Legal

Privacy Policy

Last updated: April 22, 2026

MealSync (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. By using MealSync you agree to the practices described here.

1. Information We Collect

Information you provide

  • Account data: your name, email address, and (if you register with email) a hashed password. We never store passwords in plain text.
  • Profile preferences: diet preset, daily calorie target, weekly food budget, and avatar URL.
  • Content you create: meal plans, shopping lists, AI chat messages, and any other content you add to the platform.
  • Billing information: if you subscribe to a paid plan, payment is processed by Stripe. MealSync does not store full card numbers; Stripe handles all payment data.

Information collected automatically

  • Usage data: pages visited, features used, session duration, and clickstream information collected via cookies and server logs.
  • Device and browser data: IP address, browser type and version, operating system, and device identifiers.
  • Cookies and similar technologies: see Section 4 for full details.

Information from third parties

If you sign in with Google or Apple, we receive your name, email, and profile photo from that provider according to the permissions you grant. We do not receive your passwords from those services.

2. How We Use Your Information

  • To create and maintain your account and provide the MealSync service.
  • To personalize meal suggestions, nutrition tracking, and AI-powered recommendations.
  • To process subscription payments and manage your billing through Stripe.
  • To send transactional emails (e.g., account verification, password reset). We do not send marketing emails without your explicit opt-in.
  • To improve the platform — analyzing usage patterns helps us fix bugs and build better features.
  • To serve relevant advertisements via Google AdSense (see Section 5).
  • To comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal data. We share information only in these circumstances:

  • Service providers: we use trusted third parties to operate the service, listed in Section 6. They receive only the data needed to perform their function.
  • Legal requirements: we may disclose data when required by law, subpoena, or to protect the rights, property, or safety of MealSync, our users, or the public.
  • Business transfers: if MealSync is acquired or merges with another company, your data may transfer to the new entity. We will notify you before that happens.
  • With your consent: we will share data in any other way if you give us explicit permission.

4. Cookies and Tracking Technologies

We use cookies (small text files stored on your device) and similar technologies to operate and improve MealSync, and to serve advertising.

Essential cookies

Required for the service to function — authentication sessions, CSRF protection, and preference storage. These cannot be disabled without breaking the site.

Analytics cookies

Help us understand how visitors interact with MealSync (pages visited, time spent, errors encountered). Data is aggregated and anonymized where possible.

Advertising cookies

We use Google AdSense to display advertisements. AdSense may set cookies including the DART cookie, which enables Google to serve ads based on your visits to MealSync and other sites on the internet. You may opt out of the DART cookie by visiting Google Ad Settings. Third-party ad vendors may also use cookies in accordance with their own privacy policies.

We display our cookie consent banner to all visitors. Advertising cookies are only set after you accept. You can withdraw consent at any time by clearing your browser cookies and re-visiting the banner.

Managing cookies

You can control cookies through your browser settings. Blocking all cookies may affect your ability to log in and use MealSync features. To opt out of interest-based advertising from participating companies, visit the Network Advertising Initiative opt-out page.

5. Google AdSense and Advertising

MealSync is a participant in the Google AdSense program. Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to you based on your visit to our site and other sites on the internet.

Key facts about AdSense on MealSync:

  • Ads are only loaded after you accept cookies via our consent banner.
  • Google may collect data about your browsing behavior to serve personalized ads. This is governed by Google’s Privacy Policy.
  • You can opt out of personalized advertising at google.com/settings/ads.
  • We do not share personally identifiable information with Google for advertising purposes beyond what AdSense collects through its own cookies.

6. Third-Party Services

The following third-party services process data on our behalf:

ServicePurposePrivacy Policy
CloudflareCDN, edge compute, DNS, Hyperdrive database proxyView policy
Supabase / PostgreSQLDatabase — stores your account, meal plans, and app dataView policy
StripePayment processing for paid subscriptionsView policy
AnthropicAI meal planning suggestions (Pro plan only)View policy
Google AdSenseDisplay advertisingView policy
Google OAuthOptional sign-in with GoogleView policy

7. Data Storage and Security

Your data is stored on self-hosted PostgreSQL servers located in the United States and proxied through Cloudflare’s global network. We apply industry-standard security practices including encrypted connections (TLS), hashed passwords (bcrypt), and access controls.

No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.

We retain your data as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law (e.g., financial records required by Stripe or tax authorities).

8. Your Rights

All users

  • Access & correction: you can view and update your name, email, avatar, and preferences at any time in Settings.
  • Deletion:you can permanently delete your account from Settings → Danger Zone. This removes your profile, meal plans, and all associated data.
  • Data portability: contact us at privacy@mealsync.app to request a copy of your data in a machine-readable format.

EU / EEA residents (GDPR)

Under the General Data Protection Regulation you have additional rights: the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is contract performance (to provide the service), legitimate interests (security, analytics), and consent (advertising cookies).

California residents (CCPA)

Under the California Consumer Privacy Act, California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. MealSync does not sell personal information. To exercise any CCPA rights, email privacy@mealsync.app.

9. Children's Privacy

MealSync is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you by email or by a notice on MealSync. Your continued use of the service after a change constitutes acceptance of the updated policy.

11. Contact Us

Questions or requests about this Privacy Policy? Reach us at:

MealSync
privacy@mealsync.app
https://mealsync.app
Terms of ServiceAbout