1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (collected and managed by Clerk, our authentication provider)
- Account creation date and last login timestamp
- Authentication tokens and session data
1.2 Family Profile Data
You voluntarily provide the following information about your household:
- Names of family members, which may include names of minors
- Dietary restrictions, food allergies (including severe/anaphylactic allergies), and food intolerances for each family member
- Food preferences, likes, dislikes, and aversions for each family member
- Household size and member roles (adult, child)
- Weekly grocery store preferences and recipe website preferences
- Weekly meal planning notes, scheduling constraints, and ingredient inventory
1.3 Data Relating to Minors
Important: MealsAIQ accounts must be created and managed by adults (18 years of age or older). We do not knowingly collect personal information directly from children under 13. Any information about minors — including names, dietary restrictions, allergies, and food preferences — is entered by the adult account holder on behalf of their household. The adult account holder is solely responsible for the accuracy of this information and for ensuring appropriate consent within their household. If you believe a minor has created an account without parental consent, please contact us at [email protected] and we will promptly delete the account.
1.4 Generated Content and Usage Data
- Meal plans, recipes, shopping lists, and calendar exports generated by the service
- History of generated meal plans associated with your account
- Previous meal selections used to avoid repetition in future plans
- Usage analytics including pages visited, features used, and session duration (collected via Google Analytics)
- IP address and browser/device information for security and analytics purposes
1.5 Payment Information
Payment information is collected and processed directly by Stripe, Inc. NAR LLC does not store, process, or have access to your full credit card or payment details. We retain only the information Stripe provides to us, such as subscription status, billing cycle, and the last four digits of your payment method.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and improve the meal planning service
- To generate personalized weekly meal plans based on your family profile
- To send AI-generated prompts to Anthropic's API for meal plan generation — your family profile data is included in these prompts
- To authenticate your account and maintain session security via Clerk
- To store your profile and meal history via Supabase
- To process subscription payments via Stripe
- To analyze usage patterns and improve the service via Google Analytics
- To respond to support requests and communications
- To send service-related notifications (subscription confirmations, material policy changes)
- We do not use your data for advertising, and we do not sell your data to third parties
3. Third-Party Service Providers
We share data with the following third-party service providers solely to operate the service. Each provider has their own privacy policy governing their handling of data.
3.1 Anthropic (AI Generation)
Your family profile data — including member names, dietary restrictions, allergies, food preferences, and weekly planning notes — is sent to Anthropic's Claude API to generate meal plans. Anthropic processes this data as a data processor on our behalf. Prompts may be used by Anthropic in accordance with their usage policies. Anthropic's privacy policy is available at anthropic.com/privacy.
3.2 Clerk (Authentication)
Clerk manages user authentication, account creation, and session management. Clerk collects and stores your email address and authentication credentials. Clerk's privacy policy is available at clerk.com/legal/privacy.
3.3 Supabase (Data Storage)
Supabase provides our database infrastructure. Your family profile, meal history, and preferences are stored in Supabase's hosted PostgreSQL database. Supabase's privacy policy is available at supabase.com/privacy.
3.4 Stripe (Payment Processing)
Stripe processes subscription payments. Payment card data is transmitted directly to Stripe and is never stored on our servers. Stripe's privacy policy is available at stripe.com/privacy.
3.5 Railway (Hosting Infrastructure)
Railway provides server hosting infrastructure for the application. Server logs including IP addresses may be retained by Railway in accordance with their privacy policy at railway.app/legal/privacy.
3.6 Cloudflare (DNS, CDN, and Email Routing)
Cloudflare provides DNS, content delivery, and email routing services. Network traffic passes through Cloudflare's infrastructure. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
3.7 Google Analytics
We use Google Analytics to understand how users interact with the service. Google Analytics collects anonymized usage data including pages visited, session duration, and general location (country/region level). This data is processed by Google in accordance with their privacy policy at policies.google.com/privacy. You may opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.
4. Data Retention
- Account and profile data is retained for as long as your account remains active
- Generated meal plan history is retained for up to 12 months
- Usage analytics data is retained by Google Analytics per their standard retention policies
- Payment records are retained as required by applicable law and Stripe's policies
- Upon account deletion, your profile data and meal history are deleted within 30 days
- Some data may be retained longer where required by law or for legitimate business purposes such as fraud prevention
5. Your Rights and Choices
5.1 All Users
- Access: You may request a copy of the personal data we hold about you
- Correction: You may update your family profile and account information at any time through the application
- Deletion: You may request deletion of your account and associated data by emailing [email protected]
- Data portability: You may export your meal plan data using the session download feature within the application
5.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your California privacy rights, contact us at [email protected].
5.3 European Union and UK Users (GDPR/UK GDPR)
If you are located in the European Union or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:
- Lawful basis for processing: We process your data on the basis of contract performance (providing the service you signed up for) and legitimate interests (improving the service, security)
- Right of access, rectification, erasure, restriction, and portability
- Right to object to processing
- Right to lodge a complaint with your local supervisory authority
Please note that our servers are located in the United States. By using the service, you consent to your data being transferred to and processed in the United States, which may have different data protection standards than your home country.
To exercise your GDPR rights, contact us at [email protected].
6. Cookies
MealsAIQ uses cookies and similar technologies for the following purposes:
- Authentication cookies set by Clerk to maintain your logged-in session
- Analytics cookies set by Google Analytics to understand usage patterns
You may disable cookies through your browser settings, but doing so may affect the functionality of the service, including your ability to stay logged in.
7. Security
We implement commercially reasonable technical and organizational measures to protect your personal information, including encrypted data transmission (HTTPS), authentication via Clerk, and access controls on our database. However, no method of transmission over the Internet is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
8. Children's Privacy
MealsAIQ is intended for use by adults 18 years of age or older. We do not knowingly solicit or collect personal information directly from children under 13. Information about minors entered into the service is provided by adult account holders on behalf of their households. If we learn that we have inadvertently collected personal information directly from a child under 13 without verifiable parental consent, we will delete that information promptly. Contact us at [email protected] if you have concerns.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and by posting a notice on the service at least 14 days before the changes take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:
- Email: [email protected]
- Company: NAR LLC
- Address: 306 W Redwood St STE 201, Baltimore, MD 21201