Privacy Policy

Effective: February 8, 2026

This Privacy Policy describes how MealHuddle ("we", "us", "our") collects, uses, and protects your information when you use our meal planning service ("the Service").

1. Information We Collect

We collect the following types of information:

  • Account information: Email address and display name when you create an account.
  • Household data: Recipes, ingredients, meal plans, meal cycles, grocery lists, and family member profiles that you create within your household.
  • AI usage logs: Records of when AI features are used (feature name, timestamp, household) for rate limiting and usage tracking.
  • Payment information: Billing is processed through Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or full payment details directly.
  • Device and browser information: Standard HTTP request data (IP address, user agent, browser type) collected automatically through our hosting infrastructure.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including meal planning, grocery lists, and real-time collaboration.
  • Process payments and manage subscriptions through Stripe.
  • Power AI features such as recipe import, receipt scanning, and image generation.
  • Send service-related emails (account verification, password resets, subscription updates).
  • Enforce rate limits and prevent abuse of the Service.

3. Third-Party Services

We use the following third-party services to operate MealHuddle:

  • Supabase: Database, authentication, file storage, and real-time features. Your account and household data is stored in Supabase-hosted infrastructure.
  • Stripe: Payment processing for Pro subscriptions. Stripe handles all credit card information directly. See Stripe's Privacy Policy.
  • OpenAI: AI-powered features including recipe import, receipt scanning, and image generation. See the section below for details on what data is sent to OpenAI.
  • Vercel: Web application hosting and delivery.

4. Data Sent to OpenAI

When you use AI-powered features, the following data may be sent to OpenAI for processing:

  • Recipe import (photo/PDF): The image or extracted text of the recipe you upload.
  • Recipe import (URL): The web page content from the URL you provide (only if structured data extraction fails).
  • Receipt scanning: The image of the grocery receipt you upload.
  • Image generation: Recipe titles, descriptions, cuisine type, and ingredient names.

We do not send your personal information (email, name, household details) to OpenAI. Only the recipe and ingredient data necessary for the specific AI feature is transmitted. Data sent to OpenAI is subject to OpenAI's Privacy Policy.

5. Data Storage & Security

Your data is stored in Supabase-hosted infrastructure. We implement the following security measures:

  • Row Level Security (RLS): All database tables use Postgres RLS policies to ensure household data is isolated. Users can only access data belonging to their own household.
  • Encryption in transit: All data is transmitted over HTTPS.
  • Authentication: Sessions are managed through secure, HTTP-only cookies.
  • API key security: Home Assistant API keys are unique per household and can be revoked at any time.

6. Cookies

MealHuddle uses cookies solely for authentication and session management. These cookies are set by Supabase Auth (via the @supabase/ssr library) and are necessary for the Service to function. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

7. Data Sharing

We do not sell your personal data. We share data only with the third-party service providers listed in Section 3, and only as necessary to operate the Service. We may also disclose information if required by law or to protect the rights, safety, or property of MealHuddle, our users, or the public.

8. Your Rights

You have the right to:

  • Access: View all data associated with your account through the Service.
  • Correct: Update your account information and household data at any time.
  • Delete: Delete your account, which will remove your personal data. Contact us if you need assistance with data deletion.
  • Export: Contact us to request an export of your data.

9. Children's Privacy

MealHuddle is not directed at children under 13. We do not knowingly collect personal information from children under 13. The family members feature allows parents or guardians to add children to a household for meal preference tracking (such as meal ratings), but these profiles are entirely managed by the parent or guardian and do not require the child to have an account or provide any personal information directly.

10. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. When you delete your account, your personal data is removed. Household data that was shared with other members may persist for those members. AI usage logs are retained for rate limiting and may be periodically purged.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at hello@mealhuddle.com.