Privacy Policy
Last updated: January 26, 2025
Table of Contents
This Privacy Policy is designed to comply with GDPR, CCPA, and other applicable privacy regulations.
1. Introduction
GLP-1 Meal Companion ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.
By using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
Account Information
- Name and email address
- Password (encrypted)
- Account preferences and settings
Profile Information
- GLP-1 medication type (e.g., Ozempic, Wegovy, Mounjaro, Zepbound)
- Dietary preferences and restrictions (vegetarian, vegan, keto, etc.)
- Food allergies and intolerances
- Daily protein goals
- Food preferences and dislikes
Usage Data
- Chat messages and conversation history with our AI
- Menu scans and uploaded images
- Saved favorites and meal recommendations
- Feature usage patterns and interactions
Device and Technical Data
- IP address and approximate location
- Browser type and version
- Device type and operating system
- Referring URLs and pages visited
- Date and time of access
3. How We Use Information
We use your information to:
- Provide personalized meal recommendations based on your medication, dietary needs, and preferences
- Process and respond to your chat messages using AI-powered assistance
- Analyze menu scans and suggest suitable options
- Manage your account and subscription
- Process payments securely through Stripe
- Send service-related communications (account updates, billing notices)
- Improve our Service through aggregated, anonymized analytics
- Ensure security and prevent fraud
- Comply with legal obligations
4. AI/ML Data Disclosure
Important AI Disclosure
Your chat messages are processed by Anthropic's Claude AI to generate meal recommendations. We have a data processing agreement with Anthropic that prohibits them from using your data to train their AI models.
When you chat with GLP-1 Meal Companion:
- Your messages are sent to Anthropic's Claude API to generate responses
- Your profile information (medication type, dietary preferences) is included to personalize recommendations
- Anthropic does NOT use your data to train their AI models
- We do NOT use your personal data to train our own AI models
- Chat history is stored in our database (Supabase) to provide conversation continuity
For more information about Anthropic's data practices, please review Anthropic's Privacy Policy.
5. Information Sharing
We share your information only with:
Service Providers
- Supabase: Database hosting and authentication services (stores your account and profile data)
- Stripe: Payment processing (handles billing securely; we do not store your credit card information)
- Anthropic: AI services (processes chat messages to generate recommendations)
- Vercel: Application hosting and infrastructure
Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests, such as court orders, subpoenas, or government regulations.
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and the choices you have regarding your data.
We do NOT sell your personal data to third parties for advertising or marketing purposes. Ever.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide you with our Service:
- Account data: Retained until you delete your account
- Chat history: Retained for up to 2 years to provide conversation continuity
- Payment records: Retained for 7 years for tax and legal compliance
- Analytics data: Aggregated and anonymized after 90 days
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.
8. Data Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.3
- Data at rest is encrypted using AES-256 encryption
- Passwords are hashed using bcrypt with salt
- Regular security audits and vulnerability assessments
- Access controls and authentication for all systems
- Payment processing handled by PCI-DSS compliant Stripe
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under GDPR:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@glp1mealcompanion.com. We will respond within 30 days.
10. California Privacy Rights (CCPA)
California residents have the following rights under CCPA:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: Receive equal service and pricing
To exercise these rights, contact us at privacy@glp1mealcompanion.com or use our in-app data management tools.
11. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 13, we will delete that information promptly.
12. International Data Transfers
Your information may be transferred to and maintained on servers located outside of your country of residence, where data protection laws may differ.
For transfers from the EEA to countries not deemed adequate by the European Commission, we use:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with our service providers
- Technical and organizational security measures
13. Health Information Notice
Sensitive Health Information
Information about your GLP-1 medication usage is considered sensitive health information. We treat this data with extra care and security.
While GLP-1 Meal Companion is not a covered entity under HIPAA, we recognize the sensitive nature of health-related information and commit to:
- Never sharing your medication information with advertisers
- Encrypting all health-related data
- Providing easy deletion of health information upon request
- Limiting access to health data to essential personnel only
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email for significant changes
- Display a notice within the application
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Privacy Inquiries
privacy@glp1mealcompanion.comData Requests (GDPR/CCPA)
dpo@glp1mealcompanion.comRelated documents: