M
MACROSCAN
Legal

Privacy Policy

Last updated: April 2026

MacroScan is built on a simple principle: your data stays on your device. We designed the extension to collect as little as technically necessary to deliver the product. Here's exactly what that means.

What stays on your device

All of the following is stored locally in Chrome's storage API and never sent to our servers:

  • Your macro targets — the calories, protein, carbs, and fat goals you set in the popup.
  • Your license key — stored in chrome.storage.sync so it follows you across Chrome sign-ins.
  • Daily usage count — a simple counter reset each day, tracked locally to enforce the free tier limit.
  • Nutrition cache — ingredient lookups are cached locally for 30 days to avoid repeat API calls.

What leaves your device

  • USDA ingredient lookups — when MacroScan identifies an ingredient (e.g., “chicken breast”), the ingredient name is sent to the USDA FoodData Central public API to retrieve nutrition data. This is a government API. We do not proxy, log, or intercept these requests.
  • License key validation — if you have a Pro license, your license key is sent to our server (hosted on Supabase) to verify it is valid and active. We do not log validation requests or associate them with your browsing activity. Only the key itself is transmitted.
  • Your email address — only if you choose to sign in via the Account tab to retrieve your license. Your email is stored in our database (Supabase) solely for license management. It is never sold or shared with third parties.

What we never collect

  • Your browsing history
  • URLs of pages you visit
  • Recipe content or ingredient lists from your browsing sessions
  • Personally identifiable information beyond email (and only if you choose to provide it)
  • Location data
  • Crash reports or analytics (we use no third-party analytics SDKs)

Chrome extension permissions explained

  • storage — saves your macro targets and nutrition cache locally on your device. Nothing in storage is transmitted to our servers.
  • activeTab — reads the content of the page you're currently viewing, but only when you're on a supported recipe site. MacroScan does not read or transmit page content from any other site.
  • host permission: api.nal.usda.gov — allows the extension to call the USDA nutrition API directly from the browser (not via a proxy). Your browser makes this request, not our servers.
  • host permission: bhkffpwdjfifdvxtprmx.supabase.co — our backend, used only for license key validation.

Data retention

Nutrition lookups are cached in your browser's local storage for 30 days. You can clear this at any time by removing the extension or clearing Chrome's local data.

If you purchase Pro, your email and license key are stored in our database for license management. This data is retained as long as you have an active or recently expired subscription. You can request deletion at any time by emailing us.

Third-party services

  • USDA FoodData Central — nutrition data source. Public government API.
  • Supabase — our backend database for license management. Hosted in the US.
  • Stripe — payment processing. MacroScan never sees or stores your payment information. Stripe's privacy policy governs payment data.

We do not use Google Analytics, Mixpanel, Segment, Sentry, or any other third-party analytics or monitoring tools in the extension.

Your rights

You can request a copy of, correction to, or deletion of any personal data we hold (your email address and associated license record) at any time by emailing us. We will respond within 30 days.

Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top of this page. We will not retroactively change how we handle data you've already provided.

Contact

Questions about privacy? Email us at support@macroscanapp.com. We're a small team and we read every email.