Privacy Policy for MealMatics

1. Developer Information

As required by Apple App Store and Google Play Store policies, we provide our contact information below:

• App Name: MealMatics
• Developer: MealMatics Team
• Contact Email: [email protected]
• Support Website: https://vitalii4reva.github.io/mealmatics-support/

2. Information We Collect

We collect different types of information to provide and improve our services to you.

2.1 Personal Information You Provide

• Account Information: Email address, name (optional), profile picture (if using Google or Apple Sign-In)
• Authentication Data: Third-party authentication tokens from Google Sign-In or Apple Sign-In
• Dietary Profile: Dietary preferences, restrictions, allergies, health goals, cuisine preferences, disliked ingredients
• User-Generated Content: Recipe preferences, saved recipes, favorite recipes, cooking history
• Payment Information: Processed through Apple App Store or Google Play Store (we do not store credit card details)
• Communications: Messages you send us through support channels or feedback forms

2.2 Automatically Collected Information

• Device Information: Device type, operating system version, unique device identifiers, mobile network information
• Usage Data: App features used, time spent in app, frequency of use, interaction patterns, search queries
• Performance Data: Crash reports, error logs, performance metrics, diagnostic information
• Analytics Data: Collected through Amplitude and Firebase Analytics (anonymized where possible)

2.3 AI-Generated Content Data

Important Information About AI Processing:

• Recipe Generation Inputs: Your dietary preferences, restrictions, cuisine choices, and custom prompts are sent to OpenAI's API to generate personalized recipes
• OpenAI Processing: Data sent to OpenAI is processed according to OpenAI's Data Processing Agreement and is NOT used to train their models when using the API
• Generated Content: AI-generated recipes, images, and nutritional information are stored in our database
• Data Retention with OpenAI: OpenAI may retain API request data for up to 30 days for abuse monitoring, then it is deleted

3. How We Use Your Information

We use collected information for the following purposes:

3.1 App Functionality

• Create and manage your account
• Authenticate users through Google Sign-In and Apple Sign-In
• Generate personalized AI-powered recipes based on your preferences
• Save and organize your favorite recipes
• Provide nutritional information and meal planning features
• Enable recipe sharing functionality

3.2 Service Improvement

• Analyze app usage to improve features and user experience
• Monitor and improve AI-generated content quality
• Identify and fix bugs, crashes, and technical issues
• Develop new features based on user behavior and feedback

3.3 Customer Support

• Respond to your inquiries and support requests
• Troubleshoot technical problems
• Provide app updates and important notices

3.4 Legal and Security

• Comply with legal obligations and law enforcement requests
• Prevent fraud, abuse, and security incidents
• Protect our rights, property, and safety
• Enforce our Terms and Conditions

3.5 Subscription Management

• Process in-app purchases and subscriptions
• Manage subscription status and billing
• Provide premium features to subscribers

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide app services you've requested (e.g., account creation, recipe generation)
• Consent: Where you have given explicit consent (e.g., dietary preferences, analytics)
• Legitimate Interests: Our legitimate business interests (e.g., improving app functionality, security, fraud prevention)
• Legal Obligation: Compliance with applicable laws and regulations

5. Third-Party Services and Data Sharing

We use the following third-party services to operate our app. Each has its own privacy policy:

5.1 Essential Service Providers

• Supabase (Database & Authentication): Stores user accounts, preferences, and saved recipes. Data is encrypted and stored securely. Supabase Privacy Policy
• OpenAI (AI Services): Processes recipe generation requests and creates images. Data is processed via API and NOT used for model training. OpenAI Privacy Policy
• Google Sign-In: Handles authentication (optional). Google Privacy Policy
• Apple Sign-In: Handles authentication (optional). Apple Privacy Policy

5.2 Analytics and Performance

• Amplitude: Analytics to understand app usage patterns (anonymized where possible). Amplitude Privacy Policy
• Firebase Analytics: App performance monitoring and crash reporting. Firebase Privacy Policy
• Sentry: Error tracking and performance monitoring (production only). Sentry Privacy Policy

5.3 Payment Processing

• Apple App Store: Processes in-app purchases for iOS users. Apple Privacy Policy
• Google Play Store: Processes in-app purchases for Android users. Google Privacy Policy

6. Data Storage, Security, and Retention

6.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication via OAuth 2.0 protocols
• Regular security audits and updates
• Access controls and authentication requirements for our systems
• Supabase Row Level Security (RLS) policies

6.2 Data Retention Periods

• Account Data: Retained until you request account deletion
• Recipe Data: Retained until account deletion or manual removal by you
• Usage Analytics: Retained for up to 2 years, then aggregated or deleted
• Crash Reports: Retained for up to 1 year
• OpenAI API Logs: Retained by OpenAI for up to 30 days for abuse monitoring
• Support Communications: Retained for up to 3 years for legal compliance

6.3 Data Location

Your data may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR (e.g., Standard Contractual Clauses).

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Rights for All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your saved recipes and preferences

7.2 Additional Rights for GDPR Users (EEA, UK, Switzerland)

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 Additional Rights for CCPA Users (California Residents)

• Right to Know: Know what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• In-App: Settings → Privacy → Account Deletion (for deletion requests)
• In-App: Settings → Export Data (for data export)

We will respond to your request within 30 days (or as required by applicable law).

8. Account and Data Deletion

As required by Apple and Google app store policies, you can delete your account and all associated data at any time.

8.1 How to Delete Your Account

1. Open the MealMatics app
2. Go to Settings
3. Tap "Privacy & Security"
4. Select "Delete Account"
5. Confirm deletion

Alternatively, email us at [email protected] with your account email and deletion request.

8.2 What Gets Deleted

When you delete your account, we permanently delete:

• Your account information (name, email)
• All saved recipes and favorites
• Dietary preferences and profile data
• Recipe generation history
• Usage data associated with your account

8.3 Data We May Retain

We may retain certain data for legal compliance:

• Transaction records (required for tax and financial auditing, up to 7 years)
• Aggregated, anonymized analytics data (no personal identifiers)
• Data required for legal claims or compliance with law enforcement

9. Children's Privacy (COPPA Compliance)

MealMatics is NOT intended for children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at [email protected], and we will delete it within 30 days.

10. AI-Generated Content Disclaimer

11. Cookies and Tracking Technologies

Our mobile app does not use cookies. However, we use the following tracking technologies:

• Analytics SDKs: Amplitude and Firebase Analytics collect usage data
• Device Identifiers: Used to identify your device for authentication and analytics
• Local Storage: Used to store app preferences and cached data locally on your device

You can limit analytics tracking through your device settings (iOS: Settings → Privacy → Analytics; Android: Settings → Google → Ads).

12. Do Not Track Signals

Our app does not currently respond to "Do Not Track" signals from browsers or devices, as there is no industry-wide standard for DNT compliance in mobile apps.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or app features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the app or via email (for significant changes)
• Request your consent if required by applicable law

Continued use of the app after changes constitutes acceptance of the updated policy.

14. International Users and Data Transfers

MealMatics is operated from the United States. If you are accessing the app from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For EEA, UK, and Swiss users, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your data.

15. California Privacy Rights (California Residents)

Under California Civil Code Section 1798.83, California residents have the right to request information about sharing of personal information with third parties for their direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes.

16. Nevada Privacy Rights (Nevada Residents)

Nevada residents have the right to opt-out of the sale of their personal information.

We do not sell personal information. If our practices change, we will update this policy and provide Nevada residents with an opt-out mechanism.

17. Contact Us & Data Protection Officer

18. Consent

By using MealMatics, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our app.