Privacy Policy

Information We Collect

We collect personal information that you provide directly and information generated through your use of MealMint:

Information you provide

• Account Information: Name, email address, password (hashed), profile photo (optional), and household details
• Dietary Preferences: Food preferences, allergies, intolerances, dietary restrictions (vegetarian, vegan, gluten-free, dairy-free, etc.), and health goals
• Household Data: Family member profiles, age ranges, portion preferences, and meal schedules
• Recipe Content: Custom recipes, modifications, notes, and ratings you create
• Payment Information: Processed securely through Stripe - we do not store full card numbers

Information generated automatically

• Usage Data: Recipes viewed, meal plans created, shopping lists generated, features used
• Device Information: Browser type, operating system, device type, screen resolution
• Log Data: IP address, access times, pages visited, referring URLs
• AI Interaction Data: Conversations with our AI assistant to improve recipe recommendations

Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following lawful bases:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary to provide MealMint services - account management, recipe generation, meal planning, shopping list creation, and subscription billing
• Consent (Art. 6(1)(a)): Marketing communications, optional analytics, preference cookies, and sharing recipes publicly
• Legitimate Interests (Art. 6(1)(f)): Service improvement, security monitoring, fraud prevention, and aggregate analytics. We have conducted balancing tests to ensure our interests do not override your rights
• Legal Obligation (Art. 6(1)(c)): Tax records, responding to lawful requests from authorities, and accounting requirements

Special Category Data: Health-related dietary information (allergies, medical diets) is processed under Article 9(2)(a) with your explicit consent, which you can withdraw at any time.

How We Use Your Information

We use the information we collect to:

• Provide Core Services: Generate personalized recipes, create meal plans, build shopping lists, and track nutrition
• Personalize Your Experience: Learn your preferences over time to improve recipe recommendations and meal suggestions
• Process Payments: Handle subscription billing and maintain transaction records
• Communicate With You: Send service updates, security alerts, and (with consent) marketing messages
• Improve Our Service: Analyze usage patterns, fix bugs, develop new features, and enhance performance
• Ensure Security: Detect fraud, prevent abuse, and protect our users and systems

Data Sharing and Recipients

We do not sell your personal information. We share data only in these circumstances:

• Service Providers (Data Processors):
  • Supabase (database hosting, EU region) - stores your account and recipe data
  • Stripe (payment processing) - handles subscription payments
  • Anthropic (AI services) - powers recipe generation and meal planning AI
  • Cloudflare (hosting) - serves our web application
  • Email service providers - sends transactional and marketing emails
• With Your Consent: When you choose to share recipes publicly or with other users
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

All service providers are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant handling of your data.

International Data Transfers

MealMint is based in the EU (Denmark). Some of our service providers operate outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection:

• United States: Anthropic (AI services) and Stripe (payments) - transfers protected by EU-US Data Privacy Framework and SCCs
• EU/EEA: Supabase database hosting is configured in the EU region

You can request a copy of the safeguards we use for international transfers by contacting our DPO.

Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active, deleted within 30 days of account deletion request
• Recipe Content: Retained while your account is active; you can delete individual recipes at any time
• Optional Analytics: Not retained until an analytics provider is enabled with consent gating
• Payment Records: Retained for 7 years as required by Danish tax law
• Security Logs: Retained for 12 months for fraud prevention
• Marketing Consent Records: Retained for 3 years after consent withdrawal (for compliance documentation)

After the retention period, data is securely deleted or anonymized so it can no longer identify you.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication for staff, principle of least privilege
• Infrastructure Security: Hosted on SOC 2 Type II certified providers, regular security audits
• Monitoring: Real-time intrusion detection, automated threat response
• Employee Training: Regular data protection training for all staff
• Incident Response: Documented procedures for detecting, reporting, and resolving data breaches within 72 hours

While we take extensive measures to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@mealmint.com.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of your personal data and information about how we process it
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Art. 17):Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Request limited processing of your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON export)
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Rights Related to Automated Decisions (Art. 22): Not be subject to decisions based solely on automated processing with legal effects

To exercise these rights, contact us at privacy@mealmint.com or use the data management tools in your account settings.

Automated Decision-Making

MealMint uses AI and automated processing to enhance your experience:

• Recipe Recommendations: Our AI suggests recipes based on your preferences, past behavior, and dietary requirements
• Meal Plan Generation: Automated creation of weekly meal plans balancing nutrition and variety
• Nutrition Analysis: Automatic calculation of nutritional values for recipes

These automated processes do not produce legal or similarly significant effects. You can always:

• Override any AI recommendation by choosing different recipes
• Adjust your preferences to influence recommendations
• Contact us if you believe a decision was made incorrectly

Children's Privacy

MealMint is designed for use by adults (18+) managing their household's nutrition. We do not knowingly collect personal information from children under 16 (the GDPR age of digital consent).

While families may add child profiles for meal planning purposes (portion sizes, preferences), the account holder (parent/guardian) controls this data and can delete it at any time.

If we learn we have collected data from a child without parental consent, we will delete it promptly. Please contact us if you believe we have such data.

Cookies and Tracking

We use cookies and similar technologies to provide functionality and improve your experience. For detailed information about what cookies we use, why, and how to manage them, please see our Cookie Policy.

Key points:

• Essential cookies are required for the service to function
• Analytics and preference cookies require your consent
• We do not use advertising or cross-site tracking cookies
• You can manage preferences via our cookie banner or browser settings

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will update the "Last Updated" date at the top
• We will notify you via email for significant changes
• We will display a prominent notice on our website
• We may request renewed consent where required

We encourage you to review this policy periodically. Continued use of MealMint after changes indicates acceptance, except where consent is required.

Complaints and Supervisory Authority

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with a data protection supervisory authority. For MealMint (based in Denmark):

• Danish Data Protection Agency (Datatilsynet)
  Website: www.datatilsynet.dk
  Email: dt@datatilsynet.dk

You may also contact the supervisory authority in your country of residence or where you believe an infringement occurred.

Contact Us

For any questions about this Privacy Policy or our data practices, contact us:

• General Privacy Inquiries: privacy@mealmint.com
• Data Protection Officer: dpo@mealmint.com
• Data Subject Requests: privacy@mealmint.com (or use Account Settings → Privacy)
• Postal Address: MealMint ApS, [Street Address], Copenhagen, Denmark