Privacy Policy

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Email address: Used for authentication (magic links) and communication.
• Name: Optional, for personalization.
• Family preferences: Dietary restrictions, taste preferences, and family size.

1.2 Usage Information

We automatically collect:

• Meal plan data: Generated meal plans, votes, and regenerations.
• Device information: Device type, operating system, and app version.
• Usage analytics: Features used, session duration, and interactions.
• Log data: IP address, browser type, and access times.

2. Legal Basis for Processing (GDPR & PDPL)

We process your personal data under the following legal bases:

• Contractual Necessity: To provide the Service, generate meal plans, and manage your account.
• Consent: When you explicitly agree to optional features, such as marketing emails or specific data sharing.
• Legitimate Interests: To improve our Service, ensure security, and analyze usage trends, provided these interests do not override your fundamental rights.
• Legal Obligation: To comply with applicable laws and regulations.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service.
• Generate personalized meal plans and shopping lists.
• Process payments and manage subscriptions.
• Communicate with you regarding updates, support, and security alerts.
• Train and improve our AI models (using strictly anonymized and aggregated data only).

4. Sub-Processors and Data Sharing

We do not sell your personal information. We share your data with trusted third-party service providers (sub-processors) strictly to operate our Service. Our current sub-processors include:

• Vercel: Cloud hosting and infrastructure.
• Neon: Database hosting and management.
• OpenAI: AI processing for meal plan generation (data sent to OpenAI is not used to train their public models).
• Mailjet: Email delivery for authentication and notifications.
• Stripe: Secure payment processing.
• Google Analytics: Usage analytics and performance monitoring.

5. International Data Transfers

As a company based in Dubai, UAE, with global infrastructure, your data may be transferred to, stored, and processed in countries outside of your residence (including the US and EU). We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data during these transfers in compliance with GDPR and PDPL.

6. Data Retention

We retain your personal data only for as long as your account is active or as necessary to fulfill the purposes outlined in this policy. If you request account deletion, we will securely delete or anonymize your data within 30 days, except where retention is required by law (e.g., financial records).

7. Your Data Subject Rights

Depending on your location (including the EU and UAE), you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure (Right to be Forgotten): Request deletion of your data.
• Restriction: Request a limit on how we process your data.
• Data Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at privacy@familyplate.ai. EU residents also have the right to lodge a complaint with their local Data Protection Authority.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), secure authentication (magic links), and restricted access controls. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

9. Contact Us