Legal

Security Measures

Last updated: 16 April 2026

1. Why this page exists

Your Plenishd account contains a detailed picture of your kitchen, your shopping habits, your dietary needs, and your household composition. We treat that data with the seriousness it deserves.

This page describes the technical and organisational measures we use to protect your account. It is meant to be honest about what we do and do not do — security through obscurity is not security.

2. Data in transit

  • All connections to Plenishd services use TLS 1.2 or higher with modern cipher suites. HTTP requests to plenishd.co.uk are upgraded to HTTPS automatically.
  • The mobile app pins its connection to our backend infrastructure to prevent man-in-the-middle attacks on hostile networks.
  • No personal data is ever sent over plaintext channels.

3. Data at rest

  • Your account data is stored on Convex, a UK/EU-region managed database service. Convex encrypts data at rest with AES-256.
  • Photo and audio attachments are stored in Convex object storage, also encrypted at rest.
  • Database backups are encrypted with separate keys and retained for 30 days before automatic deletion.

4. Authentication

  • Account sign-in uses Apple Sign In or Google Sign In — we never see, store, or have access to your Apple or Google password.
  • Session tokens are short-lived and rotated on every request.
  • Failed login attempts are rate-limited to defend against brute-force attacks.

5. Sub-processors and third parties

We use a small set of trusted sub-processors for specific functions. Each of these providers has been chosen for its track record on security and UK/EU data protection compliance:

ProviderFunctionData sentRegion
ConvexDatabase, auth, storageAll account dataUK / EU
Anthropic (Claude)Photo analysisKitchen photos for item identificationUS (DPA in place)
Deepgram (Nova-2)Voice transcription fallbackVoice notes when on-device transcription unavailableUS (DPA in place)
Apple / GoogleSign-in, push notificationsEmail, device tokensPer platform
StripeSubscription billingCard last-4, subscription status (no full card data)UK / EU

We do not sell, rent, or share your data with anyone outside this list.

6. On-device processing wherever possible

We deliberately push processing to your device when we can:

  • Voice notes: transcribed on-device using your phone's speech recognition. The audio file leaves your phone only as a fallback (Deepgram), and is deleted after transcription.
  • "Hey Plenishd" wake word (Pro, opt-in): entirely on-device. Audio is never recorded, transmitted, or stored unless and until the wake phrase is detected, at which point a normal voice note begins. See the Privacy Policy for details.
  • Barcode scanning: decoded locally; only the resulting product code is queried against our database.

7. Operational security

  • Access control: access to production systems is limited to named team members with hardware-key two-factor authentication.
  • Monitoring: we maintain audit logs of administrative actions and use anomaly detection to flag unusual access patterns.
  • Patching: dependencies are scanned daily for known vulnerabilities. Critical patches are applied within 24 hours; non-critical within 7 days.
  • Backups: automated daily, restorable to any point within the last 30 days.

8. Incident response

If a security incident affects your data, we will:

  1. Contain the issue and stop further data exposure.
  2. Investigate the root cause with our infrastructure providers.
  3. Notify the Information Commissioner's Office (ICO) within 72 hours, as required by UK GDPR Article 33, when the incident represents a risk to your rights and freedoms.
  4. Notify you directly without undue delay if your data is at high risk, with a plain-language explanation of what happened and what we are doing about it.

9. Responsible disclosure

If you believe you have found a security vulnerability in Plenishd, please report it to security@plenishd.co.uk with:

  • A description of the vulnerability
  • Steps to reproduce
  • The affected component (mobile app version, web URL, or API endpoint)
  • Your contact details if you would like credit

We commit to:

  • Acknowledging your report within 2 working days
  • Providing an initial assessment within 5 working days
  • Crediting you publicly when the issue is fixed (unless you prefer to remain anonymous)
  • Not pursuing legal action against good-faith security research

We do not currently operate a paid bug bounty programme. Reports are reviewed by a human, every time.

10. Out of scope

Please do not:

  • Test for vulnerabilities against accounts you do not own
  • Run automated scans that generate substantial traffic
  • Attempt social engineering attacks against Plenishd staff
  • Access, modify, or delete data belonging to other users

Reports involving any of the above will not be acknowledged.

11. Updates

This page describes our practices as of the date above. We will update it when we change a sub-processor, change our hosting region, or otherwise materially change our security posture.