How Spread handles your data

This Privacy Policy describes how Spread, LLC ("Spread," "we," "us," or "our") collects, uses, shares, and protects information when you use the Spread mobile application and related services (the "Services").

We've tried to write this in plain English. If anything is unclear, please email us at ashley@spreadapp.co.

This policy applies to all users of the Services in the United States. We do not currently offer the Services outside the United States.

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. The Short Version

For users who don't want to read the whole document, here's the substance:

• We collect information you provide (account info, allergies, events, recipes) and basic technical information needed to run the app.
• We share information between users only as the app's features require — for example, your allergies are visible to hosts of events you RSVP to, but only if you choose to share them.
• We do not sell your data.
• We do not use your data for advertising.
• Your private reaction journal is never shared with anyone.
• We use Supabase to store your data, Sentry to track errors, and Anthropic's API in two specific cases: (1) we built the initial allergen detection database with it offline, and (2) when a user adds a brand-new custom allergen (like "pork" or "alpha-gal"), we send only the allergen name to Anthropic to generate a list of ingredient synonyms, which we store and reuse for all users. No personally identifiable information, recipes, events, reactions, or other user data is ever sent to Anthropic.
• You can delete your account at any time. We will delete your data within 30 days of a deletion request.
• The app is for users 18 and older.

The rest of this document explains each of these points in detail.

2. Information We Collect

Account Information

When you create an account, we collect:

• Your email address (from the sign-in method you choose).
• A unique account identifier from your sign-in provider (Apple, Google, or Supabase Auth for email/password).
• Authentication tokens used to keep you signed in.

If you sign in with Apple, you may choose to use Apple's Hide My Email feature, in which case we receive a relay email address (@privaterelay.appleid.com) rather than your actual email. We never receive your real email in that case.

Profile Information

When you set up or edit your profile, we collect what you choose to enter:

• Display name.
• Avatar photo.
• Location (city or region — text you enter, not GPS coordinates).
• App preferences (such as whether you've completed onboarding).
• Privacy settings (visibility level, name display preferences).

Allergy and Dietary Information

When you set up your allergy profile, we collect what you choose to enter:

• Allergens (from the standard list, or custom allergens you create).
• Severity level for each allergen (severe, avoid, or inform).
• Reaction severity (mild, moderate, severe).
• Per-allergen sharing consent (whether to share with hosts, with attendees, or neither).

This information is sensitive. See Section 7 for how we handle it.

Event Information

When you create or RSVP to events, we collect:

• Event details: name, date, time, location, description, photo (when you create an event).
• Your RSVP status and any note you send to the host.
• Dishes you add to or claim at events.

Recipe Information

When you create or import recipes, we collect:

• Recipe content: title, description, ingredients, instructions, photos, prep/cook/rest times, servings, difficulty, notes.
• Recipe attribution information: source name, URL, and author for imported recipes.
• Dietary tags you assign.
• Your bookmarks (saved recipes).

Household Member Information

When you add household members, we collect what you choose to enter about them:

• Name.
• Allergens and severity levels.

By adding a household member, you confirm that you have the authority to enter this information about them. See Section 6 for more on how household members are handled.

Reaction Journal Entries

When you log allergic reactions, we collect what you choose to enter:

• Description of what was eaten and where (event, recipe, restaurant, or other).
• Symptoms experienced.
• Severity of the reaction.
• Onset time.
• Suspected trigger (allergen).
• Whether the trigger was confirmed.
• Notes and photos.

Reaction journal entries are strictly private. They are never shared with any other user, including event hosts. See Section 7.

Tag Reports

When you flag an incorrect allergen tag on a recipe, we collect:

• The recipe and tag in question.
• Your structured reason (not_this_allergen, different_allergen, cross_contamination, or other).
• Any free-text notes you provide.

Technical Information

We automatically collect basic technical information needed to operate the app:

• Device type and operating system.
• App version.
• Approximate location based on IP address (for security purposes only — not for advertising or tracking).
• Crash reports and error logs (via Sentry — see Section 8).

We do not collect:

• Your contacts.
• Your photo library (except photos you specifically choose to upload).
• Your precise GPS location.
• Your browsing history outside the app.
• Information for advertising purposes.

