Notes and other content you enter.
2.3 Household-Member Allergy and Dietary Data — Sensitive
The Service lets you record food allergies and dietary needs for yourself and for named members of your Household (for example, that a specific member is allergic to milk). We treat food-allergy information tied to an identifiable person as sensitive data and handle it as described in Sections 4 and 5. You should only enter another person’s allergy or dietary information if you have the authority or consent to do so (see Section 9).
2.4 Receipts and Barcode Data
- Scanned receipts: when you photograph a receipt, the image is processed (optical character recognition) to extract line items so that you can add them to your pantry. A planned premium feature (the “Household Learning Engine,” not yet active) would use extracted purchase data to detect frequently purchased items and suggest whether each is a pantry staple or a family favorite (and for whom). Until that feature is launched, the Service does not build a background spend-history profile from your receipts; if and when it does, we will update this Policy.
- Barcode scans: when you scan a product barcode to populate your pantry, the UPC is looked up against the Open Food Facts product database to identify the item.
2.5 Usage Data
Automatically collected when you use the Service: - Device type and operating system; - Browser type and version; - IP address (for security, abuse detection, and session management — not for advertising or cross-site tracking); - Features accessed, and time/date of access.
2.6 Payment Information
If you subscribe to a paid plan: - Payment processing is handled by Stripe. - We do not store your full credit/debit card number, CVV, or other full payment-card data — Stripe does, under its own terms and PCI-DSS obligations. - We retain billing status, subscription tier, renewal dates, and a Stripe customer/subscription identifier.
3. How We Use Your Data
We use the data we collect to: - Provide the Service — store and display your recipes, menus, lists, pantry, and household data back to you and your Household; - Power the AI Features — process your inputs to generate recipes/meal plans, parse captured recipes, consolidate shopping lists, estimate nutrition, and assist with allergen/dietary filtering; - Learn your household’s tastes — use your in-app signals (made/liked/disliked) and receipt-derived purchase patterns to make suggestions more relevant to your Household; - Process payments and manage subscriptions — via Stripe; - Communicate with you — service updates, security and billing notices, and support responses (and, with your consent where required, product news you can opt out of); - Maintain and improve the Service — using aggregated and de-identified usage data; - Protect the Service — detect and prevent abuse, fraud, and violations of our Terms; - Comply with law.
We do not sell your personal information, use your content for third-party advertising or marketing profiling, or use your individual Service Content to train AI models for advertising purposes. (On AI-model training generally, see Section 4.3.)
4. How We Share Your Data
4.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under applicable law.
4.2 Service Providers (Processors)
We share data with trusted third-party providers who help operate the Service, only as needed to provide it and under obligations to protect it:
| Provider | Purpose | Data involved |
|---|---|---|
| Google Firebase / Firestore (Google Cloud) | Data storage and authentication | Account info, and your Service Content (recipes, menus, lists, pantry, household-member profiles including allergy/dietary data) |
| Google Sign-In | Authentication | Name, email |
| Anthropic, Inc. | AI processing — recipe generation, recipe parsing, list consolidation, nutrition estimation, allergen/dietary assistance | The relevant inputs for a given AI request (e.g., your request text, captured recipe text/image, and the dislikes/dietary/allergen settings needed to honor them) and the AI output |
| Stripe | Subscription billing and payment processing (applicable once paid Subscriptions launch) | Billing/subscription identifiers and payment data you enter at checkout (card data goes to Stripe, not us) |
| Open Food Facts | Barcode/product lookup for the pantry | Scanned UPC codes |
Tablespread does not use a third-party email marketing or transactional email provider. Any account or notice emails are sent through Google (Firebase Authentication / Google Workspace).
4.3 AI Processing — Anthropic
Important disclosure: when you use the AI Features, the relevant inputs are transmitted to Anthropic, Inc. for processing under Anthropic’s commercial API terms, and Anthropic returns the result. We encourage you to review Anthropic’s privacy policy.
Under Anthropic’s standard commercial API terms, the inputs and outputs we transmit are not used to train Anthropic’s models. Anthropic may retain data for a limited period to operate and secure its service, and may retain data flagged by its trust-and-safety systems for longer, as permitted by its commercial terms.
What is transmitted: only the inputs needed for the specific AI task — for example, the recipe text or image you are parsing, your generation request, and the dislikes/dietary/allergen settings that the AI must honor to avoid suggesting an excluded ingredient. We do not transmit your billing data or your scanned receipt images to Anthropic for unrelated purposes.
Note on third-party retention: a deletion request to us removes your data from our systems but does not automatically delete data already processed by Anthropic, which is subject to Anthropic’s own retention schedules.
4.4 Legal Requirements
We may disclose information if required by law, court order, or government authority, or if we believe in good faith it is necessary to comply with a legal obligation, protect the rights or safety of SanctumTools, our users, or the public, or investigate fraud or security issues.
4.5 Business Transfers
If SanctumTools is involved in a merger, acquisition, or sale of assets, your data may transfer as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
5. How We Protect Your Data
5.1 Security Measures
We implement industry-standard safeguards, including: - Encryption in transit (HTTPS/TLS); - Encryption at rest via Firebase/Firestore; - Access controls limiting internal access to user data; - Firebase Authentication for secure login; - Household-scoped access controls so a Household’s data is visible only to its Members per their roles.
5.2 Sensitive Data Handling
We recognize that food-allergy data tied to a named person can be sensitive. We do not display your Household’s allergy/dietary data to anyone outside your Household, do not use it for advertising or profiling, and do not sell it.
5.3 Limitations
No internet transmission or storage is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security, and you use the Service at your own risk regarding data security.
