Privacy Policy

Last updated: February 13, 2026

Carrie ("we," "our," or "the app") is an herbal operations platform that helps herbalists and apothecaries manage inventory lots, batch production, and regulatory-ready records. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account Information

  • Email address (used as your primary identifier and login)
  • Name (derived from your email or provided by you)
  • Business name (optional)
  • Account role (owner, staff, or auditor)

Operational Data

  • Inventory lot records: herb name, lot code, supplier name, supplier contact information, quantity, unit, storage conditions, and dates (received, prepared, opened, expiry)
  • Formula records: recipe names, ingredient mappings, and lot allocations
  • Batch production records: batch codes, input materials, output quantities, creation timestamps, and immutable record hashes
  • Stock event audit trail: quantity changes, reasons, timestamps, and associated user identifiers
  • Alert records: low stock, near-expiry, and spoilage risk notifications
  • Expiry override records: user-set dates with mandatory reasons and timestamps

Camera and Image Data

  • Photos of product labels captured for OCR (optical character recognition) processing
  • Barcode scan data from product labels (Code128, EAN13, EAN8, UPC-A, UPC-E, QR formats)

Label photos are transmitted to our OCR service for text extraction and are not stored permanently after processing. The structured data extracted (herb name, lot code, supplier, quantity) is saved to your account as lot record data.

Usage Data

  • Export events: timestamp and type (individual or bulk) for rate-limiting purposes only

We do not use third-party analytics services. We do not track browsing behavior, screen views, or usage patterns beyond export rate limiting.

Subscription and Payment Data

  • Subscription plan, entitlement status, renewal dates, and cancellation events
  • Store transaction identifiers and purchase receipts from Apple App Store or Google Play
  • Device and app identifiers processed by RevenueCat to validate purchases and subscription status

Payments are processed by Apple or Google through their in-app purchase systems. We do not receive or store full payment card numbers.

2. How We Use Your Data

  • To provide the core app functionality: lot tracking, batch production, expiry suggestions, and traceability records
  • To process label photos through OCR for automated data entry
  • To generate alerts (low stock, near-expiry, spoilage risk) based on your inventory data
  • To produce GMP-style batch production records and export files (PDF and CSV)
  • To maintain audit trails for compliance readiness
  • To enforce export rate limits based on your account tier

3. Third-Party Services

Convex (Backend Infrastructure)

Your operational data is stored on Convex, a managed backend service. Convex provides encryption in transit (TLS) and encryption at rest for all stored data. For details, see Convex's Privacy Policy.

Anthropic (Label OCR)

When you use the photo label capture feature, the image is sent to Anthropic's Claude API for text extraction. Anthropic processes the image to return structured data (herb name, lot code, supplier, quantity, expiry date). Images are not retained by Anthropic after processing. For details, see Anthropic's Privacy Policy.

RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and entitlement status. RevenueCat processes app user identifiers, device and app identifiers, and store purchase data (receipts and transaction identifiers) from Apple App Store or Google Play. For details, see RevenueCat's Privacy Policy.

We do not sell, rent, or share your data with advertisers, data brokers, or any other third parties beyond what is described above.

4. Device Permissions

  • Camera: Required for barcode scanning and label photo capture. Camera access is requested at runtime and can be revoked through your device settings at any time.
  • File System: Used locally to generate and share PDF and CSV export files. Export files are created on your device and shared through your device's native share sheet.

5. Data Storage and Security

  • All data is encrypted in transit using TLS and encrypted at rest on Convex's infrastructure
  • Batch production records include immutable cryptographic hashes to prevent silent modification
  • Authentication email is stored locally on your device using secure async storage for session persistence
  • Audit trails log all data modifications with timestamps and user identifiers

6. Data Ownership and Export

You own all operational data you enter into Carrie. You can export your data at any time through the app's PDF and CSV export features. Batch production records, lot histories, and audit trails are all exportable.

7. Data Retention

Your data is retained for as long as your account is active. Batch records and audit trails are retained indefinitely by design, as they serve as compliance records. You may delete your account from within the app's Settings screen or by contacting support@carrie.app. Upon account deletion, we will remove your account data from our systems. Immutable batch records that have already been exported or shared may persist outside our systems.

8. Cookies

The Carrie mobile app does not use cookies. This website uses only essential cookies required for basic site functionality (e.g., session management). We do not use tracking cookies, advertising cookies, or third-party cookie services.

9. Children's Privacy

Carrie is a business-to-business application designed for professional herbalists and apothecary operators. We do not knowingly collect data from individuals under the age of 18.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format (PDF/CSV)
  • Withdraw consent for optional processing (e.g., label photo OCR)

To exercise any of these rights, contact us at support@carrie.app. You may also delete your account directly in the app's Settings screen.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email. Continued use of Carrie after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at support@carrie.app.