3. How We Use Your Information

We use the information we collect to:

Operate the app. Provide the core features: account management, event creation and RSVPs, recipe management, allergen detection, household management, reaction logging.

Enable the multi-user features. Display your information to other users (hosts, guests) according to the privacy settings you choose. See Section 5.

Communicate with you. Send you service-related notifications: event reminders, RSVP updates, security alerts, and changes to this policy. We may also occasionally email you about new features, but you can opt out of non-essential communications at any time.

Improve the app. Use crash reports and aggregate usage patterns (no individual user information) to find and fix bugs, improve performance, and develop new features.

Improve allergen detection. Use your tag reports (and aggregated information about which recipes get flagged) to improve the allergen detection database. We do not share your individual reports with other users.

Maintain safety and prevent abuse. Detect and respond to violations of our Terms of Use, security incidents, and harm to other users.

Comply with legal obligations. Respond to lawful requests from law enforcement, comply with court orders, and meet legal requirements.

We do not:

• Sell your data.
• Use your data for targeted advertising.
• Share your data with data brokers.
• Use your reaction journal entries for any purpose other than displaying them to you.

4. How Information Is Shared

Information you choose to share with other users

The app's core function involves sharing information between users. See Section 5 for details.

Information shared with service providers

We share data with third-party providers that help us operate the app. See Section 8 for the full list.

Information shared for legal reasons

We may share your information if required by law or in response to:

• A subpoena, court order, or legal request.
• A request from law enforcement that we believe in good faith requires us to comply.
• A need to enforce our Terms of Use.
• A need to protect the safety, rights, or property of you, us, or others.
• An emergency situation involving potential serious harm.

Information shared in business changes

If Spread, LLC is acquired, merges with another entity, or undergoes other corporate restructuring, your information may be transferred to the successor entity. If this happens, we will notify you via email and the app, and you will have the right to delete your data before the transfer.

Information NOT shared

We do not share your data:

• For advertising purposes.
• With data brokers.
• With analytics companies that aggregate user data across services.
• With AI services for training their models. (Anthropic is used for two specific purposes described in Section 9: building the allergen database from public ingredient data, and generating synonym lists when a user registers a new custom allergen. Per Anthropic's API terms, data submitted via API is not used for training their models.)

5. Information Shared Between Users

The core function of the app involves sharing information between users. This section explains exactly what is shared, with whom, and under what circumstances.

Profile information

Your profile information (name, avatar, location) is visible to other users based on your profile visibility setting:

• hosts_only — Only hosts of events you RSVP to can see your profile.
• friends — Users you've connected with as friends can see your profile (when this feature is implemented).
• anyone — Any other user of the app can see your profile.

You can change this setting at any time in your profile settings.

You can also separately hide your name from event guest rosters by toggling the show_name_on_roster setting.

Allergy information — per-allergen privacy

Your allergy information uses granular, per-allergen privacy controls. For each allergen on your profile, you choose:

• show_to_organizers — Whether the host of an event you RSVP to can see this allergen.
• show_to_attendees — Whether other guests at events you attend can see this allergen.

If you turn both off for a given allergen, that allergen is private to you and is not visible to anyone else, even though it remains in the system to support your own personal recipe and dish safety checks.

Hosts can see allergens you have set to show_to_organizers = true for guests who have RSVPed to their events. This is necessary for the host to plan a menu that's safe for you. The host sees your allergens alongside your name (or, if you've turned show_name_on_roster off, anonymized).

Event information

When you create an event:

• Your name (as host) is visible to guests you invite.
• Event details (name, date, time, location, description, photo) are visible to invited guests.
• Dishes added to the event, and who is bringing them, are visible to guests.
• Aggregate allergen information (e.g., "two guests have peanut allergies") may be visible to all guests if you choose to share it for menu planning.

When you RSVP to an event:

• Your name (or anonymized identifier if you've hidden your name) and RSVP status are visible to the host.
• Your allergens (per the privacy settings above) are visible to the host.
• Other guests may see your name and RSVP status depending on the host's settings.

Recipe information

When you create a recipe:

• The recipe is visible to other users who can browse the recipe library, unless you mark it private (when this feature is implemented).
• Your name as the recipe author may be visible.
• Imported recipes display their original source attribution.

