Privacy Policy

Website Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can personally identify you.

2. Data Collection on Our Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the imprint of this website.

How do we collect your data?

Your data is collected when you provide it to us. This may, for example, be data that you enter in our waitlist form (email address).

What do we use your data for?

We collect your email address to notify you when MatchMyMeal launches and to provide you with early access to the app.

3. Email Waitlist

When you sign up for our waitlist, we collect:

• Your email address
• Timestamp of registration
• Your consent to data processing

This data is processed based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time by contacting us at hello@matchmymeal.app.

Purpose

We use your email address solely to notify you when MatchMyMeal launches and to provide updates about the app.

Third-Party Services

Your waitlist data is processed and stored using Make.com (automation service) and Google Sheets. These services act as data processors on our behalf.

Data Retention

Your email address will be stored until you request its deletion. You can request deletion at any time by contacting us at hello@matchmymeal.app.

4. Your Rights

You have the right to:

• Request information about your stored personal data
• Request correction of incorrect data
• Request deletion of your data
• Request restriction of data processing
• Object to data processing
• Data portability

To exercise these rights, please contact us at hello@matchmymeal.app.

5. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

6. Contact

If you have questions about data protection, please contact us at:
hello@matchmymeal.app

Privacy Policy — MatchMyMeal (Mobile App)

This Privacy Policy explains how MatchMyMeal ("we", "us", "our", or "MatchMyMeal") collects, uses, stores, and protects your personal information when you use the MatchMyMeal mobile application (the "App") and related services.

Data Controller:
Henrik Dymke, Einzelunternehmen
Schneeglöckchenstrasse 13
10407 Berlin, Germany

Contact: hello@matchmymeal.app

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Introduction

This Privacy Policy explains how MatchMyMeal ("we", "us", "our", or "MatchMyMeal") collects, uses, stores, and protects your personal information when you use the MatchMyMeal mobile application (the "App") and related services.

2. Information We Collect

We collect only the information necessary to provide and improve the App's functionality.

2.1 Account Information

When you create an account, we collect:

• Email address (required for account creation)
• Password (securely hashed, never stored in plain text)
• Authentication method (email/password, Apple Sign In, or Google Sign In)

Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

2.2 Profile and Onboarding Information

To personalize your meal suggestions, we collect:

• Name (optional, for personalization)
• Dietary preferences (e.g., vegan, vegetarian, omnivore)
• Dietary goals (e.g., healthier eating, convenience, budget)
• Food intolerances (e.g., lactose, gluten)
• Excluded ingredients (foods you do not like)
• Household size (number of people you cook for)

Note: This information is treated as preferences only, not as medical, nutritional, or health data.

Legal Basis: Consent (Art. 6(1)(a) GDPR) - you can withdraw consent at any time

2.3 Usage Data

When you use the App, we automatically collect:

• Meal swipes (which meals you like or dislike)
• Meal plans (automatically generated weekly meal plans)
• Collections (saved meals and favorites)
• App usage patterns (to improve functionality)

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - to provide and improve the service

2.4 Subscription Information

If you subscribe to premium features, we collect:

• Subscription status (active, expired, cancelled)
• Subscription type (monthly or yearly)
• Free trial status (if applicable)
• Purchase history (managed through App Store/Google Play)

Note: Payment processing is handled by Apple (iOS) or Google (Android). We do not process payment card information.

Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

2.5 Device Information

We may collect limited device information:

• Device type (iOS or Android)
• App version (for support and bug fixes)
• Operating system version (for compatibility)

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - to ensure app compatibility

2.6 Analytics Data

We use analytics services to understand how the App is used:

• Screen views (which screens you visit)
• Feature usage (which features you use)
• User actions (events like meal swipes, plan creation)
• Performance metrics (app crashes, errors)

Note: Analytics data is aggregated and anonymized. We do not track personally identifiable information through analytics.

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - to improve the app

3. How We Use Your Information

We use your information to:

3.1 Core Functionality

• Create and authenticate your account
• Provide personalized meal suggestions based on your preferences
• Generate customized meal plans
• Create grocery lists based on your meal plans
• Store your preferences and meal history

3.2 Service Improvement

• Analyze usage patterns to improve the App
• Fix bugs and technical issues
• Develop new features
• Optimize app performance

3.3 Communication

• Send you important service updates
• Respond to your support requests
• Notify you about subscription status (if applicable)

3.4 Legal Compliance

• Comply with legal obligations
• Enforce our Terms of Service
• Protect our rights and prevent fraud

We do not:

• Sell your personal information
• Share your data with advertisers
• Use your data for marketing purposes without consent
• Process your data for purposes other than those described above

4. Third-Party Services

We use the following third-party services to operate the App:

4.1 Supabase (Database & Authentication)

• Purpose: User authentication, data storage, backend services
• Data Processed: Account information, profile data, meal plans, preferences
• Location: European Union (EU)
• Legal Basis: Data processing agreement (Art. 28 GDPR)
• Privacy Policy: https://supabase.com/privacy

4.2 RevenueCat (Subscription Management)

• Purpose: Manage subscriptions, process payments, restore purchases
• Data Processed: Subscription status, purchase history, device identifiers
• Location: United States (with GDPR compliance)
• Legal Basis: Data processing agreement (Art. 28 GDPR)
• Privacy Policy: https://www.revenuecat.com/privacy

