top of page

Privacy Policy

Last Updated: December 2025

​

Menu Miser ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Menu Miser. This Privacy Policy applies to our mobile application (the "App").

By using Menu Miser, you agree to the collection and use of information in accordance with this policy.

​

1. Information We Collect

We collect personal information from the following sources:

  • Directly from You: Information you provide when creating an account, setting preferences, or using features.

  • Automatically from Your Device: Device information and usage data collected when you use the app.

  • From Third Parties: Authentication information from Google (if you use Google Sign-In).

A. Information You Provide to Us

  • Account Information: When you register, we collect your email address and authentication credentials. Authentication is handled securely via Supabase Auth.

  • Profile Data: We collect information you provide to personalize your experience, including:

    • Family size

    • Weekly budget

    • Dietary restrictions (e.g., vegetarian, vegan, keto)

    • Allergies

    • Meal preferences (breakfast, lunch, dinner, snacks)

    • Chef persona selection

  • Pantry Data: We store the list of ingredients and items you add to your virtual pantry.

  • Meal Plans and Recipes: We store your generated meal plans, saved meal plans, and saved quick meals.

  • Feedback: Any feedback you choose to submit through the app.

  • User Content: Any other information you choose to provide within the App.

B. Information Collected Automatically

  • Device Information: We may collect information about your mobile device, including hardware model, operating system version, and unique device identifiers. This information is primarily used for debugging and analytics purposes.

  • Usage Data: We collect data regarding your interaction with the App, such as:

    • Features used

    • Time spent in the app

    • Kitchen assistant usage (for Pro users)

  • Push Notification Tokens: We store push notification tokens to send you notifications about meal plan status (e.g., when a plan is ready or if generation failed).

C. Camera and Image Data (Pantry Scanning - Pro Feature)

We take your privacy seriously regarding photos.

  • Temporary Processing Only: When you use the "Pantry Extraction" feature to scan ingredients via your camera or photo library, the image is uploaded securely to our server (Supabase Storage) solely for the purpose of processing.

  • Immediate Deletion: Once our AI system (OpenAI Vision API) extracts the text (ingredient names) from your image, the image file is permanently deleted from our servers. Images are deleted immediately after processing is complete (typically within seconds).

  • No Retention or Training: We do not retain, archive, or use your photos to train our models. Images are processed and deleted in a single workflow.

  • Data Extracted: Only the text list of ingredients identified in the photo is saved to your account as pantry items.

​​

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Generate Meal Plans: Your dietary restrictions, allergies, pantry items, family size, budget, and meal preferences are sent to our AI provider (OpenAI) to generate personalized recipes and meal plans.

  • Extract Ingredients from Images: When you use the pantry scanning feature, we send your image to OpenAI Vision API to extract ingredient names. The image is then immediately deleted.

  • Manage Subscriptions: We use RevenueCat to validate and manage your "Pro" subscription status and purchase history.

  • Process Payments: We use Google Play Services (on Android) and Apple App Store (on iOS) to process in-app subscription payments.

  • Improve the App: We use usage data to understand how users interact with the app and to identify bugs and areas for improvement.

  • Communication: To send you push notifications regarding your meal plan status (e.g., when a plan is ready or if generation failed).

  • Prevent Abuse: We maintain a record of deleted account emails for 7 days after account deletion to prevent abuse through account deletion and recreation.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information based on the following legal grounds:

  • Contract Performance (Article 6(1)(b) GDPR): To provide the meal planning services you request when you create an account and use the App.

  • Legitimate Interest (Article 6(1)(f) GDPR): To improve our app, prevent fraud, ensure security, and prevent abuse of our free tier.

  • Consent (Article 6(1)(a) GDPR): For optional features like push notifications and camera access for pantry scanning.

​​

3. Sharing of Information

We do not sell your personal information. We do not and will not sell personal information to third parties.

We share information only with the following third-party service providers necessary to operate the App:

  • Supabase: Used for secure database hosting, authentication, and temporary file storage. Supabase stores your account information, profile data, pantry items, meal plans, and other app data. Supabase is located in the United States.

  • OpenAI: We send text prompts (including your dietary preferences, pantry list, family size, budget, and meal preferences) and temporary image data to OpenAI to generate meal plans and extract ingredients. OpenAI does not use data submitted via our API to train their models by default. OpenAI is located in the United States.

