Privacy Policy

1. Introduction

WellPlate ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meal planning service at wellplate.eu (the "Service").

2. Information We Collect

2.1 Personal Information

• Account Information: Email address, name, profile picture
• Health & Dietary Data: Age, weight, height, sex, dietary goals, allergies, food preferences, cooking preferences
• Meal Plans: Generated meal plans, nutritional information, recipes, grocery lists
• Payment Information: Stripe customer ID, subscription status (we do not store credit card details)

2.2 Usage Information

• Service Usage: Meal plans generated, features used, time spent on platform
• Device Information: IP address, browser type, operating system
• Cookies: Session cookies for authentication and user preferences

2.3 Health Information

We collect health-related information including:

• Physical measurements (weight, height, age)
• Dietary restrictions and allergies
• Health goals (weight loss, maintenance, gain)
• Food preferences and dislikes

3. How We Use Your Information

3.1 Primary Uses

• Service Delivery: Generate personalized meal plans using AI
• Account Management: Maintain your account and preferences
• Communication: Send meal plans via email, service updates
• Payment Processing: Process subscriptions and billing

3.2 AI Processing

• Meal Plan Generation: Use OpenAI GPT-4 to create personalized nutrition plans
• Data Analysis: Analyze preferences to improve recommendations
• Content Creation: Generate recipes, shopping lists, and nutritional information

3.3 Legal Basis (GDPR)

• Consent: You provide explicit consent for health data processing
• Contract Performance: Processing necessary to provide our service
• Legitimate Interest: Improving our service and user experience

4. Information Sharing

4.1 Third-Party Services

• OpenAI: Processes your dietary preferences to generate meal plans
• Stripe: Handles payment processing (we do not store payment details)
• Resend: Sends email communications and meal plan PDFs
• Supabase: Stores your data securely in encrypted databases

4.2 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

3.3 Legal Requirements

We may disclose information if required by law or to protect our rights and safety.

5. Data Security

5.1 Security Measures

• Encryption: All data encrypted in transit and at rest
• Access Controls: Row-level security ensures data isolation
• Regular Audits: Security assessments and monitoring
• Secure Infrastructure: Hosted on enterprise-grade platforms

5.2 Data Breach Response

In the unlikely event of a data breach, we will notify affected users within 72 hours as required by GDPR.

6. Your Rights (GDPR)

6.1 Access Rights

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Portability: Export your data in a machine-readable format

6.2 Control Rights

• Right to Restrict Processing: Limit how we use your data
• Right to Object: Opt out of certain data processing
• Withdraw Consent: Revoke consent at any time

6.3 How to Exercise Rights

Contact us at getwellplate@gmail.com to exercise any of these rights. We will respond within 30 days.

7. Data Retention

7.1 Retention Periods

• Account Data: Retained while your account is active
• Meal Plans: Retained for 2 years for service improvement
• Health Data: Retained while account is active, deleted upon account closure
• Payment Data: Retained as required by law (typically 7 years)

7.2 Data Deletion

When you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

8. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy Decisions by the European Commission
• Appropriate Safeguards as required by GDPR

9. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

10. Cookies and Tracking

10.1 Types of Cookies

• Essential Cookies: Required for service functionality
• Analytics Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings

10.2 Cookie Management

You can control cookies through your browser settings. Disabling cookies may affect service functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. Continued use after changes constitutes acceptance.

12. Contact Information

13. Supervisory Authority

If you have concerns about our data processing, you have the right to lodge a complaint with your local data protection authority.