Privacy Policy

This Privacy Policy explains how Foodow collects, uses, shares, and protects your personal data when you use the Service. For GDPR purposes, Foodow is the “data controller.”

Contact: support@foodow.io.

• Account data: email, name, authentication identifiers.
• Profile data you provide: height, weight, goal weight, age, gender, activity level, dietary preferences, allergies, dislikes, favorites, cooking preferences.
• Usage data: interactions with meal plans, saved plans, shopping list actions, and feature usage (e.g., request counts).
• User-generated content: feedback, reviews, comments, and support requests.
• Device and log data: IP address (may be collected by infrastructure providers), approximate location (derived), browser type, and diagnostic logs.
• Analytics data: page views, session durations, navigation paths, and aggregated usage patterns, collected via Google Analytics 4.

Payment data is processed by our payment processor (e.g., Stripe). We typically receive limited billing metadata (e.g., subscription status), not your full card number.

Special category data (GDPR Article 9):

Some data you provide — such as body weight, height, health goals, dietary restrictions, food allergies, and medical conditions — may constitute health-related personal data and is therefore treated as a special category of personal data under GDPR Article 9. We process this data only where you have given explicit consent by using the relevant features of the Service. You may withdraw this consent at any time by deleting your profile data or requesting account deletion.

• Provide the Service: authenticate you, generate meal plans, create shopping lists, and show your saved content.
• Improve and secure the Service: debugging, analytics, preventing fraud and abuse.
• Customer support: respond to questions, bug reports, and feature requests.
• Billing and account management: subscriptions, invoices, and entitlement enforcement.

• Contract: to provide the Service you request (account, meal plan generation, saved plans).
• Consent: where required (e.g., optional marketing emails, certain cookies, push notifications). For health-related data (body metrics, dietary restrictions, allergies, health goals), we rely on your explicit consent under GDPR Article 9(2)(a). You may withdraw this consent at any time.
• Legitimate interests: to secure, maintain, and improve the Service (balanced against your rights).
• Legal obligation: compliance with applicable laws (tax, accounting, fraud prevention).

We share data with vendors (“processors”) that help us operate the Service. Examples may include:

• Supabase (authentication and database hosting).
• Stripe (payments and subscription management).
• Hosting providers (e.g., Vercel/Render) for running the app and API.
• AI providers (e.g., Replicate) to generate recipe text and images based on your inputs.
• Google LLC (Google Analytics 4): website traffic analysis, page views, and usage patterns. Data may be processed in the United States under Google's Standard Contractual Clauses.

These providers process data under contracts and are required to protect it. We do not sell your personal data.

Some vendors may process data outside your country. Where applicable (e.g., EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent measures.

We keep personal data only as long as necessary for the purposes described, including legal, accounting, and security requirements. You may request deletion of your account (where available).

Depending on your location (including GDPR/EEA/UK), you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing.

To exercise your rights, contact support@foodow.io. You may also lodge a complaint with your local supervisory authority.

We use the following types of cookies and storage: (a) Authentication & preference cookies — keep you signed in and remember your language and theme settings; (b) Analytics cookies — we use Google Analytics 4 (GA4), which places cookies to measure traffic, page views, session duration, and usage patterns. GA4 may transfer data to the United States under Standard Contractual Clauses. You can opt out at any time using Google's opt-out browser add-on or by disabling cookies in your browser settings; (c) Service worker cache — if you install the app as a PWA, a service worker caches certain assets to improve performance and offline access.

We use reasonable technical and organizational measures to protect data, but no system is 100% secure. Please use a strong password and keep your account secure.

We may update this Privacy Policy from time to time. We will update the effective date and may provide additional notice when required.