Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account information — your email address and display name when you create an account.
• Household data — recipes, pantry items, meal plans, meal cycles, grocery lists, and household member profiles that you create.
• Payment information — billing is processed by a third-party payment provider. We store a reference ID and your subscription status but never store credit card numbers or full payment details.
• Community data — when you report a bug, suggest a feature, or vote on community ideas, we store that activity to power the Community Hub.
• Service usage data — we collect usage data to maintain performance, prevent abuse, and improve the Service.
• Device and browser information — standard request data (IP address, browser type) collected automatically by our hosting infrastructure.

2. How We Use Your Information

• Provide and operate the Service, including meal planning, grocery lists, and real-time collaboration.
• Process payments and manage subscriptions.
• Power smart features such as recipe import, receipt scanning, and recipe generation.
• Send service-related emails (account verification, password resets, subscription updates).
• Operate the Community Hub, including displaying feature requests and aggregated vote counts.
• Maintain the quality and security of the Service.

3. Legal Basis for Processing

If you are located in the United Kingdom, European Economic Area, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

• Contract — processing your account information, household data, and payment information is necessary to provide the Service you signed up for.
• Legitimate interest — we collect service usage data and device information to maintain security, prevent abuse, and improve the Service. We also process community data to operate the Community Hub.
• Consent — when you choose to use smart features (recipe import, receipt scanning, recipe generation), you are consenting to your content being processed by third-party AI services as described in Section 5.

You may withdraw your consent for optional processing at any time by discontinuing use of the relevant feature. This does not affect the lawfulness of any processing carried out before withdrawal.

4. Third-Party Services

We use the following categories of third-party services to operate MealHuddle:

• Cloud infrastructure — secure cloud services for data storage, authentication, and real-time features.
• Payment processing — a third-party payment provider handles all credit card information directly. We never see or store your full card details.
• AI processing — smart features (recipe import, receipt scanning, recipe generation) are powered by a third-party AI service. See Section 5 for details on what data is sent.
• Hosting — hosting providers deliver the application quickly and reliably.
• Email delivery — email services send transactional messages such as account verification, password resets, and household invites.
• Error monitoring — monitoring services help us identify and fix issues quickly.

5. Data Sent to AI Services

When you use smart features, the following data may be sent for processing:

• Recipe import (photo/PDF) — the image or extracted text of the recipe you upload.
• Recipe import (URL) — the web page content from the URL you provide (only if structured data extraction fails).
• Receipt scanning — the image of the grocery receipt you upload.
• Image generation — recipe titles, descriptions, cuisine type, and ingredient names.

We do not send your personal information (email, name, household details) to AI services. Only the recipe and ingredient data necessary for the specific feature is transmitted.

6. Data Storage & Security

Your data is stored on secure cloud infrastructure. We implement the following security measures:

• Data isolation — your household's data is kept completely separate from other households.
• Encryption in transit — all data is transmitted over HTTPS.
• Authentication — sessions are managed through secure, encrypted cookies. QR code sign-in generates a temporary, single-use code that expires after 5 minutes and can be cancelled at any time.
• Integration security — Home Assistant API keys are unique per household and can be revoked at any time.

7. International Data Transfers

MealHuddle is operated from the United States, and your data is processed and stored in the United States. If you are using the Service from outside the United States (including the United Kingdom or European Economic Area), your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you acknowledge this transfer. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy, including using encrypted connections and working with service providers that maintain appropriate security standards.

8. Cookies

MealHuddle uses cookies solely for authentication and session management. These cookies are necessary for the Service to function. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. Because these cookies are strictly necessary to provide the Service, no additional consent is required.

9. Data Sharing

We do not sell your personal data. We share data only with the service providers described in Section 4, and only as necessary to operate the Service. When you submit a feature idea or vote in the Community Hub, your suggestion and display name are visible to other signed-in users — but your email address and household data remain private. We may use anonymized, aggregated data (such as popular ingredients or trending recipes) to improve the Service — but never in a way that identifies you or your household. We may also disclose information if required by law or to protect the rights, safety, or property of MealHuddle, our users, or the public.

10. Your Rights

You have the right to:

• Access — view all data associated with your account through the Service.
• Correct — update your account information and household data at any time.
• Delete — delete your account, which will remove your personal data. Contact us if you need help.
• Export — go to Settings and download all your data as JSON anytime, with no restrictions.
• Restrict processing — ask us to limit how we use your data in certain circumstances.
• Object — object to our processing of your data where we rely on legitimate interest as the legal basis.
• Withdraw consent — where processing is based on consent (such as smart features), you may withdraw consent at any time by discontinuing use of that feature.

To exercise any of these rights, contact us at hello@mealhuddle.com. We will respond within 30 days.

If you are located in the United Kingdom or European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

11. Children's Privacy

MealHuddle is not directed at children under 13. We do not knowingly collect personal information from children under 13. The household members feature allows parents or guardians to add children to a household for meal preference tracking (such as meal ratings), but these profiles are entirely managed by the parent or guardian and do not require the child to have an account or provide any personal information directly.

12. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

• Account and household data — kept for the lifetime of your account. When you delete your account, your personal data is removed promptly.
• Payment records — subscription references are retained for as long as required for accounting and tax purposes (typically up to 7 years), in line with applicable law.
• Service usage data — retained for up to 12 months for performance monitoring and abuse prevention, then deleted or anonymized.

Household data shared with other members may persist for those members after you leave or delete your account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Data Controller & Contact

MealHuddle is operated by Stromgren Software LLC, which is the data controller responsible for your personal data under this Privacy Policy.

If you have questions about this Privacy Policy, how we handle your data, or wish to exercise any of your rights, contact us at hello@mealhuddle.com.