Privacy Policy

Version 1.1 — Last updated: 16 April 2026

This Privacy Policy explains what information Meal Hack collects, how we use it, who we share it with, and the choices you have. It is aligned with the South African Protection of Personal Information Act (POPIA) and the EU General Data Protection Regulation (GDPR).

1. Information We Collect

1.1 Account Information

  • Email address
  • Password (stored as a one-way hash)
  • Username (optional)
  • Name, phone number, date of birth, and avatar (all optional, set in your profile)
  • OAuth identifiers when you sign in with Google or Apple (email, name; Apple may issue a private relay email)

1.2 Preferences and Profile Data

  • Unit system, currency, weekly budget
  • Location you enter (country, state/province, city, postal code) — we do not request GPS access
  • Food preference profiles: cuisines, allergens, dietary restrictions, and dislikes you choose to enter, including any custom free-text entries
  • Meal plans, recipes, smart meals, shopping lists, and favourites generated for you or saved by you
  • Free-text feedback you provide when regenerating a meal

1.3 Photos You Upload

If you use the photo features, the images you upload are stored in our cloud storage and sent to vision AI models for ingredient and meal recognition. You can delete images by removing the related smart meal or by deleting your account.

1.4 Device and Diagnostic Data

  • Device model, operating system version, and app version
  • A randomly-generated installation identifier used to deliver push notifications
  • Push notification tokens issued by Apple, Google, or Expo
  • Crash reports, error stack traces, and limited session breadcrumbs collected by our error-tracking provider — authentication tokens, passwords, and other secrets are scrubbed automatically

1.5 Usage Data

  • In-app interactions, screen views, and feature events such as sign-up, login, generate meal plan, add to shopping list
  • Real-time generation progress is transmitted to your device over a secured WebSocket connection

1.6 Web Marketing Site (Cookies)

On our marketing website only, and only with your cookie consent, we may collect analytics events via Google Analytics, Meta Pixel, and Google Ads. You can decline or change this consent at any time from the cookie banner.

1.7 What We Do Not Collect

  • No GPS or background location
  • No contacts, calendar, microphone, or HealthKit data
  • No advertising identifier (IDFA) or App Tracking Transparency tracking
  • No biometric data
  • No body metrics, weight, BMI, menstrual-cycle data, or medical-condition data

2. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Generate meal plans, recipes, smart meals, and shopping lists
  • Personalise recommendations based on your stated preferences
  • Process payments and manage your subscription
  • Send you transactional and product notifications
  • Diagnose errors, improve reliability, and develop the platform
  • Comply with legal obligations

3. AI and Automated Processing

Meal Hack uses artificial intelligence to generate meal plans, recipes, images, ingredient lists, and other content. Inputs are processed via AWS Bedrock and related providers, using models from Anthropic, Meta, Mistral, Amazon, Qwen (Alibaba), and Stability AI. Photos you upload are sent to vision-capable models for ingredient extraction. Free-text feedback you provide when regenerating meals may be retained and used to influence future generations for your account.

You should be aware that:

  • Recommendations are generated automatically without human review
  • Outputs depend on the inputs you provide
  • Results may vary and may contain inaccuracies

You always retain the ability to ignore, edit, or regenerate AI outputs.

4. Advertising and Recommendations

We do not sell your personal information and we do not engage in cross-app behavioural advertising. Within the app you may see contextual product or recipe recommendations based on your stated preferences. On our marketing website, with your cookie consent, we run conversion-tracking pixels (Google Ads, Meta Pixel) and analytics (Google Analytics).

5. Who We Share Data With

We rely on a small number of trusted service providers to run Meal Hack. Each processes only the data necessary for its role:

  • Stripe — subscription billing, payment processing, customer portal
  • AWS Cognito, Google, Apple — sign-in and identity
  • Amazon Web Services — application hosting, file storage (S3), database infrastructure, content delivery, real-time messaging
  • Supabase — primary application database
  • AWS Bedrock and the underlying model providers (Anthropic, Meta, Mistral, Amazon, Qwen, Stability AI) — AI inference
  • Firebase Analytics — mobile in-app event analytics
  • Google Analytics, Meta Pixel, Google Ads — marketing analytics on our website only, gated by cookie consent
  • Sentry — crash and error diagnostics
  • Expo — push notification delivery
  • GitHub — feedback you submit may be turned into engineering issues

We may also share fully anonymised, aggregated data that cannot reasonably be used to identify you.

6. Legal Basis (POPIA & GDPR)

We process personal information on the following bases:

  • Your consent (e.g. optional profile fields, photo upload, marketing analytics on web)
  • Performance of our contract with you (delivering the service you signed up for)
  • Our legitimate business interests (security, fraud prevention, product improvement)
  • Compliance with legal obligations

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct or update inaccurate information
  • Delete your personal information
  • Receive a copy of your data in a portable format
  • Withdraw consent or object to processing
  • Lodge a complaint with the South African Information Regulator or your local data-protection authority

To exercise any of these rights, email our Information Officer at reganvanh@gmail.com or admin@meal-hack.com. We will acknowledge your request and respond within 30 days.

8. Data Retention

We retain your personal information for as long as is necessary to provide the service to you and to meet our legal, accounting, and reporting obligations. You may request deletion of your account at any time from in-app Settings or by emailing us.

Some of our service providers (for example Stripe and AWS) may retain transactional or technical records under their own retention policies and legal obligations after your account has been deleted. Anonymised, aggregated data may be retained indefinitely.

9. Security

We use industry-standard safeguards including HTTPS in transit, encrypted secrets management, scoped database access, hashed passwords, secure on-device storage of authentication tokens (iOS Keychain / Android Keystore), and Stripe (PCI-DSS) for payment-card handling. No card number ever reaches our servers. No system is completely secure, however, and we cannot guarantee absolute security.

10. Breach Notification

If we become aware of a security incident that compromises your personal information, we will notify you and, where required, the South African Information Regulator as soon as reasonably possible, in accordance with POPIA Section 22.

11. Children's Privacy

Meal Hack is intended for users 18 years and older. Users under 18 may use the Platform only with verified parental or guardian consent. We do not knowingly collect personal information from children under 13.

12. International Transfers

Your information may be processed and stored outside South Africa, including in the United States and the European Union, by the service providers listed above. We rely on each provider's contractual safeguards (such as the EU Standard Contractual Clauses) to ensure your data continues to be protected.

13. Cookies and Local Storage

On the mobile app we use:

  • Secure on-device storage (Keychain / Keystore) for your authentication tokens
  • Local app storage for cached content, draft inputs, and an installation identifier used for push notifications

On the web marketing site we use cookies for:

  • Functionality (remembering your consent choice)
  • Analytics and conversion tracking — only with your consent, which you can change from the cookie banner

You can revoke camera, photo-library, and notification permissions at any time from your device settings.

14. Updates to This Policy

We may update this Privacy Policy from time to time. The version number and date at the top of this page will change when we do. Material changes will be communicated in-app and may require renewed acceptance.

15. Contact and Information Officer

Information Officer (POPIA): Regan van Heerden
Email: reganvanh@gmail.com
Phone: +27 64 685 9637

General queries: admin@meal-hack.com

View Terms and Conditions