Reaction journal — never shared

Your reaction journal entries are strictly private and are never shared with any other user. This includes event hosts, even for events at which you logged a reaction. The journal is for your personal record only.

We display reaction logs only to you and may use aggregated, anonymized patterns to improve the allergen detection database. We do not share individual reaction logs.

Tag reports — limited sharing

When you flag an incorrect allergen tag, your report is visible to:

• You.
• Spread administrators reviewing the report.

Your individual reports are not visible to other users.

6. Household Members

The app allows you to manage allergy profiles for non-account household members (such as children, elderly relatives, or guests in your household who don't have their own accounts).

Your responsibility when adding a household member

By adding a household member, you represent and warrant that you have the authority and consent to enter and manage their personal information, including their name and allergy information. This is your responsibility, not ours.

For minors in your household, this means you are the parent or legal guardian, or you have explicit permission from the parent or legal guardian.

For adults in your household, this means you have their explicit consent to manage their information.

How household member data is used

Household member data is used to:

• Display allergen information for that household member when you check recipes or events for safety.
• Allow you to share their allergen information with hosts of events the household member is attending (if you choose to do so).

Household members do not have separate accounts

Household members do not have their own Spread accounts. They cannot directly access the app. You manage their information on their behalf.

If a household member later wants to create their own Spread account (for example, when a child becomes an adult), the app provides an invite token mechanism that allows them to claim their information and migrate it to their own account.

Deleting household member data

You can delete household member data at any time. When you delete it, it is removed within 30 days, in the same manner as your own data.

If you delete your own account, all household members associated with your account are also deleted, unless they have already migrated to their own accounts via the invite mechanism.

Special considerations for children

The app is for adults (18+). Children are not permitted to create accounts. Information about children that you enter as a household member is treated with the same care as adult household member information, but you should be aware:

• We do not knowingly collect personal information from children directly.
• If you enter information about a child, you represent that you are the parent or legal guardian and that you have the authority to do so.
• Information about a child that is shared with hosts (per the per-allergen privacy controls) is shared by you, not by the child.
• You should consider carefully which household member information you choose to share with hosts.

7. Sensitive Information

The app handles several categories of information that we treat with particular care.

Allergy and medical condition data

The allergens, severity levels, conditions, and reactions you enter are sensitive personal information. Although this data is not formally protected health information under HIPAA (because we are not a healthcare provider, insurer, or business associate), we treat it with care:

• We give you granular per-allergen privacy controls (see Section 5).
• We do not share this information with advertisers, data brokers, or anyone outside the service providers needed to run the app.
• We do not use this information for AI training.
• You can delete this information at any time.

Reaction journal entries

Reaction logs are the most sensitive data the app handles. You log them when you've had an adverse reaction to food, including symptoms, severity, and suspected triggers.

• Reaction journal entries are strictly private and visible only to you.
• We do not share them with hosts, other guests, family members (even if they are household members), or anyone else.
• We do not use individual reaction logs for any purpose other than displaying them to you.
• We may use aggregated, fully anonymized patterns (e.g., "X% of users report reactions to ingredient Y") for product improvement, but only after fully removing personal identifiers.

Children's information

If you enter information about children as household members, we treat that information with at least the same care as adult information. See Section 6.

Your right to remove sensitive information

You can remove any allergen, condition, or reaction log from your account at any time, through the app. Removed information is deleted within 30 days from active systems, though limited backups may persist for a short additional period before being purged.

8. Service Providers and Third Parties

We use the following third-party services to operate the app. Each is bound by its own privacy practices, which you can review at the linked URL.

We do not use third-party advertising networks, analytics platforms that aggregate data across services, or services that resell your data.

Supabase, specifically

Supabase is our primary infrastructure provider. They host our database, authentication system, file storage, and edge functions. Supabase is contractually bound to handle our data only as we direct. They do not use the data for their own purposes. We use their U.S. infrastructure.

Sentry, specifically

Sentry receives error reports when the app crashes or encounters bugs. These reports may include stack traces and error messages, device information, app version, and a user identifier. Sentry does not receive your allergens, reactions, recipes, or other content data.