5.4 Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users in accordance with applicable state and federal law, without unreasonable delay and within any timeframe required by the relevant statute. Notice may be provided by email to your registered address or by prominent in-Service notice.
5.5 Not HIPAA Covered
SanctumTools is not a healthcare provider, health plan, or healthcare clearinghouse, is not a HIPAA “covered entity,” and is not subject to HIPAA. We nonetheless apply strong security practices to the data we hold.
6. Data Retention and Deletion
- Account data: retained while your account is active and for up to 30 days after deletion.
- Service Content (recipes, menus, lists, pantry, household-member allergy/dietary data, receipt-derived data): retained while your account/Household is active; removed from active databases within 30 days of account/Household deletion.
- Backup systems: residual copies of deleted data may persist in secure, encrypted backups for up to 90 days under standard disaster-recovery rotation, after which they are purged.
- Usage/log data: retained for up to 12 months.
- Payment records: retained as required by law (typically up to 7 years).
- Third-party data: deletion requests to us apply to data in our active systems. Data already processed by Anthropic, Google Firebase, Stripe, or other providers is subject to those providers’ own retention schedules and may not be deleted on your request to us.
This carries over the 30-day-delete / 90-day-backup-purge commitment from the SanctumTools User Agreement and Privacy Policy, and is stated consistently in the Tablespread Terms of Service.
7. Your Rights and Choices
7.1 Access, Correction, and Portability
You may access the personal data we hold about you, request a copy in a portable format, and correct inaccurate data — through your account settings or by contacting us.
7.2 Deletion
You may request deletion of your account and associated data by emailing melanie@sanctumtools.com with subject “Data Deletion Request.” We process deletion requests within 30 days, with backups purged within 90 days (see Section 6).
To remove a specific household member’s information (for example, one person’s allergy entry) without closing your entire account, the account holder can edit or delete that information directly in the app, or email the same address to request its removal. This applies to information about a named person who does not have their own account.
7.3 Communication Preferences
You may opt out of non-essential communications (product news) anytime via the unsubscribe link or by emailing us. You cannot opt out of essential service communications (security, billing, and account notices).
7.4 California Residents — CCPA/CPRA
If you are a California resident, you have the right to: know the categories and specific pieces of personal information we collect, use, and disclose; delete your personal information; correct inaccurate personal information; opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising); limit the use and disclosure of sensitive personal information; and not be discriminated against for exercising these rights. To exercise these rights, contact melanie@sanctumtools.com.
Categories collected/disclosed: See Section 2 (categories collected) and Section 4.2 (categories disclosed to service providers). We disclose the categories in Section 2 to the service providers in Section 4.2 for the business purposes in Section 3. We do not sell or “share” personal information.
7.5 Washington, Nevada, and Connecticut Residents — Consumer Health Data
If you are a resident of Washington State, Nevada, or Connecticut, state consumer-health-data laws may give you additional rights regarding health-related information, which may include the food-allergy information you or your Household records. These may include the right to confirm whether we collect your consumer health data, access it, delete it, withdraw consent to its collection and sharing, and appeal a denied request. To exercise these rights, contact melanie@sanctumtools.com with subject “Consumer Health Data Request.”
7.6 Do Not Track / Global Privacy Control
Tablespread does not sell or share your personal information and does not engage in cross-site tracking for advertising. Because there is no sale or sharing of personal data to opt out of, the Service does not process browser Do Not Track (DNT) or Global Privacy Control (GPC) signals. If we ever introduce any practice that would constitute a “sale” or “share” under applicable law, we will update this Policy and honor opt-out preference signals as required.
7.7 International Users
The Service is operated in the United States. If you access it from outside the US, your data will be transferred to and processed in the US, and you consent to that transfer. If you are in the EU/UK or another jurisdiction with comprehensive data-protection law, additional rights may apply (access, rectification, erasure, restriction, portability, objection); contact us to exercise them.
8. Cookies and Tracking
Tablespread uses limited cookies and similar technologies to maintain your login session, remember preferences, and analyze aggregate, de-identified usage. We do not use tracking cookies for advertising or third-party marketing. You can control cookies via your browser, but disabling them may affect functionality.
9. Children’s Privacy and Household Minors
Tablespread accounts may only be created by, and are intended for, adults 18 and older. Minors do not create accounts or log in to the Service. We do not knowingly collect personal information directly from children.
The Household feature does, however, allow an adult Owner or Member to store information about other people in the household — including a minor’s name, food allergies, and dietary needs — within the adult’s own account. That information is entered and managed by the adult, not by the minor.
- Minors may not create an account or hold a login.
- If an adult enters a household member’s information (including a minor’s allergy or dietary data), the adult is responsible for that information and confirms that they have the authority to provide it.
- We do not knowingly allow a child under 13 to create an account. If we learn we have collected account information directly from a child under 13, we will delete it.
To be clear about the two ages mentioned here: our own rule is that account holders must be 18 or older. The references to age 13 reflect the additional minimum set by federal law (the Children’s Online Privacy Protection Act, “COPPA”), which we also honor.
10. Changes to This Privacy Policy
We may update this Policy. We will notify you of material changes by posting the updated Policy with a new “Last Updated” date and, for material changes, by email and/or in-Service notice. For non-material changes, continued use after posting constitutes acceptance. For material changes affecting how we collect, use, or share your sensitive or consumer-health data, we will seek your affirmative consent or provide a clear opportunity to decline before the change applies to you.
11. How to Contact Us
For privacy questions or data requests:
SanctumTools LLC 413 Cable Street High Point, NC 27260 Email: melanie@sanctumtools.com (subject line “PRIVACY POLICY” or the specific request type) Phone: (336) 695-7270
We aim to respond to privacy inquiries within 30 days.
— END OF PRIVACY POLICY —