Privacy Policy

1. Who We Are

SundayMeals (“we,” “us,” or “our”) operates the meal planning platform available at sunday-meals.com (“the Service”). We connect food creators with people who want personalized weekly meal plans, grocery lists, and access to creator recipe libraries.

This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information. If you have questions, contact us at hello@sundaymeals.com.

2. Information We Collect

Information you provide directly

• Account registration: Email address and password when you create an account.
• User preferences: Dietary restrictions, allergies, cuisine preferences, budget, household size, cooking skill level, and equipment — collected during onboarding to personalize your meal plans.
• Creator profiles: Name, handle, bio, avatar, banner image, and social media links if you create a creator account.
• Recipe content: Recipes, photos, instructions, and nutritional information uploaded by creators.
• Payment information: Billing details are collected and processed by Stripe. We do not store full credit card numbers on our servers.
• Communications: Messages you send us via the contact form or email.

Information collected automatically

• Usage data: Pages visited, features used, meal plans generated, recipes saved, and session timing.
• Device information: Browser type, operating system, screen resolution, and IP address.
• Cookies and local storage: Session tokens (required for login), preference data, and anonymous usage identifiers.

Information from third parties

• Supabase: Our authentication and database provider. Supabase processes your account credentials and stores your data in secure, encrypted databases hosted on AWS.
• Stripe: Our payment processor. Stripe may share transaction confirmation and subscription status with us.
• OpenAI: Recipe and meal plan generation uses OpenAI's API. We send anonymized preference data (diet type, cuisine, time constraints) to generate plans. We do not send your name or email to OpenAI.

3. How We Use Your Information

• To create and manage your account
• To generate personalized weekly meal plans based on your stated preferences
• To build and display your grocery lists
• To process subscription payments and manage access to premium features
• To display creator profiles, recipes, and subscriber counts
• To send transactional emails (account confirmation, subscription receipts)
• To respond to support and contact requests
• To improve the accuracy of AI-generated meal plans over time
• To detect and prevent fraud or abuse

We do not sell your personal information to third parties. We do not use your data for advertising networks or behavioral tracking across other websites.

4. Cookies

We use cookies and similar technologies for the following purposes:

• Authentication: Session cookies that keep you logged in across page loads. These are strictly necessary and cannot be disabled without breaking the service.
• Preferences: Local storage values that remember your UI preferences (e.g., dark mode, filter state).
• Analytics: If we introduce analytics tools in the future, we will update this policy and provide opt-out mechanisms.

You can clear cookies and local storage data at any time through your browser settings. This will log you out and reset your locally-stored preferences.

5. Data Sharing

We share data only in these limited circumstances:

• Service providers: Supabase (database and auth), Stripe (payments), OpenAI (AI plan generation), and Vercel (hosting). Each operates under their own privacy policies and data processing agreements.
• Creator visibility: If you are a creator, your handle, bio, avatar, and published recipes are visible to all site visitors, including unauthenticated users.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users in advance.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or financial compliance (e.g., payment records, which Stripe retains per their policy).

Anonymized or aggregated data (e.g., aggregate recipe popularity counts) may be retained indefinitely as it cannot be used to identify you.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and personal data.
• Portability: Request your data in a portable format (we will provide a JSON export of your meal plans, preferences, and saved recipes).
• Objection: Object to processing of your data for any purpose beyond delivering the core service.

To exercise any of these rights, email us at hello@sundaymeals.com with “Data Request” in the subject line. We will respond within 30 days.

8. Children's Privacy

SundayMeals is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS), encrypted database storage, and access controls limiting which team members can access user data. Payment processing is handled entirely by Stripe, which is PCI-DSS compliant.

No system is completely secure. We cannot guarantee absolute security, and we encourage you to use a strong, unique password for your account.

10. Changes to This Policy

We may update this Privacy Policy as the Service evolves. When we make material changes, we will update the “Last updated” date at the top of this page and, for significant changes, notify registered users by email. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy or how we handle your data: