Privacy Policy
Effective date: 2026-06-18.
This policy explains how the MealRadar mobile app ("MealRadar", "the app", "we") handles your information. It is written in plain language and reflects how the app behaves today. If our data practices change, we will update this page.
Data stored locally on your device
Most of your content is stored only on your device and is not uploaded to our servers. This includes:
- Pantry items
- Saved recipes
- Saved meal plans
- Shopping list
- Shopping habits and recommendation data
- App settings and preferences (such as diet, allergies, theme, and language)
Because this data is stored locally, it is not currently backed up or synced to your account or the cloud. If you uninstall the app, clear its storage, or lose or replace your device, this data may be lost. Cloud backup and sync are not currently available.
Account and authentication data
You can use MealRadar as a guest (anonymous) user, or create an account. Account and authentication features are provided through Supabase. If you create or sign in to an account, data needed for authentication (such as your email address and an account identifier) is processed by Supabase to manage your session. Guest use relies on an anonymous session identifier.
AI features
When you use an AI feature (for example, generating recipe or meal-plan suggestions), relevant inputs you provide — such as pantry items, preferences, allergies, and diet selections — may be sent to our backend to generate suggestions. The app reaches the AI provider (OpenAI) through a Supabase Edge Function on the backend; the app does not call OpenAI directly. The backend also enforces a per-user usage quota. When you use scan-based AI features, the photo or camera image you choose to scan may also be sent to our backend and the AI provider (OpenAI) only to process the scan you requested.
AI suggestions are estimates and conveniences. They are not medical, nutritional, dietary, or allergy advice, and we do not guarantee that suggestions are safe or suitable for you. Always review food safety and allergy suitability yourself.
Account deletion
You can delete your account from inside the app (Home → Account drawer → Delete Account → confirm). Deleting your account removes your Supabase account and clears MealRadar app data stored on that device after the account is removed. To prevent abuse of our free AI credits, we may keep a minimal pseudonymous anti-abuse record after deletion — only a server-side hashed (HMAC) form of your email address and a count of free AI generations used. It does not include your raw email, pantry items, recipes, meal plans, shopping lists, prompts, or account profile data. See the Account & Data Deletion page for details.
Selling data, ads, and tracking
We do not sell your personal data. The app does not include third-party advertising. We do not use third-party analytics or advertising trackers in the app.
Children and users under 18
MealRadar is intended for a general audience and is not directed to children. We do not knowingly collect personal information from children, do not behaviorally monitor children, and do not target ads to children. MealRadar has no ads.
In India, users under 18 should not create an account, use AI features, or purchase Premium unless and until MealRadar implements a verifiable parental-consent flow. Local-only guest use does not require an account, but users under 18 should use the app only with the involvement of a parent or guardian. If you believe a child has provided personal information, please contact us so we can address it.
Data we process and why
In plain terms, the categories of personal data MealRadar may process and the purposes for each are:
- Account data (email / authentication identifiers) — account creation, sign-in, security, and account deletion.
- Local app data (pantry, shopping list, saved recipes, meal plans, settings) — stored on your device to provide app features.
- AI request content (selected pantry / recipe / meal-plan context) — sent to our backend and the AI provider only to generate the AI output you requested.
- Subscription data (RevenueCat / Apple entitlement and transaction-related identifiers) — Premium access, restoring purchases, and subscription management.
- Support emails (your messages and email address) — support, data-rights, and grievance handling.
- Diagnostics / crash data (Sentry event data) — debugging, reliability, and security; no default collection of personal identifiers (PII).
- Security / technical logs (backend, authentication, and function logs) — security, abuse prevention, troubleshooting, and legal compliance.
Service providers we use
MealRadar may rely on the following providers, which process data only as needed for these purposes:
- Supabase — authentication, backend, database, and Edge Functions.
- OpenAI — the AI API used to generate recipe and meal-plan suggestions.
- OpenFoodFacts — public food-product database used for barcode lookups. When you scan or enter a barcode, only the barcode number needed for the lookup is sent to OpenFoodFacts; MealRadar does not send your email address, account ID, pantry list, photos, or other app content to OpenFoodFacts.
- RevenueCat and Apple — subscriptions and purchase / entitlement handling.
- Sentry — crash and error monitoring.
- Brevo — authentication and support-related email delivery, where applicable.
These providers may retain limited records in line with their own security, abuse-prevention, billing, legal, or compliance obligations. We do not control and cannot guarantee deletion of a provider's internal records.
Data retention
We delete or de-identify personal data we control when it is no longer needed, when you withdraw consent, or when you request deletion — unless we need to retain it for security, billing, legal compliance, dispute handling, fraud or abuse prevention, or another lawful reason. We do not intentionally store AI prompts or outputs on our servers unless needed for security, debugging, or legal reasons.
OpenAI may retain API data for limited service and abuse-monitoring periods under its own policies; we cannot directly delete OpenAI's internal logs. Apple and RevenueCat may retain transaction records needed for billing, tax, fraud prevention, refunds, and legal compliance.
India — Digital Personal Data Protection (DPDP)
MealRadar processes digital personal data only to provide app features, account access, AI requests, subscriptions, support, security, and legal compliance. We are working toward DPDP readiness; this page does not claim certification or guaranteed full compliance.
If you are in India, you can contact support@mealradar.xyz to request access, correction, updating, deletion or erasure of your data, withdrawal of consent, to raise a grievance, or for nomination-related requests. We aim to respond to data-rights and grievance requests within 90 days, unless a shorter period is required by applicable law.
Data breach
If we become aware of a personal data breach affecting users, we will notify affected users and/or the relevant authorities where required by applicable law. For any questions, contact support@mealradar.xyz.
Contact
Questions about this policy or your data: support@mealradar.xyz.