Privacy Policy — PlanEat AI
Effective date: July 30, 2025
This Privacy Policy explains how PlanEat AI (“PlanEat,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our mobile application, website planeatai.com, and related services (together, the “Services”).
By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.
Who we are (Controller)
The Services are operated by PlanEat AI (operated by sole proprietor Diana Torianyk, Ukraine). For privacy matters, contact:
- Email: vesperzze@gmail.com
Depending on your region, Apple and Google may act as separate controllers for app store billing and fraud prevention.
What data we collect
A. Information you provide
- Account & contact: name, email, region/country.
- Profile & preferences: dietary preferences, allergies/intolerances, disliked ingredients, meal frequency, cooking time and budget constraints, goals (e.g., weight loss/gain, healthier eating).
- User‑generated content (UGC): photos/videos of meals, comments, ratings, feedback (including via Discord or surveys).
- Communications: support requests, bug reports, feature suggestions.
- Consents & settings: notification preferences, marketing opt‑ins.
B. Information collected automatically
- Device & usage: device model, OS, app version, language, time zone, IP address, crash logs, diagnostics, performance, feature usage (e.g., plan generated, recipe opened).
- Website analytics/cookies (planeatai.com): page views, session duration, referrers, consent choices (if a cookie banner is presented).
- Local cache: limited app data stored on your device to improve performance.
C. Payments & subscriptions
- Purchases are processed by Apple App Store and/or Google Play. We receive purchase status and transaction identifiers, but we do not receive or store your full payment card details.
D. Health‑adjacent data
Some profile inputs (e.g., allergies, nutrition goals) may reveal health‑related information. We treat such inputs as sensitive and process them only to provide the Services and, where required, with your explicit consent.
How we use data (Purposes & legal bases)
We use data to:
- Provide and improve the Services
Create weekly menus, generate recipes and grocery lists, enable substitutions when available, calculate basic nutrition (including fiber), operate reminders.- Legal basis (GDPR): Performance of a contract; Legitimate interests (service quality).
- Legal basis (GDPR): Performance of a contract; Legitimate interests (service quality).
- Personalize your experience
Tailor plans and recommendations to your preferences, constraints, and goals.- Legal basis: Performance of a contract; Consent for sensitive inputs.
- Legal basis: Performance of a contract; Consent for sensitive inputs.
- Operate AI features
Send necessary prompts (e.g., ingredients, preferences, constraints) to AI providers to generate plans/recipes. We configure providers so that your content is not used to train their models where such controls exist.- Legal basis: Performance of a contract; Legitimate interests; Consent (for sensitive data).
- Legal basis: Performance of a contract; Legitimate interests; Consent (for sensitive data).
- Analytics, diagnostics, and security
Understand feature usage and retention, fix crashes, prevent abuse.- Legal basis: Legitimate interests.
- Legal basis: Legitimate interests.
- Communications
Send transactional messages (plan ready, reminders, service updates). With your consent, send marketing emails/pushes you can opt out of at any time.- Legal basis: Performance of a contract; Legitimate interests; Consent (marketing).
- Legal basis: Performance of a contract; Legitimate interests; Consent (marketing).
- Payments & subscriptions
Verify purchases, manage access, prevent fraud.- Legal basis: Performance of a contract; Legal obligations; Legitimate interests.
- Legal basis: Performance of a contract; Legal obligations; Legitimate interests.
- Legal compliance
Comply with applicable laws and respond to lawful requests.
Legal basis: Legal obligations.
Sharing and processors
We do not sell personal information. We share data only with:
- AI model providers (currently OpenAI) to generate plans/recipes.
- Backend hosting & database (currently Supabase, including authentication, storage).
- Analytics (Amplitude, when enabled) to measure usage and improve the product.
- Payment platforms (Apple App Store, Google Play) for billing, receipts, and fraud prevention.
- Customer support & communications tools (email, in‑app messaging) when applicable.
- Community platforms (e.g., Discord). Content you post there is visible to other members and governed by that platform’s policy.
- Professional advisors (legal/accounting) and authorities where required by law.
- Business transfers (merger, acquisition). We will notify you if control changes.
All vendors act as processors under contracts that limit their use of data to our instructions and require appropriate security.
International data transfers
We may process data in the EEA, the UK, the US, or other countries. When transferring data internationally, we rely on safeguards such as EU Standard Contractual Clauses (SCCs), the UK IDTA/Addendum, or other legally recognized mechanisms. You can request information about relevant safeguards at vesperzze@gmail.com.
Data retention
We keep personal data only as long as necessary:
- Account & profile: kept while your account is active or as required to provide the Services.
- UGC (photos/videos): kept until you delete it or your account, unless longer retention is required by law or for dispute resolution.
- Analytics & logs: typically 12–24 months in aggregate or de‑identified form.
- Legal/transaction records: as required by applicable law.
When data is no longer needed, we delete it or irreversibly anonymize it.
Your rights
Depending on your location, you may have the right to:
- Access your data; rectify inaccuracies; delete your data (“right to be forgotten”);
- Restrict or object to certain processing;
- Data portability (receive a copy in a structured, machine‑readable format);
- Withdraw consent at any time where processing is based on consent (e.g., sensitive inputs, marketing);
- Lodge a complaint with your data protection authority.
To exercise rights, email vesperzze@gmail.com. We may ask for information to verify your identity.
California (CCPA/CPRA): you have rights to know, delete, correct, and to opt out of “sale”/“sharing” of personal information. We do not sell personal information or use it for cross‑context behavioral advertising.
Children’s privacy
The Services are not directed to children. You must be at least 16 in the EEA/UK and 13 elsewhere to use the app. We do not knowingly collect personal data from children. If you believe a child provided data, contact us to delete it.
Security
We implement administrative, technical, and organizational measures to protect personal data (encryption in transit, access controls, least‑privilege, monitoring). No system is 100% secure; please use a strong device passcode/biometrics and notify us of any suspected breach.
Cookies & tracking (website)
On planeatai.com, we may use cookies and similar technologies for essential functions and analytics. Where required, we display a cookie banner and honor your choices. In the mobile app, we use device identifiers rather than browser cookies.
Push notifications & marketing
You can control push notifications in your device and in‑app settings. For marketing emails, use the unsubscribe link or contact us. Transactional messages (e.g., plan status, security alerts) are service‑critical and may still be sent.
Changes to this Policy
We may update this Policy from time to time. The “Effective date” will change, and we will post the updated version on planeatai.com. If changes are material, we will provide additional notice (in‑app or by email).
Contact
Questions or requests about this Policy or your data?
Email: vesperzze@gmail.com