Menuo

Privacy Policy

Last updated: 2026-07-17

1. Data controller

The controller of your personal data is [Imię i nazwisko / nazwa administratora danych]. You can contact the controller about anything related to your personal data at support@menuo.family.

2. What data we process

  • Account data — your email address, display name, and, if you sign in with Google, the basic profile information Google shares (email, name).
  • Content you create — recipes, meal plans, shopping lists, ingredient lists, and household membership. Content is shared with the other members of your household.
  • Usage analytics — anonymous product analytics (pages visited, features used), collected only if you consent. Without consent, analytics runs in a cookieless mode that does not identify you.
  • Technical data — server logs (IP address, browser type, timestamps) kept briefly for security and troubleshooting.

3. Purposes and legal bases

  • Providing the service (accounts, meal plans, sync between household members) — performance of a contract, Art. 6(1)(b) GDPR.
  • Security and abuse prevention — our legitimate interest, Art. 6(1)(f) GDPR.
  • Product analytics — your consent, Art. 6(1)(a) GDPR. You can withdraw it at any time.
  • Legal obligations — Art. 6(1)(c) GDPR, where applicable law requires it.

4. Processors we use

We rely on a small set of service providers who process data on our behalf under data processing agreements:

  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting.
  • PostHog — product analytics, hosted in the EU (Frankfurt, Germany).
  • Resend — transactional email (e.g. account confirmation).
  • Google — optional sign-in with a Google account (OAuth).

Your data is stored in data centers located in the European Union. Where a provider operates globally, transfers outside the EEA are protected by the EU Standard Contractual Clauses or an adequacy decision (such as the EU–US Data Privacy Framework).

5. How long we keep data

  • Account and content data — for as long as your account exists.
  • After account deletion, your data is removed from production systems without undue delay; residual copies may persist in encrypted backups for up to 30 days.
  • Analytics data — retained according to the configured PostHog retention period.
  • Server logs — kept for a short period, typically no longer than 30 days.

6. Your rights

Under the GDPR you have the right to:

  • access your data and receive a copy of it,
  • rectify inaccurate data,
  • erase your data ("right to be forgotten"),
  • restrict or object to processing,
  • data portability (receive your data in a machine-readable format),
  • withdraw consent at any time, without affecting prior processing,
  • lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO, uodo.gov.pl), or the authority in your EU country of residence.

To exercise any of these rights, email support@menuo.family.

7. Cookies

Menuo uses a minimal set of cookies:

  • Functional cookies (always on, required for the app to work): the authentication session, ui_locale (your language choice), and active_household (which household you are viewing).
  • Analytics cookies — set only if you consent via the consent banner. If you decline, analytics runs without cookies and without identifying you.

8. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced in the app. The date at the top of this page always reflects the latest version.

9. Contact

Questions about privacy? Write to support@menuo.family.