Privacy Policy

Autumn ("we", "us") is the operator of joinautumn.com and the Autumn Chrome extension. Autumn helps people understand grocery products in the context of the health condition they choose, offers healthier swap suggestions where available, and applies medication-aware safety checks where relevant.

This policy explains what data we collect, why we collect it, how we protect it, and the choices available to you. Your use of Autumn is also governed by our Terms of Service.

We collect the following categories of information:

• Special category health data. This may include the health condition you choose, medications you tell us about, and dietary requirements that shape Autumn's scoring and swap logic. We collect and process this data only with your explicit consent.
• Account data. This includes your email address for authentication, together with profile details such as household size and selected preferences when you provide them.
• Usage data. We may record anonymised basket analysis counts, swap acceptance activity, and related product usage metrics when you have opted in to anonymised product analytics.
• Website analytics preferences. If you opt in to website analytics on joinautumn.com, we collect limited page-view and CTA interaction data. Those events exclude conditions, medications, scores, and other special category data.

Autumn processes special category health data under Article 9 of the UK GDPR on the basis of your explicit consent. We request that consent during onboarding before any health profile information is stored for personalised scoring.

You can withdraw your consent at any time by contacting us or by deleting your account. If consent is withdrawn, Autumn stops returning personalised health-profile data, clears stored profile fields used for scoring, revokes medication consent, and deletes the corresponding health records used for the service.

Autumn stores data on UK or EEA infrastructure provided by Supabase in the EU region. Data is encrypted in transit using TLS 1.3 and at rest using Supabase-managed storage encryption.

Access to health data is restricted using Row Level Security policies, consent checks, and authenticated service boundaries so that only you can read or modify your own records through the Autumn product.

Autumn does not sell your data. We do not share your personal data or health data with retailers, advertisers, or unrelated third parties.

The extension works between your browser and Autumn's own services. Where service providers help us host the product, they act as processors under contract and do not use your data for their own marketing purposes.

We keep your personal data for as long as your Autumn account remains active. If you delete your account, personal data, including health data, is permanently deleted within 30 days unless we are required to retain limited records for legal or security reasons.

Aggregated statistics that do not identify you may be retained for longer to help us understand product usage and improve Autumn.

Under the UK GDPR, you may have the right to access your data, correct inaccurate data, erase your data, restrict processing, object to processing, receive a portable copy of relevant data, and withdraw consent at any time.

To exercise these rights, email privacy@joinautumn.com. We currently handle deletion, access, and consent-withdrawal requests directly over email.

The Autumn extension uses browser storage such as IndexedDB to cache product scores for performance. This cache does not contain health data and can be cleared through the extension settings.

The website uses authentication cookies where needed to keep you signed in. If you opt in to website analytics, we also store a small local preference showing whether analytics is enabled. Product analytics are configured to exclude conditions, medications, scores, and other special category information.

For privacy questions, data access requests, or complaints, contact privacy@joinautumn.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office through ico.org.uk.