This policy covers the Mindful Meal Plans iPhone app and the web portal at mindfulmealplan.com. One account, one policy.
Privacy Policy — Mindful Meal Plans
Effective Date: June 2, 2026 Last Updated: June 2, 2026
Mocha's MindLab Inc. ("we," "our," or "us") operates the Mindful Meal Plans mobile application (the "App" or the "Service"). This Privacy Policy explains how we collect, use, share, and protect your information when you use the App.
By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.
1. Information We Collect
Account information
- Name and email address
- Authentication identifiers (email/password, Apple Sign-In identifier, or one-time email codes)
- Profile photo (optional)
Profile and dietary information you provide
- Dietary preferences and restrictions (diet style, allergies, intolerances, dislikes, health conditions)
- Household membership and the role you hold within a household
- Pantry items and inventory you choose to track
Content you create or import
- Shopping lists, list items, categories, notes, and quantities
- Recipes you save, rate, edit, scale, or organize into collections
- Recipe photos and dish photos you upload
- Recipe URLs you import and the extracted content from those URLs
- Text you paste into the App (e.g., Instagram or TikTok captions used for recipe extraction)
- Photos of printed or handwritten recipes you scan
- Fridge or pantry photos you scan with AI features
- Meal plan entries, cooking history, and ratings
Device and usage information
- Device model, operating system version, and language settings
- App version and bundle identifier
- Crash reports and diagnostic logs (when crash reporting is enabled)
- Anonymous usage events (when product analytics is enabled)
The App does not collect your precise location, contacts, advertising identifier (IDFA), or health/fitness data from Apple Health.
Payment information
When in-app purchases are offered, payments are processed by Apple through the App Store and managed via RevenueCat for subscription state. We do not see or store your payment card details, only the status and entitlements of your subscription.
2. How We Use Your Information
- To provide the App's core features: shopping lists, recipes, meal planning, household sharing, and AI assistance
- To sync your data across your devices and to other members of your household
- To personalize recipe and meal-plan suggestions based on your dietary profile and pantry
- To process AI features (recipe extraction, fridge scanning, AI Chef refinements, meal plan generation) by sending the minimum necessary content to our AI provider (see Section 4)
- To send transactional communications (account verification, password reset, invitations)
- To send opt-in notifications (e.g., meal-plan reminders) — you can disable these in your device settings at any time
- To diagnose crashes and improve stability
- To detect abuse, prevent fraud, and enforce our Terms
- To comply with legal obligations
We do not sell or rent your personal information, and we do not use your content to train AI models.
3. Household Sharing
The App is built around shared households. When you invite someone to your household, or accept an invitation to one:
- All members of the household can see and edit shared lists, recipes, meal plans, and pantry items belonging to that household
- Your profile name and email may be visible to other members of your household
- An admin can remove members; removed members lose access to household content going forward
- Deleting your account removes your personal profile, but content you created inside a household may remain visible to the remaining household members
Only invite people you trust with this access.
4. AI Features and What We Send to Our AI Provider
The App uses Anthropic's Claude API to power features including:
- Recipe extraction from URLs and pasted captions
- Recipe scanning from photos (OCR fallback / Vision)
- AI Chef refinement chats
- Fridge and pantry scanning ("what can I make?")
- Meal plan generation and refinement
For each request, we send only the data needed to complete that specific feature (e.g., the recipe URL/text you imported, the photo you scanned, the dietary preferences relevant to the prompt). Anthropic processes this content to return a response.
Per Anthropic's terms, content sent through the Claude API is not used to train their models. Anthropic may retain inputs and outputs for a limited period for abuse-monitoring purposes. See Anthropic's privacy policy for details: https://www.anthropic.com/legal/privacy
We log aggregate metadata about AI calls (timestamps, token counts, estimated cost) for billing and capacity planning. We do not log the full content of your prompts on our own servers beyond what is needed to deliver the response back to the App.
