Privacy Policy

Last updated: 2026-06-19

What this covers

This policy applies to the Meal Planner web app at meals.alaskatargeting.com and the Food Buyer Chrome extension that integrates with it. They are operated by Jordan Shilling as a personal-use tool with limited distribution. There is no company behind them.

What data the apps work with

• Your meal plans, recipes, shopping lists, and household profile that you create directly in the web app. Stored in a SQLite database on the server hosting the app.
• Public recipe data fetched from third-party APIs (USDA FoodData Central for nutrition; recipe schema.org JSON-LD from sites you clip via the browser extension). Cached locally so the app does not re-fetch on every page view. No personal data is sent to those APIs — only ingredient names.
• Walmart product data captured by the Food Buyer Chrome extension as it searches retailers and adds items to your cart. Specifically: product titles, prices, sizes, image URLs, walmart.com product URLs, ratings, review counts. Posted to this app and stored in your account, used to build a personal grocery catalog with price history.

What data the apps do NOT collect

• Walmart account credentials. The extension uses your existing logged-in Walmart session in your own browser; it never sees your password.
• Payment or financial information. The extension stops at "in cart" and never automates checkout, never reads payment fields, never transmits cards or banking data.
• General web browsing history. The extension only activates on the meal planner domain and on supported retailer sites (currently walmart.com); it does not see other tabs.
• Personally identifying information beyond what you enter into the meal planner yourself (e.g. household-member names you type into the Settings page).
• Tracking cookies, advertising IDs, fingerprints, or analytics beacons. The app sets one cookie to maintain your session; nothing else.

Where your data goes

• Locally in the extension: chrome.storage.local on your own device, holding your shopping list snapshot, run results, and the API token you paste in from the meal planner's Settings page. Cleared when you uninstall the extension.
• To the meal planner server over HTTPS, authenticated with the API token you paste into the extension's Settings tab. The server is a single DigitalOcean droplet running this app. Data is stored only on that droplet's local disk; no third-party data warehouse, no analytics provider.
• Nowhere else. Your data is not sold, shared with advertisers, used to train AI models, or transmitted to any third party. The only outbound network calls the server makes are to USDA FoodData Central and (optionally) OpenAI for ingredient normalization — those calls contain only ingredient names, no account data.

Permissions the Chrome extension requests, and why

• storage — persists your shopping list, run state, and the API token in your browser's local extension storage.
• activeTab — reads the meal planner's shopping list page and drives the retailer tab when you click Add all to cart.
• scripting — re-injects the extension's helper scripts into the retailer tab if Chrome orphans them after an extension reload. Necessary because Chrome does not retroactively re-inject from the manifest.
• Host permissions for meals.alaskatargeting.com, walmart.com, target.com, and kroger.com — read the meal planner's shopping list and operate on the supported retailer sites. (Target and Kroger adapters are not yet implemented; the host permissions are pre- declared so the architecture supports them.)

Your control

• You can delete your captured grocery data at any time by SSH-ing into the droplet (this app is operated by you / for you, depending on whether you are reading this as the operator or as a prospective user).
• You can rotate the API token at any time from the Settings page; rotating invalidates the old token immediately.
• You can clear the extension's local buffer of unsent events from the extension's Settings tab.
• You can uninstall the extension at any time from chrome://extensions; uninstalling clears all extension- local data.

Data retention

Captured grocery data persists indefinitely on the meal-planner server until you delete it. There is no automatic expiry. Recipe and nutrition caches are kept indefinitely as well; they contain no personal data.

Children

This app is not directed at children under 13 and does not knowingly collect data from them.

Changes to this policy

Material changes will be reflected by updating the date at the top of this page. There is no separate notification mechanism; if you depend on the policy text, check this page periodically.

Contact

Questions or requests can be sent to [email protected].