Privacy Policy

Last updated: May 10, 2026

1. Data Controller

The Data Controller responsible for your personal data is the operator of PlanEat.
Location: Italy
Email: support@planeatapp.com

For any questions about this privacy policy or your personal data, contact us at the email address above.

2. Data We Collect

• Account data: Email address and display name when you sign in.
• Dietary data: Meal plans, food preferences, and grocery lists, stored locally on your device.
• Cloud data: Account quota and subscription status, stored on our servers to manage your account.
• AI-processed content: When you use AI features (meal plan import, nutrition estimation), the relevant content is sent to an AI service for processing. This data is processed transiently and is not used to train AI models.
• Anonymous identifier: A random anonymous ID generated on first launch, used for analytics and crash reporting. It is not linked to your identity.

No Health or Medical Data Collected: PlanEat is designed as an organizational tool and does not collect, process, or store Protected Health Information (PHI) under HIPAA or equivalent global medical data laws. Data entered into the app is considered personal lifestyle data, not medical records.

3. Third-Party Services

We use specific third-party services to operate and improve PlanEat. We do not sell your personal data to any third party. Data is shared with these services solely for the following purposes:

• Firebase Authentication & Google Cloud (Google LLC): To manage user sign-in securely and host essential cloud infrastructure.
• Google Gemini (Google LLC): To provide AI features such as extracting meal plans from text/images and estimating nutritional values. The data sent is transiently processed and not used for model training.
• RevenueCat: To securely handle in-app purchases and subscription management across the App Store and Google Play Store.
• PostHog: To collect anonymous usage analytics, helping us understand how the app is used and how to improve it.
• Sentry: For crash reporting and error tracking to identify and fix technical issues promptly.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

• Contract performance (Art. 6(1)(b)): Account management, meal plan storage, subscription management, and AI features that are part of the service you use.
• Legitimate interest (Art. 6(1)(f)): Anonymous usage analytics, crash reporting, and performance monitoring to improve the app. We have assessed that this processing does not override your rights given the anonymous nature of the data collected. You may object to this processing by contacting us at the email above.

5. Data Retention

• Local data: Retained on your device until you delete your account or uninstall the app.
• Cloud data: Deleted when you delete your account via the app (Settings > Delete Account).
• Third-party data: Retained by each service per their own retention policies.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of your personal data.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure / Data Deletion (Art. 17): Request deletion of your data. You can easily delete your account and all associated cloud data directly within the app by navigating to Settings > Delete Account. Alternatively, you can request account deletion by emailing us at support@planeatapp.com. Deleting your account will immediately remove your cloud data from our systems (note: you must still cancel any active subscriptions via the App Store or Google Play Store directly). Local data on your device will be removed when you uninstall the app.
• Right to restriction (Art. 18): Request that we limit processing of your data.
• Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest, including analytics.

To exercise any of these rights, contact us at support@planeatapp.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

7. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). These transfers are protected by EU Standard Contractual Clauses (SCCs) and/or adequacy decisions.

8. US State Privacy Rights (e.g., CCPA)

If you are a resident of California or another US state with applicable privacy laws, you have specific rights regarding your personal information, including the right to know what personal information is collected, the right to delete it, and the right to opt-out of its sale. PlanEat does not sell your personal information. To exercise your privacy rights, please contact us at the email below.

9. Children

PlanEat is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact

For any questions or requests regarding this privacy policy or your personal data:

Email: support@planeatapp.com