Recipe import edge function

When you import a recipe from a URL, our edge function receives the URL, fetches the page, extracts ingredient and metadata information, and returns it to your app. The edge function blocks requests to private IP addresses and applies a 9-second timeout. We do not store the URL fetch in any third-party service.

9. AI and Machine Learning

We believe in being transparent about how AI tools are used in connection with this app.

How AI was used to build the app

This app was built by an individual developer (Ashley Nicole Cogell) during alpha testing with the assistance of AI coding tools, including Claude Code by Anthropic. AI tools were used for code generation, debugging, and content drafting under the developer's direction. Your data was not involved in this development process.

How AI was used to build the allergen database

The allergen detection database was built using Anthropic's Batch API in an offline seed pipeline, before the app went into testing. Specifically:

• Public ingredient data was processed in batches to map ~12,985 canonical ingredients to allergen categories.
• Anthropic's Haiku model was used to normalize ingredient name variations.
• Anthropic's Sonnet model was used to map ingredients to the Big-9 allergens and extended dietary frameworks.
• Outputs were stored as deterministic SQL records in our database.

No user data was used in this process.

How allergen detection works at runtime

When you save a recipe, the app analyzes its ingredient list to identify allergens by matching against our pre-built ingredient database entirely within Supabase. No external API call is made when analyzing a recipe. Your recipe content stays within our infrastructure.

Custom allergen registration (limited runtime AI use)

This is the only feature in the running app where any user-entered data is sent to a third party.

What triggers it: A user saves a custom allergen to their allergy profile that isn't in our standard allergen list.

What is sent to Anthropic: Only the allergen name as the user typed it — for example, the string "alpha-gal" or "pork". No user ID. No account information. No other profile data.

What Anthropic returns: A list of ingredient name strings that contain or imply that allergen (a synonym list), which is stored in our database.

How often this happens: Once per unique allergen across the entire user base. If a second user adds the same custom allergen, the call is skipped entirely — the stored synonyms are reused.

Anthropic's data handling: Per Anthropic's API terms, customer data submitted via API is not used to train their models.

What is never sent to AI services

To be explicit, none of the following ever leaves our infrastructure for AI processing:

• Your allergy profile (your specific allergens, severity levels, privacy settings).
• Your reaction journal entries.
• Your household member information.
• Your events, RSVPs, or guest lists.
• Your recipe ingredients (beyond the one-time custom allergen registration described above).
• Your name, email, account info, or any other identifying information.

AI accuracy limitations

Because the allergen database was built and is extended using AI tools, it may contain errors. Some ingredients may be incorrectly mapped, missing, or assigned to the wrong allergen category. We provide tag reports as a way to flag these errors and review and correct them. This is part of why our Terms of Use emphasize that the app is not a substitute for direct verification of food safety with hosts.

10. Cookies, Tracking, and Analytics

The app does not use cookies (it's a mobile app, not a website).

The app does not use third-party advertising trackers.

The app does not use analytics platforms that aggregate user data across services.

Within the app, we record your interactions only for purposes necessary to operate the app: knowing whether you've completed onboarding, knowing your sign-in state, knowing what events you've created or RSVPed to, and similar. This information is part of your account data, not separate tracking.

11. Your Privacy Choices and Controls

You have meaningful control over your information in the app.

Profile and visibility

• Edit your profile information at any time.
• Choose your profile visibility level (hosts_only, friends, anyone).
• Hide your name from event rosters by toggling show_name_on_roster.

Per-allergen privacy

For each allergen on your profile, set show_to_organizers and show_to_attendees independently. Changes apply going forward; information already shared with hosts of past or current events remains visible to those hosts unless you remove the allergen entirely.

Communication preferences

• Opt out of non-essential email and push notifications through your account settings.
• You cannot opt out of essential communications (security alerts, account changes, legal notices).

Data access and portability

View all your data in the app. Request a copy of your data by emailing ashley@spreadapp.co. We'll provide it in a reasonable format within 30 days.

Data deletion

Delete your account at any time through the app or by emailing us. Delete specific items (recipes, journal entries, household members) without deleting your whole account.

