Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how MealMaxer (“we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use our website and services at mealmaxer.com (the “Service”). Please read this policy carefully. By using the Service, you agree to the practices described here.

1. Who we are

MealMaxer is a recipe creation and kitchen planning application. We are the data controller responsible for your personal information. You can contact us at any time at hello@mealmaxer.com.

2. Information we collect

a) Account information

When you create an account — either directly or via a third-party provider such as Google — we collect your email address and, where provided, your name (display name, full name, or first and last name). This information is used to identify your account and personalise your experience.

b) Content you create

We store all recipes, recipe versions, notes, and labels you create in the app. We also store your weekly meal plan entries and recipe feedback (e.g. thumbs up / thumbs down signals).

c) Preferences and taste profile

We store your cooking preferences — including dietary tags, cuisine preferences, skill level, and subscription tier — and build a taste profile over time based on your feedback and recipe choices. This profile is used to personalise AI-generated recipe suggestions.

d) AI conversation history

All messages you send through MealMaxer’s AI chef interface are stored as conversation turns. These are used to maintain continuity across sessions and to improve recipe suggestions. Cooking briefs compiled from your conversations are also persisted to enable session resumption.

e) Usage and telemetry data

We record product events (such as recipe builds, saves, failures, and feature interactions) for authenticated users. This telemetry is stored in our database and used exclusively for product diagnostics, quality monitoring, and improving the Service. We do not sell or share this data with advertisers.

f) Support submissions

When you submit a support or contact request, we collect your name, email address, subject, and message, along with your subscription tier. This information is used solely to respond to your enquiry.

g) Technical data

Like most web services, our hosting provider (Vercel) may collect standard server log data including your IP address, browser type, and pages visited. We also use Vercel Analytics to collect anonymised, aggregated page-view and performance data. No cross-site tracking or fingerprinting is performed.

3. How we use your information

We use your information to:

Create and manage your account and authenticate you securely.
Operate the Service and deliver core features (recipe creation, planning, versioning).
Personalise AI-generated recipe suggestions using your taste profile and preferences.
Maintain conversation continuity across sessions.
Monitor and improve product quality through aggregated telemetry.
Respond to support and contact requests.
Send transactional emails necessary to operate the Service (e.g. account-related notices).
Comply with legal obligations.

We do not use your data for advertising, sell it to third parties, or use it to build profiles for any purpose other than operating and improving MealMaxer.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

Contract performance — processing necessary to provide the Service you signed up for (e.g. storing your recipes, running AI generation).
Legitimate interests — product analytics, quality monitoring, and fraud prevention, where these interests are not overridden by your rights.
Legal obligation — where we are required to process data to comply with applicable law.
Consent — where we have explicitly asked for and received your consent (e.g. optional communications).

5. AI and your data

Recipe generation is powered by AI language models accessed via OpenRouter (openrouter.ai), a model routing service. When you request a recipe, a prompt is constructed that may include your cooking preferences, dietary tags, conversation history, and taste profile. This prompt is sent to OpenRouter and forwarded to the underlying AI model provider (e.g. Google, Anthropic, OpenAI).

We do not use your data to train AI models. OpenRouter’s data handling is governed by their own privacy policy. We strongly recommend reviewing it at openrouter.ai/privacy.

AI-generated recipes are suggestions only. Always use your own judgement when cooking — particularly regarding dietary restrictions, allergies, or medical conditions.

6. Third-party services

We share your data with the following trusted third-party service providers only to the extent necessary to operate the Service:

Provider	Purpose	Data shared
Supabase	Database, authentication, and file storage	All user and app data
OpenRouter	AI model routing for recipe generation	Prompts (preferences, conversation context)
Vercel	Hosting and anonymised analytics	Request logs, aggregated page metrics
Resend	Transactional email delivery	Name, email address, message content (support submissions)
Google Fonts	Font delivery (self-hosted via Next.js)	None — fonts are downloaded at build time

We do not sell your personal information to any third party, and we do not share it with advertisers or data brokers.

7. Data storage and security

Your data is stored in Supabase (PostgreSQL), which applies row-level security policies ensuring that your data is only accessible to you and authorised service operations. Connections are encrypted in transit using TLS. Backups are maintained by Supabase according to their own retention policies.

We apply industry-standard security practices including authentication via cryptographically secure tokens, server-side session validation, and least-privilege access controls on all internal tooling. No system is perfectly secure — if you believe your account has been compromised, please contact us immediately.

8. Data retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account data and content — retained until you delete your account.
AI conversation history and taste profile — retained for the lifetime of your account to maintain personalisation; you may request deletion at any time.
Product event telemetry — retained for up to 12 months for diagnostic purposes, then deleted or anonymised.
Support submissions — retained for up to 24 months after resolution, then deleted.
Server logs — retained by Vercel per their standard log retention policy (typically 30 days).

9. Cookies and tracking

MealMaxer uses essential cookies only — specifically, authentication session cookies set by Supabase to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies.

Vercel Analytics collects anonymised, aggregated performance and page-view data. No personal identifiers or behavioural profiles are constructed from this data. You can opt out of Vercel Analytics by enabling a “Do Not Track” setting in your browser.

10. International data transfers

MealMaxer and its service providers (Supabase, Vercel, OpenRouter, Resend) may store and process your data in the United States or other countries outside your home jurisdiction. Where required by law (e.g. GDPR), we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms. By using the Service, you acknowledge that your data may be transferred internationally.

11. Your rights

Depending on your location, you may have the following rights regarding your personal information:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate or incomplete information. (You can update your name and display name directly in account settings.)
Deletion — request that we delete your account and all associated personal data. We will action deletion requests within 30 days.
Restriction — ask us to restrict processing of your data in certain circumstances.
Portability — request a machine-readable export of your data.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at hello@mealmaxer.com. We will respond within 30 days. We may ask you to verify your identity before actioning your request. You also have the right to lodge a complaint with your local data protection authority.

12. California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know — the categories and specific pieces of personal information we collect, use, and share.
Right to delete — request deletion of personal information we have collected from you, subject to certain exceptions.
Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising.
Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at hello@mealmaxer.com.

13. Children’s privacy

MealMaxer is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. For significant changes, we will notify you by email or via an in-app notice. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

15. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

MealMaxer
hello@mealmaxer.com

We aim to respond to all privacy-related enquiries within 5 business days.