Back to Home

Privacy Policy

Last updated: 30.12.2025

1. Introduction

This Privacy Policy explains how Mealti ("we", "us", or "our") collects, uses, and protects your personal data when you use our mobile application and website. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act, and other applicable data protection laws.

2. Data Controller

NIP: 5432195007

Contact Address: Armii Krajowej 37, Brańsk, Poland

Email: mealtiapp@gmail.com

3. Data We Collect

Account Data

  • Email address
  • Name (optional)
  • Encrypted authentication data

Health & Dietary Data

  • Age, sex, weight, and height
  • Activity level
  • Dietary preferences and food allergies/intolerances
  • Health and nutrition goals

Usage Data

  • Meal plans generated and viewed
  • Shopping lists created
  • Favorite meals saved

Analytics Data (Website only)

  • Pages visited and interactions
  • Device type and browser information
  • Referring website

4. Purpose of Processing

  • Providing personalized meal planning services
  • Generating AI-powered meal suggestions based on your preferences
  • Improving our services and user experience
  • Providing customer support
  • Complying with legal obligations

5. Legal Basis for Processing

  • Performance of Contract (Art. 6(1)(b) GDPR) Processing necessary to provide our meal planning services
  • Consent (Art. 6(1)(a) GDPR) For processing health-related data (special category data under Art. 9 GDPR)
  • Legitimate Interest (Art. 6(1)(f) GDPR) For analytics and service improvement

6. Third-Party Services

We share your data with the following service providers who help us deliver our services:

ServicePurposeLocation
ClerkAuthentication and user managementUSA
ConvexDatabase and backend servicesUSA (US East)
OpenAIAI meal generationUSA
Vercel AnalyticsWebsite analyticsUSA

7. International Data Transfers

Your data is transferred to and processed in the United States by our service providers (Clerk, Convex, OpenAI, Vercel). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives adequate protection as required by GDPR.

8. AI-Powered Processing

We use artificial intelligence (OpenAI GPT-4) to generate personalized meal plans. When you request meal suggestions, the following data may be sent to OpenAI:

  • Your dietary preferences
  • Food allergies and restrictions
  • Health and nutrition goals
  • Previous meal context

OpenAI processes this data solely to generate meal recommendations. They do not use your data to train their models when accessed via API. For more information, see OpenAI's privacy policy.

9. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all your personal data is permanently deleted immediately from our systems. Analytics data is retained for up to 26 months.

10. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access Request a copy of your personal data
  • Right to Rectification Request correction of inaccurate data
  • Right to Erasure Request deletion of your data
  • Right to Restriction Request limitation of processing
  • Right to Data Portability Receive your data in a portable format
  • Right to Object Object to processing based on legitimate interests
  • Right to Withdraw Consent Withdraw consent at any time

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, secure authentication through Clerk, access controls and monitoring, and regular security assessments.

12. Cookies and Tracking

Our website uses the following types of cookies:

  • Essential Cookies Required for basic website functionality
  • Analytics Cookies Vercel Analytics for understanding how visitors use our site

13. Age Requirements

Our services are intended for users who are at least 18 years old. We do not knowingly collect personal data from children under 18. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Contact & Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: mealtiapp@gmail.com

Address: Armii Krajowej 37, Brańsk, Poland

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:

Supervisory Authority:
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa
https://uodo.gov.pl