4.3 Apple App Store / Google Play Store

• Purpose: App distribution, subscription payments
• Data Processed: Purchase transactions, payment information
• Location: United States (with GDPR compliance)
• Legal Basis: Contract performance
• Privacy Policies:
  • Apple: https://www.apple.com/privacy/
  • Google: https://policies.google.com/privacy

4.4 Apple Sign In / Google Sign In

• Purpose: User authentication
• Data Processed: Email address, name (if provided)
• Location: United States (with GDPR compliance)
• Legal Basis: Consent (Art. 6(1)(a) GDPR)
• Privacy Policies:
  • Apple: https://www.apple.com/privacy/
  • Google: https://policies.google.com/privacy

4.5 PostHog (Analytics)

• Purpose: App analytics, usage tracking, performance monitoring
• Data Processed: Aggregated, anonymized usage data, screen views, events
• Location: European Union (EU)
• Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)
• Privacy Policy: https://posthog.com/privacy

Data Processing Agreements: All third-party services act as data processors on our behalf and are bound by data processing agreements in accordance with GDPR requirements.

5. Data Storage and Security

5.1 Data Storage Location

• All user data is stored in Supabase, hosted in the European Union
• Analytics data is stored in PostHog, hosted in the European Union
• Subscription data is stored by RevenueCat (United States, GDPR compliant)

5.2 Security Measures

We implement industry-standard security measures:

• Encryption in transit: All data is encrypted using TLS/HTTPS
• Encryption at rest: Database storage is encrypted
• Access controls: Only authorized personnel can access user data
• Secure authentication: Passwords are hashed using industry-standard algorithms
• Regular security updates: We keep our systems updated with the latest security patches

5.3 Data Retention

• Active accounts: Data is retained as long as your account is active
• Deleted accounts: All personal data is permanently deleted within 30 days of account deletion
• Subscription data: Retained for legal and accounting purposes as required by law (typically 7-10 years in Germany)
• Analytics data: Aggregated, anonymized data may be retained longer for statistical purposes

5.4 Data Backup

We maintain secure backups of user data for disaster recovery. Backups are encrypted and stored in the European Union.

6. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

6.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and to access that data.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data corrected and incomplete data completed.

6.3 Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain exceptions (e.g., legal retention requirements).

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in certain circumstances.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

6.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests.

6.7 Right to Withdraw Consent (Art. 7 GDPR)

If processing is based on consent, you have the right to withdraw consent at any time.

6.8 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

German Supervisory Authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Website: https://www.datenschutz-berlin.de/

6.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: hello@matchmymeal.app
• Address: Henrik Dymke, Einzelunternehmen, Schneeglöckchenstrasse 13, 10407 Berlin, Germany

We will respond to your request within one month (may be extended by two months for complex requests).

7. Age Requirements

7.1 Minimum Age

The App is intended for users who are 18 years of age or older.

7.2 Age Verification

By creating an account, you represent and warrant that you are at least 18 years old.

7.3 Children's Privacy

We do not knowingly collect personal information from children under 18. If you believe that a child under 18 has provided us with personal information, please contact us immediately at hello@matchmymeal.app, and we will delete such information.

8. International Data Transfers

8.1 Data Transfers

Some of our third-party service providers (RevenueCat, Apple, Google) are located outside the European Economic Area (EEA). When we transfer your data to these providers, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses
• Adequacy Decisions: Some providers operate under adequacy decisions (e.g., Privacy Shield successors)
• GDPR Compliance: All providers are required to comply with GDPR requirements

8.2 Your Rights

You have the right to be informed about international data transfers and to object to such transfers if you have concerns.

9. Cookies and Tracking Technologies

9.1 Mobile App

The App does not use traditional cookies. However, we may use similar technologies:

• Local storage: To store your preferences and app settings
• Device identifiers: For analytics and subscription management (anonymized)

9.2 Analytics

We use PostHog for analytics, which may use device identifiers and usage patterns. This data is aggregated and anonymized.

9.3 Opt-Out

You can opt out of analytics tracking by contacting us at hello@matchmymeal.app.

10. Changes to This Privacy Policy

10.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

10.2 Notification

We will notify you of material changes by:

• Posting the updated policy in the App
• Sending an email notification (if you have provided an email address)
• Displaying a notice in the App

10.3 Effective Date

The "Last Updated" date at the top of this policy indicates when it was last revised.

10.4 Continued Use

Your continued use of the App after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Data Protection Officer

As a small business (Einzelunternehmen), we are not required to appoint a Data Protection Officer under GDPR. However, you can contact us directly with any data protection concerns at hello@matchmymeal.app.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@matchmymeal.app

Postal Address:
Henrik Dymke, Einzelunternehmen
Schneeglöckchenstrasse 13
10407 Berlin, Germany

13. Additional Information

13.1 Website Privacy Policy

This Privacy Policy applies to the MatchMyMeal mobile application. For information about data collection on our website (e.g., waitlist), please refer to our website privacy policy at https://matchmymeal.app/privacy.

13.2 Terms of Service

Your use of the App is also governed by our Terms of Service, which can be found in the App or at https://matchmymeal.app/terms.

13.3 Language

This Privacy Policy is provided in English. If a German translation is provided, the English version shall prevail in case of any discrepancies.