FoodManager

Privacy Policy

Last updated: February 6, 2026

Introduction

FoodManager ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management service.

Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, and password (stored securely using bcrypt hashing). We also store your role (volunteer, volunteer admin, or super admin) and account creation/update timestamps.
  • Food Bank Data:
    • Food types (name, description, optional photo URL)
    • Container types (name, dimensions)
    • Food units (inventory numbers, weight, volume, food count, expiry dates, status)
    • Food bank associations and partner food bank relationships
    • Inventory snapshots and historical data
  • Audit Trail Data: We maintain a complete audit trail of all status changes to food units, including who made the change, when it was made, and any associated notes.
  • Session Data: We use secure HTTP-only cookies to maintain your login session. These cookies do not contain personal information and are used solely for authentication.
  • Contact Form Data: If you submit our contact form, we collect your name, email, food bank name, and message. This information is sent via email and is not stored in our database.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your account
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Monitor and analyze usage patterns
  • Detect, prevent, and address technical issues

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Password Security: Passwords are hashed using bcrypt before storage. We never store plain-text passwords.
  • Encryption: All data is encrypted in transit (using TLS/SSL) and at rest (via Neon's database encryption).
  • Row-Level Security: Our database uses PostgreSQL row-level security policies to ensure users can only access data for food banks they are associated with.
  • Authentication: All access requires authentication via secure sessions managed by NextAuth.js.
  • Audit Trails: All changes to food unit statuses are logged with user identification and timestamps for accountability.
  • Access Controls: Role-based permissions ensure users can only perform actions appropriate to their role level.

Third-Party Services

FoodManager uses the following third-party services to operate:

  • Neon PostgreSQL: Our database is hosted on Neon's servers. All data is encrypted in transit and at rest. Neon's privacy policy applies to data stored in their systems.
  • Resend: We use Resend to send password reset emails and contact form submissions. Resend processes email addresses and message content as necessary to deliver emails.
  • Vercel (if deployed): If FoodManager is hosted on Vercel, they provide hosting and infrastructure services. Vercel may collect standard web server logs (IP addresses, request timestamps) for operational purposes.

We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information only in the following circumstances:

  • Legal Requirements: When required by law, court order, or to protect our rights and safety
  • With Your Consent: When you have given us explicit permission to share your information

Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete information
  • Request deletion of your account and data
  • Export your data in a portable format
  • Opt out of certain communications

To exercise these rights, please contact us using the information provided in the Contact Us section.

Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active. If you request account deletion, we will remove your personal information (name, email) but may retain anonymized operational data for historical reporting purposes.
  • Inventory Data: Retained indefinitely to maintain historical records of food bank operations. This includes food units, status changes, and audit trails.
  • Soft-Deleted Items: Foods and containers that are deleted are marked with a deletion timestamp but retained in the database to maintain referential integrity with historical food units.
  • Contact Form Submissions: Contact form data is sent via email and not stored in our database. Email retention is subject to your email provider's policies.

We may retain certain information longer if required by law or to protect our legal interests.

Cookies and Tracking

FoodManager uses the following types of cookies:

  • Session Cookies: Essential cookies used by NextAuth.js to maintain your login session. These are HTTP-only and secure, meaning they cannot be accessed by JavaScript and are only sent over encrypted connections.
  • No Tracking Cookies: We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.

You can control cookies through your browser settings, but disabling session cookies will prevent you from logging in.

Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Contact Form

← Back to Home