We built the MealsUp app initially for ourselves, and we use it every day. We therefore have a profound and personal understanding of how important it is that we treat your data with respect and transparency.
This policy covers the information we collect about you when you use the MealsUp app. It also explains your choices about how we use information about you. Your choices include how you can give or withdraw consent to various uses of information about you.
This privacy policy will help you understand:
We collect information about you when you provide it to us, or when third-party services, which MealsUp relies upon, request information about you from your device.
We collect information about you when you input it into the app.
Account and profile information: We collect information about you when you register for an account, create or modify your profile, set preferences or make purchases in the app (using your device’s platform app store). This information includes your email address, the personal name you choose, and a name for your ‘home’ account. We keep track of your preferences when you change them within the app’s settings.
Information you provide during normal usage of the app: This includes any information that you may choose to input, including: mealtime names, meals scheduled, recipes, ingredients and shopping list items.
Information you provide through our support channels: The app offers customer support either via in-app chat or via email, where you may choose to submit information regarding a problem you are experiencing with the app. Depending on your issue, you may be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue. This will be entirely at your discretion.
We collect information about you when you use MealsUp.
We receive information about you from third-party services either when you consent to the collection of that information, or when it is essential to the safe and reliable running of the app.
The following services are disabled by default. You can give your consent to their usage by enabling these services manually in the app’s settings. You can also withdraw your consent at any time in the same way and we will immediately disable the respective service and stop its data collection. If you would like to have the data removed which was collected during periods of consent, please contact us.
Google Analytics for Firebase
If you choose to turn this option on in the app’s settings, you consent to the collection of the following information by Firebase:
Firebase uses this data to provide analytics and attribution information to us. Firebase retains ID-associated data for 60 days, and retains aggregate reporting and campaign data (not including personal IDs) without automatic expiration.
If you choose to turn this option on in the app’s settings, in order to contact us via in-app chat, you consent to the collection of the following information by Smooch:
Smooch uses this data to enable user identification, so that it can collate messages between us and you into a conversation. It uses device tokens to enable push notifications, to alert you when you have recieved a reply from us.
Without any one of the following services, and the data they require in order to function, we would not be able to run the app reliably, safely or effectively. Therefore, we have a legitimate interest in collecting this data and passing it to these third parties, without requiring your explicit consent.
If you object to the use of any of these services, you will need to stop using the app and delete your account(s) and data by contacting us.
Authentication
Firebase provides us with a safe, secure authentication system to manage your sign-up and logging in to the app using an email address and a password. It collects the following information from you:
Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings (a basic description of your device model) and IP addresses to provide added security and prevent abuse during sign-up and authentication. Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the deletion of the associated user, after which data is deleted from live and backup systems within 180 days.
Cloud Functions
Firebase provides us with a secure server environment for running code in response to database changes, for example, in order to trigger push notifications when a user adds an item to their shopping list. It collects the following information from you:
To execute event-handling functions and HTTP functions based on end-user actions. Cloud functions only saves IP addresses temporarily, to provide the service.
Cloud Messaging (i.e. push notifications)
Firebase Cloud Messaging provides us with the infrastructure for sending push notifications direct to your device. It collects the following information from you:
Firebase Cloud Messaging uses instance IDs to determine which devices to deliver messages to. Firebase retains instance IDs until the MealsUp team deletes the ID (on your request). After the deletion, data is deleted from live and backup systems within 180 days.
Realtime Database
The Firebase Realtime Database is where we store the MealsUp data users provide during the normal usage of the app. In addition, it collects the following information from you:
Realtime Database uses IP addresses and user agents to enable the profiler tool, which describes usage trends and platform breakdowns. This tool is offered as part of the service but we have never used it, nor do we intend to. Realtime Database keeps IP addresses and user agent information for a few days.
Sentry provides us with a crash reporting service, so that we can respond quickly and reliably to bugs in our code, data failures and other errors which would impact detrimentally on your usage of the app. It collects the following information from you:
Please note: neither crash traces nor basic device information contain any personally identifiable information, nor would it be possible to combine these with other data to make any successful attempt at identifying a user. IP addresses are only used by Sentry for the purpose of preventing server abuse, and Sentry never reveals IP addresses to us. Therefore, given that Sentry are not provided with any other of the data we collect, this collection of IP addresses cannot be used to identify an individual.
How we use the information we collect depends on your usage of the app, and any preferences you have chosen. The specific purposes for which we use the information we collect about you are:
To provide the app and personalize your experience: We and the third-party services we rely on use information about you to provide the app to you, including to authenticate you when you log in, provide customer support, and operate and maintain the app.
Sharing with other users: When you use the app, you create one or more shared data accounts known as ‘homes’. We share the following information about you with the other users whom you have invited into that ‘home’:
For research and development: We are always looking for ways to make the app smarter, faster, more secure, reliable and useful to you. Where consent has been granted, we use the information that we have already described in this policy about how people use the app, and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for improvement of the app.
After anonymisation, to provide intelligent features: We use a completely anonymised, manually verified list of ingredients added by MealsUp users to create a statistical model that allows us to suggest ingredients to you when you are creating or updating your own dishes. This list is filtered multiple times to ensure complete anonymisation, including the following methods:
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the app. Where you give us permission to do so, we share your information with Smooch for the purpose of communicating via in-app chat.
For safety and security: We and the third-party services we rely on use information about you and your app usage to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of our policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the app, with your permission.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on how you use the app. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right and the ability to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the app.
We use the data hosting service providers listed previously to host the information we collect, and we and they use technical measures to secure your data. While safeguards designed to protect your information are implemented, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We will respond to requests about this within a reasonable timeframe.
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. The list below is in addition to the retention policies of third-party services we rely upon, as mentioned previously.
Account information: We retain your account information until you delete your account. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our app. Where we retain information for improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the app, not to specifically analyze personal characteristics about you.
Information you input in the app: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow the other members of your ‘home’ to make full use of the app, unless you ask us to delete the accounts of all users in the ‘home’ and we have consent for this from all those users.
Below is a summary of your rights in relation to your data, how to exercise them and any limitations. We will respond to requests about this within a reasonable timeframe.
You have the right to request a copy of your information, to object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by using settings available within the app. For all other requests, you may contact us to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by enabling an optional third-party service listed above, we will need to contact those third-party service providers directly to have your information deleted or otherwise restricted, and this may take longer than if we were the sole controllers of that information.
Access and update your information: The app gives you the ability to access and update certain information about you. For example, you can edit your profile information within the app’s settings.
Delete your information: Our app gives you the ability to delete certain information about you. For example, you can remove content that contains information about you from the data you have entered during normal usage of the app, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes or to comply with our legal obligations.
Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a user account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If you object to information about you being shared with a third-party service, please disable the service within the app’s settings or contact us.
Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another. Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of the data you have entered during normal usage of the app. Where this information is controlled by a third-party service, the extent to which we can provide your collated data to you will depend on our ability to request this data from that service.
MealsUp is not intended for individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information, unless we can obtain explicit parental consent for that account and its information to be retained. If you become aware that a child has provided us with personal information, please contact us immediately.
We may change this privacy policy from time to time. We will post any privacy policy changes within this document and, if the changes are significant, we will provide a more prominent notice by alerting you to the update when you open the app. We encourage you to review our privacy policy whenever you use the app to stay informed about our information practices.
If you have any questions about this policy, do not hesitate to contact us and our data protection officer.