Back to RecallPing

Privacy Policy

Last updated: April 2026

RecallPing ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how long we keep it, and your rights regarding your data. RecallPing is a US-based service intended for residents of the United States.

1. Information We Collect

We collect the following categories of information in service of delivering personalized recall alerts. Every field below is either directly entered by you, generated as you use the Service, or received from a payment processor or analytics provider as described in Section 5.

1a. Account & profile (entered by you)

  • Email address. Used as your login, for account-recovery emails, and to deliver recall alerts.
  • Password (hashed). Stored as a bcrypt hash; we never see the plaintext.
  • First name. Used to personalize email greetings.
  • State of residence (optional). Used to filter state-restricted recalls so you don't see alerts that aren't for your area.
  • Phone number (optional). Stored only if you supply one for account recovery; not used to send marketing or recall alerts. We do not currently send SMS messages.
  • Timezone. Used to honor quiet-hours preferences when dispatching alerts.
  • Profile items. Brands you track, allergens, medications, vehicle make/model/year/VIN, and free-text keywords. Used to match incoming recalls.
  • Family member labels. First names and roles (Self, Partner, Child, Parent, Other) you create to tag profile items by household member. Optional avatar color. See Section 10 about children's data entered by parents.
  • Inventory items. UPC barcodes, custom product names, household locations (e.g. pantry, garage), and quantities you scan or enter for tracking.
  • Notification preferences. Email on/off, push on/off, per-severity gating (Class I/II/III), digest opt-in/out, and quiet hours.
  • Push notification tokens. If you install the iOS app and grant push permission, we store the Apple Push Notification token issued by your device. Used solely to deliver recall alerts.

1b. Authentication & subscription (generated)

  • OAuth tokens. If you sign in with Google or Apple, we store the OAuth refresh and access tokens via NextAuth's encrypted session adapter. Used to verify identity on subsequent visits.
  • Stripe customer ID and subscription status. Used to gate paid features and trigger billing events. Card numbers are never stored on our servers — see Section 5 (Stripe).
  • Marketing attribution (UTM). If you arrived via a campaign-tagged link, we store the utm_source, utm_medium, and utm_campaign values to measure marketing performance.

1c. Activity & engagement (generated)

  • Alert log. Each push or email we send is recorded with timestamp, channel, status (sent / failed / queued), and the matched recall. Used for delivery audit and retry handling.
  • Digest engagement. Open and click events for the weekly digest, used to measure engagement and suppress sends to users who never engage.
  • Page-view analytics. Anonymous, cookieless page views via Plausible Analytics — IP and user-agent are not retained.
  • Crash and error reports. When the application throws an uncaught error, Sentry captures the stack trace, route, and a sanitized DOM snapshot for debugging. We mask form inputs in replay data.
  • Advertising attribution (Meta Pixel). If you arrive from an Instagram/Facebook ad, the Meta Pixel sets a `_fbp` cookie and reports a PageView and (on signup) CompleteRegistration event to Meta for ad-conversion measurement. See Section 8 and Section 9.

2. Sensitive Health Information

Some profile items — particularly allergies and medications — may constitute sensitive health information. We treat this data with extra care: it is used solely for matching you with relevant recalls and is never sold, shared with advertising platforms, or used for any purpose other than delivering the Service.

HIPAA does not apply. RecallPing is not a HIPAA-covered entity or business associate. The medication and allergy information you provide is not Protected Health Information under HIPAA. We secure it with industry-standard practices (encrypted in transit and at rest, access-controlled) but it is not subject to HIPAA's specific requirements.

3. How We Use Your Data

  • Match your profile against incoming federal recall data.
  • Send you personalized recall notifications via push and/or email.
  • Process your subscription payments and trial-end communications.
  • Improve the accuracy and reliability of the Service.
  • Communicate with you about your account and the Service.
  • Measure marketing performance (which campaigns deliver new subscribers) — see Section 9 for opting out.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase in the United States. All data is encrypted in transit using TLS and at rest using cloud-provider managed encryption. We employ industry-standard security measures to protect your information from unauthorized access, alteration, or destruction.

5. Third-Party Services (Sub-processors)

We use the following third-party services to operate RecallPing. Each receives only the minimum data necessary for their function.

