MealRhythm logo
MealRhythm

Privacy Policy

Last updated: 2025-10-14

Overview

We respect your privacy and collect only what we need to operate MealRhythm. We do not sell your data, show you ads, or track you across other sites. Your meal planning data stays private and is only shared with family members you explicitly invite.

Data We Collect

  • Authentication: We use Apple Sign In to authenticate you. Apple provides us with a secure identifier and optionally your name. We do not receive or store your Apple ID password.
  • Account & Family: Your display name, family membership status, role (creator or member), and family invite codes you generate or use.
  • Recipes & Photos: Recipes you create including titles, descriptions, cooking times, privacy settings (family or private), and photos you upload.
  • Meal Planning: Your meal schedules, dates, times, and the recipes you assign to specific meals.
  • AI Suggestions: We analyze your meal history locally on our servers to provide personalized recipe suggestions. This data is used only to improve your experience and is never shared with third parties.
  • Premium Subscription: If you subscribe to premium features via Apple In-App Purchase, we receive subscription status from Apple to unlock features like Family Sharing. Payment is processed entirely by Apple.
  • Device & Usage: iOS version, app version, device model, and crash/diagnostic information to improve reliability.
  • Website: Page views and metadata. If analytics is enabled, collection is aggregated and privacy-respectful (no cookies, no personal identifiers).

How We Use Data

  • Provide the Service: Create and manage your account, enable family sharing, sync recipes and meal plans across devices, store and display your uploaded photos.
  • AI Features: Generate personalized meal suggestions based on your cooking history and preferences.
  • Premium Features: Verify your subscription status and unlock Family Sharing and other premium capabilities.
  • Improve Reliability: Debug issues, fix crashes, and improve app performance based on diagnostic information.
  • Security: Protect your account from unauthorized access and ensure data integrity.
  • Communication: Send important service updates, security alerts, and respond to your support requests.
  • Legal Compliance: Meet legal obligations and respond to valid legal requests.

Legal Bases (EEA/UK)

  • Contract: to provide the Service you request.
  • Legitimate interests: to maintain and improve the Service.
  • Consent: where required (e.g., optional analytics or communications).

Data Sharing

Within Families: When you join a family, your recipes marked as "family" (not private) and your meal plans are visible to other family members. Private recipes remain visible only to you.

Service Providers: We use trusted service providers to host our infrastructure (database, API servers, image storage). These processors act only on our instructions and provide appropriate security safeguards.

Apple: For authentication (Apple Sign In) and premium subscriptions (In-App Purchase), we communicate with Apple's services. Apple's privacy policy governs their handling of this data.

We do not: Sell your personal data, share it with advertisers, or use it for purposes unrelated to providing MealRhythm.

Analytics

Website: If enabled, we use privacy-friendly analytics (e.g., Plausible) that does not set cookies or collect personal identifiers. Only aggregated, anonymous usage metrics are collected.

iOS App: We do not use third-party analytics or tracking in the iOS app. Any diagnostic information is collected only to fix crashes and improve performance, and is not shared with third parties.

Data Retention

We retain your data as long as your account is active. If you delete your account, we will delete your personal data, recipes, photos, and meal plans within 30 days, except where we must retain certain data for legal obligations (e.g., financial records for tax purposes).

Backup copies may persist for up to 90 days in our backup systems before being permanently deleted.

International Transfers

Where data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) as required by law.

Security

We take security seriously and implement multiple layers of protection:

  • Authentication: We use Apple Sign In, which provides industry-leading security without storing passwords.
  • Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Database Security: Your data is stored in a secure PostgreSQL database with access controls and encryption at rest.
  • API Security: Our API requires authentication tokens for all requests and validates permissions before serving data.
  • Regular Updates: We regularly update our infrastructure and dependencies to patch security vulnerabilities.

While we implement strong security measures, no method of transmission or storage is 100% secure. If you discover a security issue, please contact us immediately at security@mealrhythm.app.

Leaving a Family

You can leave a family at any time from the Family tab in the app. When you leave:

  • Your private recipes remain yours and are not visible to the family.
  • Recipes you marked as "family" remain accessible to the family you're leaving.
  • Your meal plans that reference family recipes will still show those recipes.
  • You can join a different family or create your own at any time.

Children

MealRhythm is designed for family use but is not specifically directed to children under 13. Parents and guardians are responsible for monitoring their children's use of the app. If you believe a child under 13 has provided personal data without parental consent, contact us immediately so we can delete it.

Your Rights

Subject to local laws (including GDPR for EU users and CCPA for California residents), you have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate or incomplete information.
  • Deletion: Request deletion of your account and associated data.
  • Export: Receive your data in a portable format.
  • Objection: Object to certain types of processing.
  • Withdrawal: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at info@mealrhythm.app. We will respond within 30 days.

Changes

We may update this policy. Material changes will be posted here with an updated date.

Contact

For privacy requests, data access, or any questions about this policy, contact us at: info@mealrhythm.app