← Back to Yummy

Privacy Policy

Last updated: March 17, 2026

1. Introduction

Yummy ("we", "us", or "our") operates the website yummy.cloud and the Yummy mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is Yummy, reachable at [email protected].

3. Data We Collect

We collect the following categories of personal data:

  • Account information: Email address, display name, and password (hashed). If you sign in via Google OAuth, we receive your name and email from Google.
  • Location data: GPS coordinates or manually entered address, used to find nearby supermarkets and provide seasonal produce recommendations.
  • Meal planning data: Household members (names and calorie targets), meal plans, food preferences, cuisine preferences, and shopping lists.
  • Payment information: Subscription and billing data processed by Stripe. We do not store your credit card numbers. Stripe acts as an independent data controller for payment data.
  • Usage data: AI generation counts, feature usage metrics, and application logs used to maintain and improve the Service.

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

  • Providing the Service (contract performance): Generating AI-powered meal plans, shopping lists, and supermarket price comparisons based on your preferences and household configuration.
  • Account management (contract performance): Creating and maintaining your user account, authenticating access, and managing your subscription.
  • Service improvement (legitimate interest): Analyzing usage patterns to improve features, fix bugs, and optimize performance.
  • Communication (legitimate interest / consent): Sending transactional emails related to your account, such as scraper request confirmations.

5. Third-Party Services

We share data with the following third-party processors to deliver our Service:

  • Stripe (payments): Processes subscription payments. Stripe operates as an independent data controller. See Stripe's Privacy Policy.
  • OpenAI / Anthropic (AI generation): Your meal preferences, household configuration, and food preferences are sent to AI providers to generate personalized meal plans and shopping lists. We do not send your email or account credentials. See OpenAI's Privacy Policy and Anthropic's Privacy Policy.
  • Google Maps Platform (location services): Your location data is sent to Google to display maps, find nearby supermarkets, and provide address autocomplete. See Google's Privacy Policy.
  • Resend (email): Your email address is shared with Resend to deliver transactional emails. See Resend's Privacy Policy.

6. Data Retention

  • Account data: Retained for as long as your account is active. When you delete your account, all personal data is permanently removed.
  • Meal plans and preferences: Stored as long as your account exists. You may delete individual plans at any time.
  • AI generation logs: Retained for 90 days for service monitoring and improvement, then automatically deleted.
  • Payment records: Retained by Stripe according to their data retention policies and applicable legal requirements.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access: You can view all your personal data through your profile and plans pages.
  • Right to rectification: You can update your personal information through your profile settings.
  • Right to erasure: You can delete your account and all associated data. Individual meal plans can be deleted at any time.
  • Right to data portability: You can export all your personal data (account, plans, preferences) directly from your profile settings using the "Export my data" button. The export is provided as a machine-readable JSON file.
  • Right to object: You may object to processing based on legitimate interest by contacting us.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, such as the Spanish Data Protection Agency (AEPD).

8. Cookies and Local Storage

Yummy does not use cookies. We use browser localStorage to store your authentication token and user preferences on your device. This data remains on your device and is not transmitted to third parties. The mobile app uses secure on-device storage (SecureStore) for the same purpose.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including: encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), JWT-based authentication, and access controls on our infrastructure. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed by third-party services (OpenAI, Anthropic, Stripe, Google) located outside the European Economic Area (EEA). These transfers are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) or the service provider's participation in recognized data protection frameworks.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: [email protected]

© 2026 Yummy. All rights reserved.