Version 2026-03-22 · Last updated: 22 March 2026
Mealwise is operated by Tenth Bridge Consulting Ltd, a company registered in England and Wales (“we”, “us”, “our”). We are the data controller for the personal data we process through the Service.
For any questions about this policy or to exercise your data rights, please contact us at: privacy@mealwise.guru
We collect and process the following categories of personal data:
| Data Category | What We Collect | Lawful Basis (GDPR Art. 6) |
|---|---|---|
| Account information | Email address, display name, password (hashed), profile preferences | Contract performance |
| Recipe content | Recipes you create, import, or photograph, including ingredients, steps, notes, adaptations, and photos | Contract performance |
| Organisation data | Collections, meal plans, shopping lists, cooking history, person tags, saved filters | Contract performance |
| Family data | Family group membership, sharing permissions, invite codes | Contract performance |
| AI interactions | Recipe content sent for AI analysis (dietary, nutritional, allergen, flavour, cost, meal building, leftover guidance), Chef Chat messages | Contract performance & consent |
| Payment data | Stripe customer ID, subscription status, billing history. We never store your card details. | Contract performance |
| Consent records | Timestamps and versions of your acceptance of Terms, Privacy Policy, and disclaimers | Legal obligation |
| Technical data | IP address, browser type, device information, access times, error logs | Legitimate interests (service reliability & security) |
We do not collect any special category data (such as health data, racial or ethnic origin, or religious beliefs) as defined by GDPR Article 9. While you may voluntarily enter dietary preferences (e.g. halal, kosher, vegan), we treat these as recipe preferences, not as special category data about your personal beliefs or health.
We will never sell your personal data to third parties. We do not use your data for advertising or marketing profiling.
We share your data with the following third-party processors, each of which is bound by a Data Processing Agreement (DPA):
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication, file storage | All account and recipe data | US (AWS) |
| Vercel | Web application hosting, serverless functions | Technical/request data | US/Global CDN |
| Stripe | Payment processing | Email, billing info (not card details stored by us) | US/Ireland |
| Anthropic | AI features (Claude API) | Recipe content sent for analysis. Not used for AI model training. | US |
Some of our processors are based in the United States. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission, or adequacy decisions where applicable.
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
Under the UK GDPR, EU GDPR, and other applicable data protection laws, you have the following rights:
To exercise any of these rights, use the self-service tools in Settings or contact us at privacy@mealwise.guru. We will respond within 30 days (or one calendar month under GDPR).
You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
In addition to the GDPR rights above, you may have additional rights depending on where you live:
Your rights are governed by the UK GDPR and the Data Protection Act 2018. You may contact the ICO if you are dissatisfied with how we handle your data.
Your rights are governed by the EU GDPR (Regulation 2016/679). You may contact your national data protection authority. Where we transfer your data outside the EEA, we rely on Standard Contractual Clauses or adequacy decisions.
If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell your data); and non-discrimination for exercising your privacy rights.
If you reside in Virginia, Colorado, Connecticut, Utah, or other US states with consumer privacy laws, you may have similar rights to access, correct, delete, and obtain a copy of your personal data. Contact us to exercise these rights.
We aim to respect the privacy rights of all our users regardless of location. If your local laws grant you additional rights not covered above, please contact us and we will do our best to accommodate your request.
Mealwise uses only essential cookies required for authentication and session management. We do not use tracking, advertising, or third-party analytics cookies. For full details, see our Cookie Policy.
Mealwise is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete it promptly.
In the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect data from children under 13. In the UK, we have regard to the ICO's Age Appropriate Design Code.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-app notice at least 14 days before the changes take effect. The version number and “Last updated” date at the top of this page reflect the most recent revision. We may ask you to re-accept the updated policy before continuing to use the Service.
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to make a complaint, please contact us:
Tenth Bridge Consulting Ltd
Data Protection Contact: privacy@mealwise.guru