12. Data Retention and Deletion

We keep your data while your account is active. When you delete data within the app:

• The data is removed from active systems within 30 days.
• Limited backups may retain a copy for an additional period before purging (typically up to 90 days total).
• Information already shared with other users (such as your name visible to hosts of past events you attended) may persist with those users to the extent it has already been shared.

13. Account Deletion

You can delete your account at any time through the in-app account deletion feature in your profile settings, or by emailing us at ashley@spreadapp.co.

When you delete your account:

• Your profile, allergens, household members, recipes, journal entries, and saved bookmarks are deleted from active systems within 30 days.
• Events you hosted continue to exist for guests who RSVPed to them, but identifying information about you (your name as host) is anonymized.
• Events you RSVPed to continue to exist for the host and other guests, but identifying information about you is anonymized.
• Allergen information you previously shared with hosts of past events may persist in their event records, anonymized.
• Information you contributed to community features (such as tag reports) may persist in anonymized form for accuracy improvement.
• Limited backups may retain copies for up to 90 days before being purged.
• Limited records may be retained for legal, security, or fraud prevention reasons.

14. Children's Privacy

The app is for users 18 and older. We require all users to confirm they are 18 or older when they sign up.

Children may not create their own accounts. We do not knowingly collect personal information from children under 13 directly through the app.

The app allows adult users to add household members under 18, including children. By adding a child as a household member, the user represents that they are the parent or legal guardian, or that they have explicit permission from the parent or legal guardian.

If you believe we have collected information directly from a child under 13 without parental consent, please contact us at ashley@spreadapp.co and we will promptly investigate and delete such information.

15. Security

We take reasonable measures to protect your information:

• All data in transit is encrypted (HTTPS).
• All data at rest in Supabase is encrypted.
• Database access is controlled by Row-Level Security policies enforced at the database level, ensuring users can only access their own data and data shared with them.
• Authentication uses standard secure protocols (OAuth 2.0, JWT).
• The service role key (which would bypass security policies) is never embedded in the app and is used only in offline batch processes.

However, no system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you within a reasonable time. If you become aware of a security issue, please report it to us at ashley@spreadapp.co.

16. International Users

The Services are intended for users in the United States. Our infrastructure is hosted in the United States. If you access the Services from another country, your information will be transferred to and processed in the United States, which may have different privacy laws than your country.

We do not currently market or design the Services for use outside the United States. Users outside the United States access the Services at their own risk and are responsible for compliance with their local laws.

17. State-Specific Privacy Rights

Several U.S. states have enacted privacy laws giving residents specific rights. We honor these rights for residents of any state that has enacted them, including California, Colorado, Virginia, Connecticut, Utah, and others.

Your rights may include

• The right to know what information we collect about you.
• The right to access a copy of your information.
• The right to correct inaccurate information.
• The right to delete your information.
• The right to opt out of the sale or sharing of your information for advertising (we do not sell or share for advertising).
• The right to non-discrimination for exercising these rights.

How to exercise your rights

Email ashley@spreadapp.co with your request. We will respond within 30 days (or 45 days for complex requests, with notice). We may request information to verify your identity before fulfilling certain requests.

California-specific notes

If you are a California resident under the CCPA: we do not sell your personal information, we do not share your personal information for cross-context behavioral advertising, and you may designate an authorized agent to make requests on your behalf.

Colorado-specific notes

If you are a Colorado resident under the Colorado Privacy Act: we do not engage in targeted advertising, sale of personal data, or profiling that produces legal effects. You may exercise your rights as described above.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last updated" date at the top.
• For material changes, we will notify you in advance via email and an in-app notice, with at least 30 days' notice before the change takes effect.
• For minor changes (such as clarifications or typo corrections), we may make changes without specific notice.

Your continued use of the Services after a change becomes effective constitutes acceptance of the updated Privacy Policy.

19. Contact Us

For any questions about this Privacy Policy, your data, or to exercise your rights:

Ashley Nicole Cogell, on behalf of Spread
Email: ashley@spreadapp.co

For privacy-specific inquiries, please use the same email and indicate "Privacy Inquiry" in the subject line.

For emergencies, do not contact us. Call 911 (or your local emergency number) immediately.

---

This Privacy Policy was last updated on May 11, 2026.