Privacy Policy

We collect only what we need to run the service for you:

• Account data — your email address, and a name or display name if you provide one. If you sign in with Apple or Google, we receive a verified email (or Apple's private relay address) and a stable identifier from that provider.
• Profile data — the details you give us to personalise your plan: age or date of birth, sex, height, weight and your goal.
• Health and dietary data — allergens, intolerances, food avoidances and dietary modes (for example vegetarian, vegan, halal, kosher). This is special-category (health) data and we treat it with extra care (see section 3).
• Your activity — meals you log, plans you generate, body metrics, water and other entries you choose to record.
• Plans you upload — if you upload a meal or nutrition plan (PDF, photo or text), we process it to turn it into a structured plan you can use. It is read on our own infrastructure and is never sent to an outside service.
• Technical data — limited device and diagnostic information needed to operate the app securely (for example, app version and the session token stored on your device).
• Website data — if you join the early-access list, the email address you give us.

We do not collect more than this, and we don't buy personal data about you from third parties.

We use your data for the following purposes, each with a lawful basis under the GDPR:

• To provide the service you asked for — creating your account, building and re-planning your meals, logging what you eat, and syncing across your devices. Legal basis: performance of our contract with you.
• To process your health and dietary data so we can respect your hard exclusions and personalise your nutrition. Legal basis: your explicit consent (which you can withdraw at any time).
• To keep the service secure and working — authentication, preventing abuse, fixing faults, and protecting accounts. Legal basis: our legitimate interests in a safe, reliable service.
• To send you essential account and security emails — verification codes, password resets and sign-in codes. Legal basis: performance of our contract.
• To improve Mealner using de-identified data that can't be tied back to you. Legal basis: our legitimate interests. Your personal data is never used to train anything in a way that identifies you.

We do not run advertising, we do not profile you for marketers, and we never sell your data — not even anonymised.

Allergens, intolerances and dietary information are special-category data under Article 9 of the GDPR. We only process them with your explicit consent, which we ask for clearly before any such processing and which you can withdraw at any time in the app or by contacting us.

We use this data for one thing: to personalise your nutrition and to hide items flagged as containing what you avoid. Important: this is a best-effort aid, not a safety guarantee. We can't verify every ingredient of every food, so we never describe a food as "safe" or "allergen-free" — always check the actual product label. Mealner is a wellness companion and is not medical advice.

Your data is stored on Mealner's own cloud infrastructure (Amazon Web Services) in the European Union (the eu-west-1 region, Ireland). Passwords are stored only as a strong one-way hash, and security codes are stored hashed and expire quickly.

Uploaded plans are processed on our own infrastructure — they are never handed to a third-party AI or large-language-model service. Access to production data is restricted, and no human at Mealner reads your personal entries unless you ask us to (for example, to help with a support request).

We don't sell your data and we don't share it for anyone else's marketing. We use a small number of trusted service providers (processors) strictly to run Mealner, under contracts that require them to protect your data and use it only on our instructions:

• Amazon Web Services — cloud hosting and storage (EU region) and transactional email delivery.
• Apple and Google — only if you choose "Sign in with Apple" or "Sign in with Google", to verify who you are. We receive a verified identifier; we don't post anything or read your other data with them.

We may also disclose data if the law requires it, or to protect the rights and safety of our users and Mealner.

Your core data is held in the EU. Where a provider (such as a sign-in provider) processes limited data outside the UK/EU, that transfer is covered by appropriate safeguards recognised under data-protection law, such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses.

We keep your personal data for as long as your account is active. If you delete your account, we erase your personal data (subject to a short grace window during which a deletion can be reversed, and to any limited records we're legally required to retain). You can delete your data or your whole account at any time from the app's settings, or by contacting us.

Under the UK and EU GDPR you have the right to:

• Access — get a copy of the personal data we hold about you.
• Rectification — correct data that's wrong or incomplete.
• Erasure — ask us to delete your data ("the right to be forgotten").
• Restriction — ask us to pause processing in certain cases.
• Portability — receive your data in a portable format and have it sent elsewhere.
• Object — object to processing based on our legitimate interests.
• Withdraw consent — withdraw your explicit consent for health-data processing at any time, without affecting processing done before you withdrew.

You can exercise the main rights directly in the app (data export and account deletion are built in), or by emailing privacy@mealner.com. We'll respond within one month.

If you're unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office (ico.org.uk) or to your local EU supervisory authority. We'd appreciate the chance to put things right first.

Mealner isn't intended for children. You must be at least 16 to create an account. Where Mealner is used to cook for a household, an adult account-holder may add details about other people (including children) they cook for; the account-holder is responsible for having the right to provide that information.

The mealner.com marketing site is deliberately lightweight. It doesn't run advertising or third-party tracking cookies. If you join the early-access list, we use your email only to let you know when Mealner opens — we never sell it, and you can ask us to remove it at any time.

If we make a meaningful change to this policy, we'll update the date at the top and, where appropriate, tell you in the app. The latest version always lives at mealner.com/privacy.

Questions about your privacy? Email privacy@mealner.com. For anything else, hello@mealner.com. You can also write to us at 155 Swaythling Close, London, England, N18 2QQ.