  • Stripe — Payment processing. Stripe receives your payment method directly via Stripe-hosted checkout; we never see card numbers. Stripe is PCI-DSS compliant.
  • Resend — Email delivery. Resend receives your email address, the email body, and standard delivery metadata for each recall alert, weekly digest, and transactional email.
  • Expo Push / Apple Push Notification service — Mobile push delivery. Receives your device's push token and the notification body when an alert is sent.
  • Vercel — Application hosting and infrastructure.
  • Supabase — Managed PostgreSQL database hosting.
  • Plausible Analytics — Cookieless, privacy-friendly page-view analytics. Plausible does not set tracking cookies and retains only anonymous, aggregated metrics.
  • Meta (Facebook/Instagram) Pixel — Advertising conversion tracking. Sets a `_fbp` cookie and reports PageView and CompleteRegistration events to Meta for ad-conversion measurement. See Section 8 (Cookies) and Section 9 (California rights) for opt-out details.
  • Sentry — Application error monitoring. Sentry receives stack traces and a sanitized DOM snapshot when our app encounters an uncaught error. Form inputs are masked.

6. Data Retention

We retain different categories of data for different periods:

  • Account and profile data — for as long as your account is active, plus 90 days after deletion (then permanently purged).
  • Alert log — 24 months from creation.
  • Digest engagement events — 12 months from creation.
  • Stripe billing records — retained by Stripe per their data policies; we retain customer/subscription IDs while you have an active subscription, plus 7 years to comply with US tax recordkeeping requirements.
  • Sentry crash reports — 30 days, after which Sentry purges the events.
  • Plausible analytics — anonymous and aggregated; retained indefinitely as no individual is identified.

You may request earlier deletion of your account at any time by contacting us at hello@recallping.com or by deleting your account in Settings. We will delete your information within 30 days of a verified request.

7. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information for money. Under the California Consumer Privacy Act (as amended by CPRA), the Meta Pixel arrangement described in Section 5 may constitute "sharing" of personal information for cross-context behavioral advertising. See Section 9 for how to opt out.

8. Cookies and Tracking

RecallPing sets the following categories of cookies and tracking:

  • Session cookies (essential). Used for authentication. Strictly necessary; the Service does not function without them.
  • Plausible Analytics (cookieless). No cookies, no individual tracking.
  • Meta Pixel (advertising). Sets the `_fbp` cookie (first-party) and may set `_fbc` if you arrived from a Meta ad. Used for ad-conversion measurement only.

We do not use cross-site behavioral targeting cookies beyond the Meta Pixel disclosed above.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights with respect to your personal information:

  • Right to know. The categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties we share with — all enumerated in Sections 1, 3, and 5 above.
  • Right to delete. You can request deletion of your personal information; we honor verified requests within 30 days.
  • Right to correct. You can edit profile information directly in Settings, or contact us for fields not in the UI.
  • Right to opt out of sale or sharing. We do not sell personal information for money. We do share limited data with the Meta Pixel for advertising attribution. You can opt out by emailing hello@recallping.com with subject line "Do Not Sell or Share My Personal Information" — we will suppress Meta Pixel firing for your account and confirm via email within 15 business days.
  • Right to non-discrimination. We will not deny service, charge a different price, or provide a different level of service because you exercised any of the rights above.
  • Right to limit use of sensitive personal information. The medication and allergen data you provide is sensitive. We use it only to match recalls — never for advertising or any other purpose.

To exercise any of these rights, email hello@recallping.com from the email address on your account. For verification we may require you to confirm details only the account holder would know. An authorized agent may submit a request on your behalf with your written authorization.

10. Children's Privacy

Our subscribers must be 18 or older. RecallPing is not intended for use by children under 18 as account holders. We do not knowingly collect personal information from anyone under 13 directly. If we become aware that we have collected such information, we will delete it promptly.

Information about children entered by parents. Our family-member feature lets parents tag profile items with the role "Child" alongside a first name. This information is provided by the parent (the account holder) about their own household; we do not collect it directly from the child. Parents consent to this use by entering the data, can edit or delete child profiles at any time, and we never sell, share, or use children's data for advertising or profiling.

11. Account Deletion

You may delete your account at any time from Settings. Deletion cancels your Stripe subscription, removes your profile items, notification preferences, family members, inventory, alert log, digest engagement, push tokens, and any household memberships within 90 days. Some derived records (e.g. Stripe invoice history) are retained per Section 6.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 7 days before the change takes effect. Your continued use of the Service after that period constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy, contact us at hello@recallping.com.