Mesa

Privacy Policy

Mesa is an independent grocery-shopping assistant for King Soopers and City Market stores. Mesa is not affiliated with, endorsed by, or sponsored by The Kroger Co., King Soopers, or City Market. It is built and operated by Ryan Quinn (“we,” “us”). This policy explains, in plain terms, what data the app handles and where it goes.

Effective date: June 27, 2026

The short version

Mesa has no user accounts and no analytics. We don’t show ads, we don’t track you across other apps or websites, and we never sell your data. Most of what the app stores stays on your device. Three things leave your device, each for a specific job: the text you type for AI parsing, your product searches, and the items you choose to send to your Kroger cart. The details are below.

What stays on your device

Your saved recipes, shopping lists, staples, and preferences are stored locally on your device.
Your Kroger sign-in tokens are stored in the iOS Keychain on your device. They are not stored on any server we operate.
A random installation identifier (a UUID generated the first time you launch the app) is stored on your device and sent with certain requests for rate-limiting (see Our relay server). It is not tied to your name, account, or identity.
Recipe sharing (.ksrecipe files) happens peer-to-peer — when you share a recipe, the file goes directly to the person you send it to (for example, by AirDrop or Messages). No server of ours receives or stores shared recipes.

What leaves your device, and where it goes

1. Text you type, for AI parsing (Anthropic). When you paste or type a shopping list, or when the app estimates nutrition for a recipe, that text is sent to Anthropic’s API to be interpreted. The request is routed through our relay server (below) so that our API credentials are never shipped inside the app; the relay forwards the text and returns the result, and does not store the text. Under Anthropic’s commercial API terms, inputs and outputs are automatically deleted within 30 days and are not used to train their models. No account name or personal identifier is attached to this text. Anthropic’s own privacy practices are described in their policy.

2. Product and store searches (Kroger). When you search for an item or a store, the search terms are sent to Kroger’s public API to return matching products and locations. These searches use an application-level credential, not your personal Kroger sign-in, so they are not associated with your Kroger account.

3. Items you add to your cart, and your store connection (Kroger). When you connect your Kroger account and choose to send items to your cart, the app communicates directly with Kroger using your own Kroger sign-in, at your direction. This data goes straight to Kroger — it does not pass through or get stored on any server we operate. Your use of Kroger’s service is also governed by Kroger’s own terms and privacy policy.

4. Connecting your Kroger account (sign-in tokens). When you sign in to Kroger, the secure exchange of sign-in tokens passes through our relay server. This is a technical requirement of Kroger’s API, which requires a confidential credential on these requests. Our relay does not store or log these tokens — they pass through in real time and are immediately discarded. The tokens themselves are kept only on your device, in the Keychain.

5. Feedback you choose to send (optional). If you submit feedback through the app, your message (and, if you include one, the reply email address you provide so we can respond) is delivered to us via Web3Forms, a third-party form-relay service. This happens only when you actively send feedback.

Our relay server

To avoid shipping API credentials inside the app, Mesa routes certain requests through a small relay server that we operate. The relay is deliberately stateless:

It does not store the text you type, your searches, your Kroger data, your cart contents, or any personal identity.
It does store an anonymous per-installation request counter, keyed to the random installation identifier above, solely to enforce daily usage limits and prevent abuse — plus an operational on/off flag for the AI feature.

What Mesa does not do

No user accounts, and no login to Mesa itself.
No analytics or telemetry SDKs.
No advertising, and no sharing of data with advertising networks or data brokers.
No tracking of you across other apps or websites.
No sale of your data.

AI processing notice

Mesa uses a third-party AI service (Anthropic) to interpret the shopping-list and recipe text you provide. Before the first time your text is sent for AI processing, the app asks for your consent. You can use the app’s manual product search without AI processing.

Children

Mesa is not directed to children under 13, and we do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

Contact

Questions about this policy can be sent to rquinn518@gmail.com.