Privacy Policy

1. Who We Are

MealRoots ("we", "us", "our") is an AI-powered meal planning application available on iOS and Android. Our registered contact email is hello@mealroots.app.

Our website is https://mealroots.app.

2. Information We Collect

We collect the following categories of information when you use MealRoots:

• Account information: your name, email address, and password (stored as a secure hash)
• Profile data: your health goal, cultural region, country, calorie target, and dietary restrictions
• Meal plan data: the meals generated for you, your favourites, and your eaten history
• Notification preferences: your chosen meal reminder times
• Profile photo: if you choose to upload one (stored in our database as a compressed image)
• Support tickets: messages you send to our support team
• Device information: device type and push notification token (for reminders)

3. How We Use Your Information

We use your data solely to provide and improve MealRoots:

• To generate personalised meal plans using AI based on your cultural preferences and health goals
• To build your shopping list from your meal plan
• To send meal reminder notifications at times you choose
• To track your nutrition progress and display analytics
• To send transactional emails (email verification, password reset)
• To respond to your support tickets

We do not use your data for advertising, profiling for third parties, or automated decision-making that affects you in a legal or significant way.

4. AI Meal Generation

MealRoots uses the Anthropic Claude API to generate meal suggestions. When generating meals, your profile data (goal, region, country, calorie target, restrictions) is sent to the Anthropic API as part of the prompt. No personally identifiable information such as your name or email is included in these prompts.

Anthropic's privacy policy applies to data processed through their API: anthropic.com/privacy

5. Data Sharing

We share your data only with the following trusted service providers who process it on our behalf:

• Railway — cloud database hosting (PostgreSQL)
• Anthropic — AI meal generation (anonymised profile data only)
• Resend — transactional email delivery (email address only)

We do not sell, rent, or trade your personal data with any third parties.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required to retain it by law.

Meal plan data is retained for the life of your account to enable history and favourites features.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you
• Correction: update inaccurate data through the app's Profile settings
• Deletion: request deletion of your account and all associated data
• Portability: request your data in a machine-readable format
• Objection: object to how we process your data

To exercise any of these rights, email us at hello@mealroots.app.

8. Security

We take security seriously. Your password is stored as a bcrypt hash and is never readable by us. All data is transmitted over HTTPS. Access tokens expire after 15 minutes and refresh tokens are rotated on every refresh.

While we implement industry-standard security measures, no system is 100% secure. We encourage you to use a strong, unique password.

9. Children's Privacy

MealRoots is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you via email or in-app notification if the changes are significant.

11. Contact Us