Privacy Policy

Steamline Last Updated: March 10, 2026 Effective Date: March 10, 2026

1. Introduction

This Privacy Policy (“Policy”) describes how Big Little Comforts LLC, operating the Steamline application (“Company,” “we,” “us,” or “our”), collects, uses, stores, shares, and protects information obtained from users (“you,” “your,” or “User”) of the Steamline mobile application and associated backend services (collectively, the “Service”).

This Privacy Policy explains how information is handled when you use the Service. Your use of the Service is governed separately by the Terms of Service.

If you do not agree with the practices described in this Policy, you should discontinue use of the Service.

We are committed to protecting your privacy and handling personal data responsibly and transparently in accordance with applicable data protection laws, including where applicable:

• General Data Protection Regulation (GDPR);
• California Consumer Privacy Act (CCPA);
• California Privacy Rights Act (CPRA);
• other applicable U.S. state privacy laws and international privacy regulations.

2. Information We Collect

We collect information to operate the Service, improve product functionality, and personalize your experience. Information collected depends on how you use the Service.

2.1 Account and Authentication Data

When you create an account or authenticate with the Service, we may collect:

• email address;
• hashed password credentials;
• display name or username (optional);
• Firebase authentication identifier (UID);
• account verification state;
• authentication provider (for example, email login or OAuth provider).

Users may initially use the Service anonymously. If an anonymous account later becomes associated with login credentials, previously collected data may be linked to the authenticated account.

2.2 Profile and Nutrition-Related Data

To personalize the Service, you may voluntarily provide:

• height;
• weight;
• birth date;
• gender;
• activity level;
• dietary preferences;
• nutrition goals;
• allergy information;
• macro targets or calorie targets.

This information is used solely to generate nutrition guidance, meal planning recommendations, and related personalization features.

This information is treated as potentially sensitive personal data in certain jurisdictions. It is collected only when voluntarily provided by you.

Providing such information is optional; however, certain features may not function fully without it.

2.3 Pantry, Inventory, and Food Data

The Service allows users to track pantry items and food consumption. We may collect:

• food items scanned or entered manually;
• grocery items;
• pantry inventory;
• expiration dates;
• quantities;
• shopping lists;
• meal plans;
• logged meals;
• food preferences;
• dietary patterns inferred from usage.

This information is used to generate meal plans, shopping suggestions, nutrition calculations, and pantry tracking.

2.4 Images and Camera Data

If you use photo-based features, the Service may collect:

• images captured using your device camera;
• images uploaded from your device;
• metadata required for processing images.

Images may be processed to identify food items, ingredients, or pantry inventory. Images are transmitted securely to processing services and used only for the purposes described in this Policy.

Images are not used for advertising profiling.

2.5 Voice and Audio Data

If you enable voice-based features, the Service may process:

• audio commands;
• voice transcripts generated from audio;
• metadata related to voice interactions.

Audio data may be processed by speech recognition systems to enable conversational interaction with the Service. Audio recordings may be temporarily stored to support processing and may be deleted after processing unless required for debugging or service improvement.

2.6 Device and Technical Data

We automatically collect limited technical information required for operation and security:

• device model;
• operating system version;
• app version;
• crash logs;
• diagnostic information;
• network information;
• timestamps;
• session identifiers.

This information helps maintain service stability, prevent abuse, and diagnose technical issues.

2.7 Location Data

The Service may infer general location from:

• IP address;
• device regional settings.

Precise GPS location is not collected unless explicitly requested and authorized by you.

Location information may be used to:

• improve grocery suggestions;
• adjust nutrition databases;
• support localized features.

3. How We Use Information

We use information for the following purposes:

• providing and operating the Service;
• authenticating users;
• generating meal plans and nutrition recommendations;
• maintaining pantry inventory features;
• providing shopping suggestions;
• improving machine learning models that power food recognition;
• troubleshooting technical issues;
• protecting security and preventing abuse;
• communicating service updates;
• complying with legal obligations.

We do not sell personal data.

4. AI Processing and Automated Recommendations

The Service uses automated systems to generate recommendations. These systems may analyze:

• pantry inventory;
• food consumption history;
• nutrition goals;
• dietary preferences;
• activity levels;
• historical interactions with the Service.