5. Device Permissions
The App will request permission to access:
- Camera — to take photos of recipes, dishes, and fridge/pantry contents
- Photo Library — to upload existing recipe photos and to scan printed recipes you have photographed
- Notifications — to send meal-plan reminders and household invitation alerts (opt-in)
You can grant or revoke any of these permissions at any time in your device's Settings → Mindful Meal Plans.
6. Service Providers and Sharing
We share information only with the service providers required to operate the App:
| Provider | Purpose | Data shared | |---|---|---| | Supabase (database, authentication, realtime, storage) | Hosts your account, content, and photos | Account info, content you create, photos you upload | | Anthropic (Claude API) | Powers AI features | Per-request content; see Section 4 | | Apple (Sign in with Apple, App Store, push notifications) | Authentication, payments, notification delivery | Apple-supplied identifiers, subscription state | | RevenueCat (subscription management, when active) | Manages in-app subscription state | Anonymized user ID, entitlement status | | Sentry (crash reporting, when enabled) | Diagnoses crashes and errors | Crash stack traces, device info, app version | | PostHog (product analytics, when enabled) | Aggregate usage patterns | Anonymized event data |
We may also disclose information when required by law, to enforce our Terms, to protect rights or safety, or in connection with a business transfer (merger, acquisition, or sale of assets).
We do not sell your personal information.
7. Data Location and International Transfers
Your account data and content are hosted on Supabase infrastructure in the Canada Central (ca-central-1) region. AI requests are processed by Anthropic, which may process data in the United States. By using the App, you consent to the processing of your information in these locations.
8. Data Retention
- Account and content data is retained for as long as your account exists.
- Photos you delete are removed from our storage within 30 days.
- Crash and analytics data is retained for up to 90 days in aggregate form.
- When you delete your account, we remove your personal profile and personal content within 30 days, subject to:
- Content you contributed to a shared household may remain accessible to remaining household members
- Backups may retain copies for up to 90 days before being overwritten
- Records we are required by law to keep (e.g., tax records for purchases) may be retained longer
9. Your Rights and Choices
You can:
- Access your data through the App
- Correct your profile and content at any time
- Export your recipes via the cookbook PDF export feature
- Delete your account and personal data from Settings → Advanced → Delete Account (this runs our
delete_my_accountserver function) - Revoke device permissions in your device's Settings
- Disable notifications in your device's Settings
- Cancel any subscription through your Apple ID's Subscriptions screen
Depending on where you live, you may also have rights under PIPEDA (Canada), GDPR (EEA/UK), or CCPA (California), including the right to request a copy of your data or lodge a complaint with a regulator. To exercise these rights, contact us at the address in Section 13.
10. Data Security
We protect your information using:
- TLS encryption for data in transit
- Encryption at rest for our Supabase Postgres database and Supabase Storage buckets
- Row-Level Security (RLS) policies that enforce household-scoped access on every table, and that scope photo uploads/edits/deletes to your household (
recipe-photos) or your account (profile-photos) - Token-based authentication with rotating refresh tokens
- Restricted access to production systems
Note on photo storage: Recipe photos and profile avatars are stored in public Supabase Storage buckets. Writes are restricted (you and your household members can upload to recipes; only you can change your avatar), but the read URLs are unauthenticated — anyone who has the URL can view the image. Do not upload photos you would not want to be viewable by anyone with the link.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately.
11. Children's Privacy
The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.
In some regions the minimum age is higher (e.g., 16 in parts of the EEA). You may use the App only if you meet your jurisdiction's minimum age for consent to data processing.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above and, for material changes, notify you in-App or by email before the change takes effect. Your continued use of the App after a change means you accept the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your information:
Mocha's MindLab Inc. Email: support@mindfulmealplan.com Website: https://mindfulmealplan.com
This policy applies only to the Mindful Meal Plans mobile application. A separate policy may apply to any web services we operate.