# Privacy Policy
**Last Updated:** May 8, 2026
**Effective Date:** May 8, 2026
---
## Introduction
Asparagus ("we," "our," or "us") operates the Asparagus mobile application (the "App"), a food delivery and personalized meal-plan service. This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, and the rights you have over your data.
By using the App, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.
---
## 1. Information We Collect
### 1.1 Account & Identity Information
When you register or manage your account, we collect:
- Full name
- Email address
- Phone number (with country code)
- Password (stored in hashed form — never in plain text)
- Date of birth
- Gender
- Profile photo
- Referral / invitation code
- Blood type
When you sign in through a social provider (Google, Apple, or Facebook), we also receive the name, email address, and unique identifier associated with that account.
### 1.2 Health & Nutrition Data
To generate personalized meal plans, we collect:
- Height and weight
- Exercise frequency
- Diet type and workout preferences
- Allergens and food dislikes
- Daily caloric, protein, carbohydrate, and fat targets
- Meal plan goals
### 1.3 Smart Band / Wearable Device Data
If you connect a compatible smart band, we collect via Bluetooth:
- Step count
- Calories burned
- Sleep duration
- Heart rate readings (with timestamp)
- Blood-oxygen (SpO₂) readings (with timestamp)
- Device identifier and battery level
### 1.4 Location Data
We collect location data to enable delivery and branch selection:
- Precise GPS coordinates (collected automatically when you grant permission)
- Saved delivery addresses, including street name, building number, apartment number, landmark, area, and city
- Geocoded address information retrieved through Google Maps
Location is only accessed when the App is in use; we do not track location in the background.
### 1.5 Order & Payment Data
When you place orders, we collect:
- Items ordered and selected customisations
- Order amounts, discounts, VAT, and delivery fees
- Payment status and date
- Promo / voucher codes applied
- Loyalty points used or earned
- Delivery recipient name and phone number
- Special delivery notes or car number (where applicable)
Payment transactions are processed through a secure external payment gateway. We do not store full card numbers or CVV codes.
### 1.6 Family Members
If you add family members to your account, we collect the same profile and health information for each member as described above, entered by you as the account holder.
### 1.7 Customer Support (Crisp Chat)
When you contact us through the in-app live chat, your name, email address, phone number, and profile photo are shared with Crisp (our customer support platform) along with the content of your support conversations.
### 1.8 Device & Technical Information
We automatically collect:
- Device model and operating system
- Firebase Cloud Messaging (FCM) token for push notifications
- App version
### 1.9 Notifications
We collect your notification preferences and the read/unread status of in-app notifications.
---
## 2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Identity, contact, and social-login data |
| Personalised meal-plan generation | Health, nutrition, and smart band data |
| Order processing and delivery | Order, payment, address, and recipient data |
| Location-based branch and delivery routing | GPS coordinates and saved addresses |
| Push notifications (orders, offers, promotions) | FCM token, notification preferences |
| Customer support | Name, email, phone, chat history |
| Loyalty and referral programme | Points balance, referral codes |
| App performance and remote configuration | Device info, Firebase Remote Config (no personal data sent) |
We do not sell your personal data to third parties.
---
## 3. Data Retention
| Data Category | Retention Period |
|---|---|
| Account profile (name, email, phone, DOB, etc.) | Retained for the lifetime of your account. Deleted within **30 days** of account deletion request. |
| Health & nutrition data | Retained while your account is active. Deleted within **30 days** of account deletion request. |
| Smart band / wearable readings | Retained for **12 months** from the date of recording, then automatically purged from our servers. Deleted immediately upon account deletion request. |
| Order history | Retained for **5 years** for legal, tax, and accounting purposes, even after account deletion. |
| Payment records | Retained for **5 years** in accordance with financial regulations. |
| Delivery addresses | Retained while your account is active. Deleted within **30 days** of account deletion request. |
| Customer support chat history | Retained for **2 years** from the date of the conversation, then deleted from Crisp's systems in accordance with their data retention policy. |
| Device / FCM tokens | Deleted upon logout or account deletion. |
| Local cache on your device | Cleared when you log out or delete the App. Health assessment and smart band readings cached locally are cleared when you delete your account. |
When a retention period expires, data is either deleted or anonymised so that it can no longer be linked to you.