  • RevenueCat: Used to process and manage in-app subscriptions and purchase history. RevenueCat receives your subscription status and purchase information. RevenueCat is located in the United States.

  • Google Play Services: Used for processing payments on Android devices. Google receives payment information necessary to process your subscription.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

​

4. International Data Transfers (GDPR)

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Supabase, OpenAI, RevenueCat) are located.

We ensure appropriate safeguards are in place for such transfers:

  • Standard Contractual Clauses: We use contracts with our service providers that include standard data protection clauses approved by the European Commission.

  • Adequacy Decisions: Some transfers are to countries with adequacy decisions by the European Commission.

By using Menu Miser, you consent to the transfer of your information to these countries.

​

5. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information:

  • Encryption: Data is encrypted in transit (HTTPS) and at rest in our database.

  • Row Level Security (RLS): Our database uses Row Level Security policies to ensure that you can only access and modify your own data.

  • Secure Authentication: User authentication is handled securely through Supabase Auth, which uses industry-standard security practices.

  • Access Controls: Access to user data is restricted to authorized personnel and service providers who need it to operate the App.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

​

6. Data Retention

We retain your personal information only for as long as necessary to provide our services:

  • Account Data: Retained while your account is active. When you delete your account, account data is deleted immediately, except as noted below.

  • Profile Data: Retained while your account is active. Deleted when you delete your account.

  • Pantry Data: Retained while your account is active. Deleted when you delete your account.

  • Meal Plans: Retained while your account is active. Deleted when you delete your account.

  • Image Data: Deleted immediately after processing (typically within seconds of ingredient extraction). Images are not retained.

  • Usage Data: Retained for up to 12 months for app improvement purposes, then anonymized or deleted.

  • Deleted Account Emails: Retained for 7 days after account deletion for abuse prevention (to prevent users from immediately recreating accounts to reset free generation limits), then permanently deleted.

  • Push Notification Tokens: Retained while your account is active. Deleted when you delete your account.

You can request deletion of your data at any time by deleting your account in the App settings.

​

7. Your Rights

GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: You can request a copy of all personal information we hold about you.

  • Right to Rectification: You can request correction of inaccurate or incomplete information. You can update most information directly in the App settings.

  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal information. You can delete your account directly within the App settings, which will delete all associated data except your email address (which is retained for 7 days for abuse prevention, as described in Section 6).

  • Right to Data Portability: You can request your data in a structured, machine-readable format (e.g., JSON).

  • Right to Object: You can object to processing of your personal information for legitimate interests (e.g., app improvement analytics).

  • Right to Restrict Processing: You can request that we limit how we use your personal information.

  • Right to Withdraw Consent: If processing is based on consent (e.g., push notifications), you can withdraw it at any time through your device settings or by contacting us.

​​

CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: You can request information about what personal information we collect, use, disclose, and sell. We do not sell your personal information.

  • Right to Delete: You can request deletion of your personal information. You can delete your account directly within the App settings, which will delete all associated data except your email address (which is retained for 7 days for abuse prevention, as described in Section 6).

  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If we did, you would have the right to opt-out.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

​​

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email:menumiser@gmail.com

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

You can also exercise some rights directly:

  • Update Information: Most profile information can be updated in the App settings.

  • Delete Account: You can delete your account directly in the App settings (Settings → Delete Account).

​​

8. Children's Privacy

Menu Miser is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at menumiser@gmail.com, and we will delete such information.

​

9. Do Not Track Signals

California law requires us to inform you about how we respond to "Do Not Track" (DNT) signals. We do not currently respond to DNT signals sent by web browsers or other mechanisms because there is no industry standard for how to respond to such signals.

We do not track your online activities across third-party websites or services. The information we collect is limited to what you provide directly or what is necessary for Menu Miser to function.

Third parties that provide services to Menu Miser (Supabase, OpenAI, RevenueCat, Google Play Services, Apple App Store) may collect information necessary for their services, but they do not track your activities across different websites or services beyond what is required for Menu Miser to operate.

​

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy

  • Posting a notice in the app for significant changes

Annual Review: We review and update this policy at least annually to ensure compliance with applicable privacy laws, including CCPA requirements.

Your continued use of the App after changes become effective constitutes acceptance of the updated policy. If you do not agree to the changes, you should stop using the App and delete your account.

​

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us at:

Email:menumiser@gmail.com

We will respond to your inquiry as soon as possible.

bottom of page