Privacy & Cookie Policy
How we collect, use, and protect your personal data in accordance with EU Regulation 2016/679 (GDPR).
Data Controller
The Data Controller for personal data collected through MealApp is:
- Name: MealApp
- Country of establishment: Belgium
- Company registration number (BCE): BE 1034.892.802
We respond within 30 days of receipt, as required by Art. 12 GDPR.
Personal Data We Collect
MealApp collects the following categories of personal data:
| Category | Data Collected |
|---|---|
| Identification data | First name, last name, email address, phone number |
| Account data | Login credentials (email + encrypted password), account preferences |
| Delivery data | Full delivery/shipping address |
| Payment data | Billing details (processed by Stripe – MealApp never sees or stores full card data) |
| Health data / Allergies | Allergy and dietary intolerance information entered in order notes (e.g. celiac disease, nut allergy) |
| Browsing data | IP address, browser type, operating system, pages visited, access timestamps |
| Marketing data | Email address and preferences for newsletter delivery (only with explicit consent) |
Purposes and Legal Basis for Processing
For each processing activity, we indicate the applicable legal basis under the GDPR:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation and service delivery | Art. 6.1(b) – Performance of a contract |
| Order processing and payments | Art. 6.1(b) – Performance of a contract |
| Allergy management and food safety | Art. 9.2(a) – Explicit consent |
| Invoicing and tax compliance | Art. 6.1(c) – Legal obligation |
| Newsletter and marketing communications | Art. 6.1(a) – Explicit consent |
| Traffic analysis via Google Analytics | Art. 6.1(a) – Consent (via cookie banner) |
| Geolocation and delivery distance calculation (Maps) | Art. 6.1(b) – Performance of a contract |
| Service security and fraud prevention | Art. 6.1(f) – Legitimate interest |
Third Parties and Data Processors
MealApp uses the following external providers, each of whom processes data exclusively on behalf of and under the instructions of MealApp:
Data Retention Periods
| Data Category | Retention Period |
|---|---|
| Account data | For the duration of the contract + 12 months after deletion |
| Allergy / health data | Strictly for the duration of the order; deleted upon completion |
| Tax data (invoices, orders) | 7 years (Belgian legal obligation, Art. III.86 Code of Economic Law) |
| Marketing / newsletter data | Until consent is withdrawn (unsubscribe) + 30 days |
| Browsing / analytics data | 14 months (Google Analytics default setting) |
| Security logs | 90 days |
Your Rights
As a data subject under the GDPR, you have the following rights, which you can exercise at any time by writing to team@mealapp.app:
Minors
MealApp is not intended for persons under the age of 16 (Art. 8 GDPR). We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided personal data, please contact us immediately at team@mealapp.app to request deletion.
Changes to This Privacy Policy
MealApp reserves the right to update this Privacy Policy to reflect changes to the service or applicable law. In the event of material changes, users will be notified via email or in-app notice with at least 15 days’ notice.
What Are Cookies
Cookies are small text files that websites store on a user’s device during browsing. They allow the site to remember actions and preferences over time, so users don’t have to re-enter them on each visit.
MealApp uses both first-party and third-party cookies. You can manage or disable non-essential cookies via the banner shown on first access, or through your browser settings, without affecting the core functionality of the service.
Cookies We Use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session / Authentication | Keeps the user logged in during navigation | Session | |
| User Preferences | Remembers settings (language, saved delivery address) | 12 months | |
| Cart / Order | Saves cart contents during the session | Session | |
| Google Analytics (_ga, _gid) | Traffic analysis, pages visited, user behaviour | 14 months / 24h | |
| Google Maps | Map display and delivery distance calculation | 6 months | |
| Firebase | Technical infrastructure, authentication and session management | Session / 1 year |
⚙️ Analytics and functional cookies: require consent via the banner. You can decline them without losing access to the service.
How to Manage Cookies
You can manage your cookie preferences in the following ways:
- Cookie banner: on first visit you can accept or decline non-essential cookies
- Browser settings: all major browsers allow you to block or delete cookies from their settings
- Google Analytics Opt-out: install the add-on available at tools.google.com/dlpage/gaoptout
Disabling technical cookies may prevent some parts of the service from working correctly (e.g. login, cart).
Have questions about your privacy?
Our team is available to clarify anything about how we handle your data.