Mealio ("we", "our", or "the Service") respects your privacy. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and your rights. By using Mealio, you agree to this policy. If you do not agree, please do not use the Service.

Minimum Age: You must be at least 13 years old (or the minimum age required in your jurisdiction) to use the Service. Mealio does not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it.

• •Account data: Email and password (managed by Supabase Auth). We do not store your password in plain text.
• •Recipe data: When you generate a recipe, the text you enter is sent to our AI provider (OpenAI) for that request only. Saved recipes (title, ingredients, instructions, etc.) are stored in our database and linked to your account.
• •Favorites: Which recipes you save as favorites are stored and linked to your account.
• •Usage data: We store user IDs for rate limiting (e.g. how many recipes you can generate per day) to ensure fair use. We do not use your inputs to train AI models.
• •Contact form: If you use the contact form, we receive your name, email, and message to respond to you.

We use your data only to provide and improve the Service: to generate recipes, store your saved recipes and favorites, enforce rate limits, and respond to support requests. We do not sell your data. We do not use your recipe requests or generated recipes to train AI models.

Your data is stored and processed by trusted third-party providers (data processors) that we use to run the Service: Supabase (database and authentication), Vercel (hosting), and OpenAI (recipe generation). These providers process data on our behalf under their respective privacy and data processing terms. For more detail, see Supabase, Vercel, and OpenAI privacy/DPA documentation.

Personal data may be stored and processed outside of Israel, including in the United States and the European Union, by our service providers.

We implement reasonable technical and organizational security measures to protect personal data, in accordance with applicable privacy and data protection laws.

We retain your recipe and favorite data for as long as your account is active. We do not automatically delete recipes or favorites by age. If you delete your account or request deletion (see "Your Rights & Account Deletion" below), we will remove your account and associated data. Rate-limit records may be retained for a short period for operational purposes.

We may use essential cookies and local storage for authentication, preferences (e.g. language, units), and session state. Authentication and session cookies may be set by Supabase as part of user login and session management. We do not use third-party advertising cookies. If we add analytics or non-essential cookies in the future, we will update this policy and, where required, ask for your consent.

Depending on where you live, you may have the right to access, correct, or delete your personal data. To request account deletion or data removal, please contact us through our contact form. We will process your request in accordance with applicable law. Deletion requests are processed within a reasonable time, subject to legal and operational requirements. When your account is deleted, your recipes, favorites, and associated data are removed from our systems.

EU/EEA users: You may have additional rights under GDPR (e.g. access, portability, objection, restriction). Contact us to exercise these rights.

For privacy-related questions or to request deletion of your data, please contact us via the contact form on the About page.