App Privacy Label
This page documents the data-collection answers Pantry submits in App Store Connect → App Privacy. Use it as the source of truth when preparing the App Store listing — it should match what the “Privacy Nutrition Label” displays on the product page.
For full background, see the Privacy Policy.
Summary
Data the developer collects: None.
Pantry does not collect or transmit user data to any developer-controlled server. All user content lives in:
- Apple’s CloudKit (the user’s own private database under their Apple ID), OR
- The user’s device local storage.
The single third-party request the app makes (to Open Food Facts on barcode scan) sends only the barcode digits and the request’s IP address — no user identifier — and is described under “Third-Party Data Use” below.
App Privacy Form Answers
Does your app collect any data?
No.
When you select “No” in App Store Connect, the rest of the data-categories form is suppressed; the resulting Privacy Nutrition Label reads “Data Not Collected.”
If reviewers ask about CloudKit: Apple’s documentation explicitly states that data stored in the user’s iCloud account does not count as developer-collected data for the purposes of the App Privacy Label. (Same reasoning as iCloud Drive, Photos, Notes, etc. — Apple is the data custodian, not the app developer.)
Data the user stores (for reference; not part of the label)
For transparency with reviewers, this is what the app stores on the user’s behalf:
| Category | What | Where | Linked to identity? | Used for tracking? |
|---|---|---|---|---|
| User Content — Photos | Item thumbnails the user takes or imports | Local SQLite + user’s iCloud | No (private CloudKit) | No |
| User Content — Other | Item titles, quantities, expiration dates, notes, household names, tag names, UPC barcodes | Local SQLite + user’s iCloud | No (private CloudKit) | No |
| Diagnostics | None | n/a | n/a | n/a |
| Usage Data | None | n/a | n/a | n/a |
| Identifiers | None | n/a | n/a | n/a |
None of the above leaves Apple’s ecosystem (device + iCloud) under our control.
Third-party data use (Open Food Facts)
The app makes one type of outbound network request: a UPC barcode lookup against the Open Food Facts public API when the user scans or manually enters a UPC that isn’t already in their local cache.
| Field | Value |
|---|---|
| Third party | Open Food Facts (non-profit, France) |
| Endpoint | https://world.openfoodfacts.org/api/v2/product/{barcode}.json |
| Data sent | Barcode digits, request IP, app User-Agent string |
| User identifier sent | None |
| Authentication | None (anonymous, no API key) |
| Frequency | One request per user-initiated scan (cached on success) |
| Third-party retention | IP logs up to 3 years per their privacy policy |
This is disclosed in the in-app Privacy Policy and the Open Food Facts attribution page (Settings → Open Food Facts Attribution in the app).
Apple’s App Privacy review does not require declaring third-party services that the user triggers (a barcode scan is a deliberate user action), as long as the user is made aware. The disclosure surface — in-app attribution screen, privacy policy, and this document — satisfies that informed-consent bar.
Tracking
NSPrivacyTracking in PrivacyInfo.xcprivacy is false. The app does not:
- Link user data with third-party data for advertising or measurement.
- Share device identifiers with data brokers.
- Track users across other apps or websites owned by other companies.
SDK declarations (for App Store Connect → SDK list)
Pantry uses these SDKs / open-source packages (all linked statically into the app or extension binaries). None of them collect telemetry on the developer’s behalf:
| SDK / Package | Purpose | Privacy manifest |
|---|---|---|
swift-composable-architecture (Point-Free) |
App architecture | Ships its own PrivacyInfo.xcprivacy |
sqlite-data (Point-Free) |
Local SQLite + CloudKit sync | Wraps GRDB.swift |
GRDB.swift |
SQLite engine | Ships its own PrivacyInfo.xcprivacy |
swift-sharing (Point-Free) |
Cross-feature shared state | Ships its own PrivacyInfo.xcprivacy |
swift-dependencies (Point-Free) |
DI container | No data collection |
swift-custom-dump (Point-Free) |
Test assertion library; not in release binary | n/a |
xctest-dynamic-overlay (Point-Free) |
Issue reporting | No data collection |
When the answers might change
If we ever add any of the following, the form answers change and so does this page:
- A backend Pantry operates (analytics, error reporting, account system, etc.)
- A third-party SDK that collects data (e.g., crash reporting, advertising, A/B testing)
- An API call that sends user content (item titles, photos, etc.) to a service we control
As of the date on the in-app Settings screen, none of those exist.