Skip to main content
Pineberg Studio

Privacy Policy

Last updated: 8 March 2026

This Privacy Policy explains how Pineberg Studio Ltd ("we", "us", "our") handles your information when you use Spoon, our home food inventory app, and when you visit our website pineberg.studio (together, the "Services").

We are committed to collecting and using as little data as reasonably necessary to run Spoon. We do not sell your data or use it for advertising or machine learning model training.

1. Who we are

Pineberg Studio Ltd is the controller of your personal data for the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018).

Legal entity: Pineberg Studio Ltd
Registered office: LONDON (W1W 5PF) OFFICE, 167-169 GREAT PORTLAND STREET, LONDON, W1W 5PF, United Kingdom

If you have any questions about this policy or how we handle your data, you can contact us at support@pineberg.studio.

2. Data we collect

We collect the following categories of information:

  • Account information – such as your email address, name (if you choose to provide it), and sign-in method (for example, Apple or Google sign-in). Your password, if you use email and password, is stored by our authentication provider in an encrypted form and is not visible to us.
  • App data – information you choose to store in Spoon, such as:
    • food items and inventories you create,
    • expiry dates and quantities,
    • preferred names for scanned products,
    • household or shared inventory information, if you use sharing features,
    • feedback you send from within the app (for example, feature requests or bug reports).
  • Voice and AI interaction data – if you use voice features or other AI-powered features, we process:
    • short snippets of your speech audio for transcription (speech to text),
    • the resulting text transcript of what you said (for example, "add two yoghurts expiring tomorrow"), and
    • anonymised voice command analytics, such as command type, success/failure, a random session identifier, and, in some debugging cases, a redacted short transcript.
  • Device and technical information – such as device model, operating system, app version, basic log data, and error or crash reports. This information helps us keep the app reliable and secure.
  • Notification tokens – a device-specific token that allows us to send push notifications about items that are expiring. This token is not a marketing channel and is only used for app notifications you enable.

We do not track your location, and we do not collect payment card details. Purchases and subscriptions are handled by Apple on our behalf.

3. How we use your data

We use your data for the following purposes:

  • To provide Spoon – to create and maintain your account, store and sync your inventories, and show the correct information across your devices.
  • To deliver features you choose to use – such as barcode scanning, preferred names, shared inventories, and voice entry (if you subscribe to those features). For voice and other AI features, this includes sending your audio and/or text to our AI provider (currently OpenAI) so that we can transcribe what you say, understand the command, and respond (for example, by adding an item or speaking a confirmation back to you).
  • To send reminders you request – for example, push notifications about items that are expiring, based on the reminder settings you configure.
  • To keep the app secure and reliable – including monitoring for errors and misuse, and diagnosing crashes or performance issues.
  • To provide support – when you contact us by email or from within the app, we use the information you provide to respond and help resolve issues.

We do not send marketing emails and we do not use your personal data to train machine learning models beyond what is necessary to process your immediate request (for example, handling a specific voice command).

4. Legal bases (UK GDPR)

Under UK data protection law, we must have a lawful basis for using your personal data. For Spoon, we generally rely on:

  • Performance of a contract – to provide and support the app and its features that you choose to use.
  • Legitimate interests – to keep the app secure and reliable, understand aggregate usage patterns, and improve Spoon over time, in ways that do not override your rights and freedoms.
  • Consent – for optional features that clearly require it, such as push notifications or access to your camera for barcode scanning and voice input. You can withdraw consent at any time using your device settings or in-app controls.

5. How we share your data

We do not sell your personal data and we do not share it with third parties for advertising or profiling.

We share data only with service providers that help us run Spoon:

  • Supabase – our managed database, authentication, and storage provider. Your data is stored in the London (UK) region.
  • Apple – for sign-in (if you choose "Sign in with Apple"), subscriptions and in-app purchases, and push notifications delivered via Apple Push Notification service (APNs).
  • OpenAI – for processing voice and other AI-powered features. When you use these features, short snippets of your audio and the related text are sent to OpenAI's APIs (for example, Whisper for transcription and GPT models for understanding commands and generating spoken confirmations).

These providers act as processors on our behalf and may only use your data as necessary to provide their services to us, under appropriate data protection terms.

6. International transfers

Our primary data storage is in the United Kingdom (Supabase London region). Some of our processors may process data in other countries, including the United States (for example, OpenAI's APIs used for voice and AI features).

Where our providers process data outside the UK, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent protections required by UK data protection law. For details of how OpenAI handles data sent via their APIs, please refer to their documentation and privacy materials.

7. Data retention

We keep your data for as long as it is reasonably needed:

  • We keep your account and inventory data while your account is active.
  • If you request deletion of your account, we remove or anonymise your personal data from our active systems. Some information may remain in backups for a limited period (currently up to 90 days) before being automatically overwritten.
  • For voice command analytics, we store only anonymised records that cannot be linked back to your account. Any short debug transcripts attached to those records are cleared after around 90 days, and the analytics records themselves are deleted after around one year.

We may retain minimal information as necessary for our legal, accounting, or regulatory obligations (for example, records of purchases processed via Apple).

8. Security

We use reasonable technical and organisational measures to protect your data, including:

  • encryption in transit (HTTPS) and at rest by our providers,
  • limiting access to production systems to a small number of people who need it to run the service, and
  • using managed infrastructure rather than maintaining our own servers.

No online service can be 100% secure, but we work to keep Spoon simple and reduce the amount of data we collect so there is less to protect.

9. Cookies and tracking

Our app does not use third‑party tracking or analytics. The pineberg.studio website is designed to run without marketing cookies. We may use strictly necessary cookies or similar technologies that are required to deliver the site or keep you signed in, but we do not use cookies for advertising or behavioural profiling.

10. Children

Spoon is designed to be safe to use by people of any age, but it is not specifically directed at children. We do not knowingly collect personal data from children beyond what is required to provide the app (such as an email address for an account). If you believe a child has provided us with personal data without appropriate consent where required, please contact us and we will take steps to remove the information.

11. Your rights

Depending on where you live, you may have the following rights over your personal data:

  • to access a copy of your personal data,
  • to ask us to correct inaccurate or incomplete data,
  • to ask us to delete your data (for example, by deleting your account),
  • to object to or restrict certain kinds of processing, and
  • to complain to your local data protection authority.

You can exercise these rights by emailing support@pineberg.studio. We may need to verify your identity before fulfilling your request.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO). Further details are available at https://ico.org.uk/.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the app, our providers, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we may also provide a notice within the app (for example, a prompt on login) asking you to review the updated policy.