---
## 4. How to Delete Your Data
### 4.1 Delete Your Account (Full Deletion)
You can permanently delete your account and all associated personal data directly from within the App:
1. Open the App and go to **Profile → Settings → Account**.
2. Tap **Delete Account**.
3. Confirm the action when prompted.
Upon confirmation, your account and all personally identifiable data stored on our servers will be scheduled for deletion and completed within **30 days**. Order history and payment records will be anonymised rather than deleted where retention is required by law (see Section 3).
You may also request account deletion by emailing us at **[email protected]** with the subject line "Account Deletion Request." We will process your request within **30 days**.
### 4.2 Partial Data Deletion
- **Saved addresses:** Delete individual addresses from **Profile → Addresses** at any time.
- **Family members:** Remove individual family members from **Profile → Family Members** at any time.
- **Smart band data:** Disconnect your band from the App settings; previously synced data will be removed from our servers upon your next account deletion request.
### 4.3 Data Requests
To request a copy of the personal data we hold about you, email us at **[email protected]** with the subject line "Data Access Request." We will respond within **30 days**.
---
## 5. Data Sharing & Third Parties
We share data only where necessary:
| Third Party | Data Shared | Purpose |
|---|---|---|
| **Google** (Sign-In, Maps) | OAuth tokens; GPS / address queries | Authentication; geocoding |
| **Apple** (Sign-In) | OAuth tokens | Authentication |
| **Facebook** (Login) | OAuth tokens | Authentication |
| **Firebase / Google** (FCM, Remote Config) | Device tokens; no personal data via Remote Config | Push notifications; app configuration |
| **Crisp** | Name, email, phone, profile photo, chat messages | Customer support live chat |
| **Payment gateway** | Order amount and transaction ID | Secure payment processing |
All third parties are contractually required to handle your data in accordance with applicable privacy law.
---
## 6. Data Security
We protect your data using:
- HTTPS encryption for all data transmitted between the App and our servers
- Bearer-token authentication for every API request
- Hashed password storage (plain-text passwords are never stored)
- Secure, access-controlled servers
No method of transmission or storage is 100 % secure. If you believe your account has been compromised, contact us immediately at **[email protected]**.
---
## 7. Children's Privacy
The App is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
---
## 8. Your Rights
Depending on your location, you may have the right to:
- **Access** the personal data we hold about you
- **Correct** inaccurate or incomplete data (via Profile settings or by contacting us)
- **Delete** your data (see Section 4)
- **Restrict or object** to certain processing
- **Data portability** — receive your data in a machine-readable format
- **Withdraw consent** at any time where processing is based on consent (e.g., location access, push notifications)
To exercise any of these rights, contact us at **[email protected]**.
---
## 9. Cookies & Local Storage
The App stores data locally on your device using platform storage (SharedPreferences). This data includes your session token, saved addresses, and cached health assessments. It is not shared with advertisers. You can clear it by logging out or uninstalling the App.
---
## 10. Push Notifications
We use Firebase Cloud Messaging to send you push notifications about orders, promotions, and app updates. You can manage notification permissions at any time through your device settings (iOS: **Settings → Notifications → Asparagus**; Android: **Settings → Apps → Asparagus → Notifications**).
---
## 11. Location Permissions
Location access is required to detect your nearest branch and calculate delivery eligibility. We collect location only while the App is open (foreground access). You can revoke location permission at any time in your device settings; some delivery features will be unavailable without it.
---
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document and notify you via an in-app notice or push notification for material changes. Continued use of the App after changes constitutes acceptance of the updated policy.
---
## 13. Contact Us
For privacy questions, data requests, or account deletion, please contact:
**Asparagus**
Email: **[email protected]**
We will respond to all requests within **30 days**.