Privacy Policy
Last updated:
The short version
MealMaestro helps you cook several recipes at once. We built it privacy-first. Here is the whole story in plain English — the full policy below just says the same things more precisely.
- We collect only what the app needs to work: your account, the recipes you save, and (when those features ship) your cooking sessions, your subscription status, and basic product analytics and crash reports.
- We never sell your data, and we never use it for advertising. There are no ad SDKs, no advertising identifiers, and no third-party tracking pixels in MealMaestro — on any platform.
- AI features send only what’s needed to answer you. When you use an AI feature, your question and the recipe step you’re on go to our AI provider (Anthropic). Your account, identity, and recipe history do not.
- You’re in control. You can export all your data as JSON, opt out of product analytics, and delete your account and everything in it with one action. Deletion is permanent.
- You can use MealMaestro without an account. Data in an anonymous session lives on your device until you choose to create an account.
- Questions? Email us at hello@mealmaestro.app.
The full policy
1. Who we are
MealMaestro (“MealMaestro,” “we,” “us”) is a multi-recipe cooking app for iOS, Android, and the web. MealMaestro is operated by Joe Cucci. (An Ohio LLC will be formed before launch; this controller name will be updated to the LLC at that time.)
You can reach us at hello@mealmaestro.app.
2. Data we collect
We collect the following categories of data. Some features are still in development; where that’s the case, we say so.
- Account data. Your email address, a securely hashed password, and an optional display name. You can also use MealMaestro anonymously, in which case your account is a device-bound anonymous identity with no email until you choose to sign up.
- Recipe content. The recipes you create or import: titles, descriptions, source URLs, serving counts, ingredients, and step instructions. This is data you provide.
- Cooking sessions (roadmap — not yet collected). When cook mode ships, we’ll store the cooking sessions you run: the coordinated timeline and per-step events (such as when a step is started or marked done) needed to guide you through cooking.
- Subscription and billing data (roadmap — not yet collected). If you subscribe to premium, we store your subscription tier, status, and renewal date. Payments are handled by our payment processors (see §6); we never receive or store your full card number.
- Product analytics (planned). Anonymous, product-only usage events (for example, “a multi-recipe cook was started”) with no personal identifiers. You can opt out.
- Diagnostics (planned). Crash and error reports to keep the app working. We scrub recipe text and anything you type out of these reports. You can opt out.
3. What we do not collect
We deliberately leave these out, on every platform:
- No advertising identifiers (no IDFA), and we never present Apple’s App Tracking Transparency prompt because we have nothing to track.
- No advertising SDKs and no ad networks.
- No third-party tracking pixels or cross-site/cross-app trackers.
- No behavioral profiling or audience targeting.
4. How we use your data
We use your data only to operate and improve the app: to authenticate you, store and sync your recipes, build and run cooking timelines, provide AI assistance you request, manage your subscription, and fix bugs. We do not use your data for advertising, and we do not sell it.
5. AI features and our AI provider
Some MealMaestro features use AI — for example, parsing a recipe from a URL, understanding a voice command, or answering a cooking question while you cook. These features are powered by Anthropic (the Claude API).
- What is sent to Anthropic: the specific input the feature needs — your question and the current recipe step’s context for Q&A, the recipe text for parsing, or your spoken command for voice control.
- What is not sent: your account or identity, your full recipe library, or other users’ data.
- Training: Anthropic does not use your data to train its models. Inputs are subject only to the provider’s standard short-term retention for abuse monitoring. We are pursuing a zero-data-retention arrangement with the provider before launch where available.
6. Who we share data with (sub-processors)
We don’t sell or rent your data. We share it only with the service providers (“sub-processors”) that make the app work, and only as much as each one needs.
| Sub-processor | What they handle | What they receive | Status |
|---|---|---|---|
| Supabase (& AWS) | Database, auth, hosting | All account and recipe data, stored in the US (Ohio) | Active |
| Anthropic | AI features (Claude API) | Only the feature input described in §5 | Active |
| Stripe | Web subscription payments | Billing details and subscription status; never to us | Planned |
| RevenueCat | Mobile in-app purchases | Purchase/entitlement state and device purchase data | Planned |
| Sentry | Crash and error diagnostics | Error reports, scrubbed of recipe text and your inputs | Planned |
| PostHog | Product analytics, no PII | Anonymous, product-only usage events | Planned |
| Resend | Transactional email | Your email address, to send account/transactional email | Active |
Each provider processes data under its own privacy policy. “Planned” sub-processors are not yet integrated; this section will be kept current as features ship.
7. Data retention
We keep your account and recipe data for as long as your account exists. If we cache a parsed recipe to speed up imports, that cache entry expires after 90 days. When you delete your account, we permanently delete your data — we do not keep a soft-deleted copy. AI inputs are retained only briefly by our AI provider for abuse monitoring, as described in §5.
8. Your rights and choices
- Export. You can request a JSON export of all your data from in-app Settings.
- Delete. You can delete your account and all associated data with one action in Settings. This cascades across recipes, cooking sessions, and related records, and is permanent and irreversible.
- Opt out of analytics. You can turn off product analytics in Settings.
- Access and correction. You can view and edit your recipes, profile, and preferences directly in the app.
9. Children’s privacy
MealMaestro is intended for a general audience and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at hello@mealmaestro.app and we will delete it.
10. Data location and international users
Your data is stored in the United States (Supabase, AWS us-east-2, in Ohio). We
do not block users outside the US, but at this time we make no jurisdiction-
specific commitments (for example, under the GDPR). If you use MealMaestro from
outside the US, you consent to your data being processed in the US.
11. How we protect your data
Every database table that holds user data is protected by row-level security, so each account can access only its own data. Calls to third-party services are made from our backend, never directly from your device, so privileged keys stay on the server.
12. Changes to this policy
We may update this policy as the app evolves. When we make a material change, we’ll update the “Last updated” date above and, where appropriate, notify you in the app.
13. Contact
Questions about this policy or your data? Email hello@mealmaestro.app.