Privacy Policy
Privacy Policy
Weekly Shop uses only the data needed to run meal planning, shopping lists, private sharing, account settings, optional personalisation, marketing preferences, analytics, and account sign-in.
Last updated 3 June 2026Weekly Shop identity
Weekly Shop is a budget meal-planning and grocery-list web app for Australian households. The production app is hosted at weeklyshop.au and support is available at [email protected], also written as support at weeklyshop dot au.
Data we use
Weekly Shop uses account details, cookie-backed visitor identity, favourites, plan activity, recipe ratings, household sharing activity, help tickets, and shopping-list actions to run the meal-planning service.
Google user data collected
When you choose Continue with Google, Weekly Shop receives your Google account email address, email verification status, display name/profile name when Google provides it, and Google account subject identifier. We store the provider subject only as a non-reversible hash linked to your Weekly Shop account.
Apple user data collected
When you choose Continue with Apple, Weekly Shop receives your Apple account subject identifier, email address or private relay email address, email verification status, and the name Apple sends only on the first authorization. We store the provider subject only as a non-reversible hash linked to your Weekly Shop account.
How social sign-in data is used
Google and Apple sign-in data is used only to sign you in, create or link your Weekly Shop account, maintain account security, prevent abuse, provide support, and keep your saved plans, recipes, shopping lists, households, and settings connected to your account.
Minimum Google scopes
Weekly Shop requests only openid, email, and profile. It does not request Gmail, Drive, Calendar, Contacts, Photos, Search Console, advertising, or other Google API scopes.
Minimum Apple scopes
Weekly Shop requests only Apple name and email scopes. Apple provides the name only on first authorization, so Weekly Shop persists it then and uses the stored account profile on later Apple sign-ins.
Sharing and transfer
Weekly Shop does not sell Google or Apple user data, transfer it to data brokers, use it for targeted advertising, or use it to train AI models. We disclose data only to service providers needed to host, secure, operate, email, or support the app, or where required by law.
Protection mechanisms
Sessions are stored as hashes and issued through HttpOnly cookies. OAuth state and nonce values are stored only as short-lived one-time hashes. Provider tokens and raw ID tokens are not retained. Security logs use reason codes and hashed identifiers rather than raw secrets.
Retention and deletion
Account and linked identity data are retained while your account is active or while needed for security, legal, or operational purposes. You can request deletion by contacting [email protected], also written as support at weeklyshop dot au; we will delete or de-identify account, social identity, session, plan, and support data where legally and operationally possible.
Analytics and cookies
Performance analytics events are stored only when performance cookies are accepted. Functional and targeting preferences are stored separately from strictly necessary cookies and can be changed from Cookie preferences.
Shared links
Private share links expose the selected weekly plan, shopping list, or saved-recipe collection to anyone with the unique link. Links are generated from high-entropy random tokens and are not listed publicly.
Google API Services User Data Policy
Weekly Shop's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.