Mera List · Effective date: 2026-04-30 · App version: v2
Mera List ("the App") is a voice-first Hinglish grocery list assistant.
Your privacy is the default — the App is designed so that the data most sensitive
to you never leaves your device.
1. What we collect — and what we never collect
What stays on your device forever
Your voice transcripts. Every word you speak is processed locally and
immediately discarded. No recording, no transcript, no utterance is ever stored
on a server — not even for debugging.
Your contact names and phone numbers. The contacts you add in the App
(kirana, family) are stored only in your phone's local database. They never cross
the network wire in any form.
Your shopping list items and notes. The current list lives on your
device. Any free-text notes attached to items are stripped before any server sync.
What we sync to our server (anonymised)
Anonymous device ID. On first launch the App generates a random UUID
(e.g. a3f7-…). This ID is not linked to your name, phone number, or any
personal identifier. It is used only to restore your preference graph if you reinstall.
Preference graph edges. Aggregated signals about your grocery
preferences — "this household usually buys Amul butter" — expressed as anonymous
(item, dimension, weight) tuples. No names, no quantities of personal medication,
no contact data.
Derived metrics. Anonymised pipeline statistics: how many voice
commands succeeded, FastPath hit rate, latency percentiles. No item names, no
transcript content.
Vocabulary gaps. Unknown tokens the App could not map to a known
grocery item (e.g. a brand name we haven't indexed yet). No context sentence —
just the unknown token.
FCM token. A push-notification token issued by Firebase so our
server can push a fresh rules update to your device without you having to open
the App. Used only for silent data pushes — never for
marketing or engagement notifications.
2. Why we collect it
Preference graph sync — so your grocery preferences survive an app reinstall.
Rules updates — so the App's item dictionary, brand list, and voice-correction
rules improve fleet-wide without requiring a Play Store update.
Bug and accuracy improvement — anonymised metrics help us detect regressions
(e.g. FastPath accuracy dropping below 80%) before they affect your experience.
We do not sell your data. We do not share it with advertisers. We do not build profiles for ad targeting.
3. How long we keep it
Telemetry events are retained for 90 days and then automatically deleted
by a scheduled server job. Preference graph edges are retained as long as your device
is registered. When you delete your data (see §5), all server-side rows are deleted
immediately with no backup copy.
4. Where it is stored
Server infrastructure: Vercel (Mumbai — bom1 region) +
Neon Postgres (Singapore — ap-southeast-1 region).
Data does not leave these two regions. Both providers have SOC 2 certifications.
Firebase Cloud Messaging (FCM) is used only for push delivery of silent data messages;
message content is never stored in Firebase.
5. Deleting your data
You have the right to delete all data we hold about you at any time.
In-app: Open the App → long-press the title → Settings →
Mera data delete karo. This wipes your local database and sends a
deletion request to our server. All server-side rows for your device ID are
deleted within seconds.
Via support: If you cannot access the in-app flow, contact us at
pranay.agr05@gmail.com with the
device fingerprint shown in Settings. We will delete your record within 48 hours.
After deletion, the server-side record is gone permanently. If you reinstall the App,
a new anonymous device ID is generated; you can re-import a local preference graph
export you made before deletion.
6. Children's privacy
The App is not directed at children under 13. We do not knowingly collect any
information from children.
7. Changes to this policy
If we make material changes, we will update the effective date above and, where
required by law, notify you within the App before the changes take effect.