Automated outputs may include:

• meal suggestions;
• grocery lists;
• nutrition estimates;
• macro targets;
• food recognition from images;
• pantry quantity estimation.

These outputs are estimates and recommendations only. They do not constitute medical advice, diagnosis, or treatment.

Users can manually override recommendations and correct inventory or meal data at any time.

5. Machine Learning and Product Improvement

Certain information may be used to improve the Service. This may include:

• food recognition models;
• recommendation algorithms;
• error detection;
• quality improvements.

Where permitted by law, de-identified or aggregated data may be used to improve product functionality and machine learning models.

If images or other user content are used for training purposes, they will first be de-identified where reasonably possible.

Users may request that their content no longer be used for training through account settings or by contacting us using the information in Section 15.

Derived models trained on aggregated datasets may not be reversible to identify specific users.

6. How We Share Information

We may share information with service providers that help operate the Service. Examples include:

• cloud infrastructure providers;
• authentication providers;
• analytics providers;
• machine learning infrastructure providers;
• payment processors.

These providers process information only on our behalf and under contractual obligations to protect user data.

We may also disclose information:

• to comply with legal obligations;
• to respond to lawful government requests;
• to enforce our Terms of Service;
• to protect rights, safety, and security.

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal data may be transferred as part of that transaction. We will provide notice prior to personal data becoming subject to a materially different privacy policy.

We do not sell personal information to advertisers or data brokers.

7. Data Retention

We retain personal information only as long as necessary to operate the Service and fulfill the purposes described in this Policy.

Retention periods depend on the type of data:

• Account data: retained until account deletion.
• Inventory and meal history: retained while the account remains active.
• Technical logs: typically retained for security and debugging purposes for a limited period.
• Backups: may retain encrypted copies of data for a limited disaster recovery window.

After account deletion:

• active account data is deleted or anonymized;
• certain technical logs may remain temporarily;
• backup systems may retain encrypted data for a limited period until rotation.

Aggregated or anonymized data that cannot reasonably identify a user may be retained for research or product improvement.

8. Security

We implement reasonable administrative, technical, and organizational safeguards to protect personal information. These measures include:

• encryption in transit;
• encryption at rest where applicable;
• access controls and authentication;
• monitoring systems;
• secure infrastructure;
• regular security updates.

No system can guarantee absolute security, but we take commercially reasonable steps to protect user information.

9. International Data Transfers

The Service may process information on servers located in multiple jurisdictions. When personal data is transferred across borders, we implement safeguards designed to protect personal information in accordance with applicable law. These safeguards may include:

• standard contractual clauses;
• contractual data protection obligations;
• security controls and data minimization practices.

10. Your Privacy Rights

Depending on your location, you may have rights including:

• access to personal data;
• correction of inaccurate information;
• deletion of personal data;
• data portability;
• restriction of processing;
• objection to certain processing.

To exercise these rights, you may contact us using the information in Section 15.

Identity verification may be required before fulfilling certain requests.

These rights are available regardless of subscription tier.

11. California Privacy Rights

California residents may have additional rights under the CCPA and CPRA. These include the right to:

• know what personal information is collected;
• request deletion of personal information;
• correct inaccurate personal information;
• limit certain uses of sensitive personal information;
• opt out of the sale or sharing of personal data.

We do not sell personal data.

Requests may be submitted through the contact methods listed in Section 15.

12. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that personal data from a child under 13 has been collected without verified parental consent, we will take reasonable steps to delete the information.

Users between 13 and 18 should use the Service only with appropriate parental or guardian permission.

13. Third-Party Services

The Service may integrate third-party services for functionality including authentication, cloud hosting, analytics, and machine learning processing. These services operate under their own privacy policies. We require vendors to handle data in accordance with contractual privacy and security obligations.

A list of major service providers may be updated periodically.

14. Changes to This Policy

We may update this Privacy Policy periodically. If material changes occur, we may provide notice through:

• application notifications;
• email communications;
• updated publication within the Service.

The effective date at the top of the Policy indicates the latest revision.

15. Contact Information

If you have questions about this Privacy Policy or wish to exercise privacy rights, you may contact:

Big Little Comforts LLC Email: privacy@steamline.app

Requests related to privacy rights, data access, or deletion will be processed in accordance with applicable laws.

This Privacy Policy was last updated on March 10, 2026.