Privacy Policy
Last updated: February 2026
1. Who We Are
Mealiv is operated by Digital Ideations Limited ("we", "our", "us"), a company registered in England and Wales.
We operate the Mealiv website and web application at mealiv.com. We are committed to protecting your privacy and handling your personal data responsibly.
For any privacy-related questions, please contact us at: privacy@mealiv.com
Data controller: Digital Ideations Limited
2. What Data We Collect
We collect and process the following personal data:
2.1 Account Information
- Email address — used for account creation, login, and communication
- Display name — shown within the app (e.g. on shared recipes)
- Password — securely hashed; we never store or have access to your plain-text password
2.2 User-Generated Content
- Meals — meals you create, including ingredients, nutrition data, images, and cooking notes
- Recipes — recipes you save or import to your cookbook
- Shopping lists — shopping list items and preferences
- Meal plans — your meal planner configurations and schedules
- Ratings and preferences — recipe ratings and dietary preferences
2.3 Subscription and Payment Data
- Subscription tier — free, trial, or premium status
- Trial dates — when a free trial was started
- Payment details — handled entirely by Stripe. We never see, store, or have access to your card number, CVV, or full payment details. We only receive confirmation of payment status from Stripe.
2.4 Automatically Collected Data
- Local storage data — we store preferences and session information in your browser's local storage to keep you logged in and remember your settings
- Authentication tokens — session tokens managed by our authentication provider (Supabase) to maintain your login state
We do not currently use analytics cookies, tracking pixels, or advertising technologies.
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing our service — to create and manage your account, store your meals, recipes, shopping lists, and meal plans
- Authentication — to verify your identity when you log in
- Subscription management — to manage your free trial or premium subscription
- Service improvement — to understand how our service is used and make improvements
- Communication — to send important service updates (e.g. changes to these terms). We will not send marketing emails without your explicit consent.
4. Legal Basis for Processing (UK GDPR)
We process your personal data on the following legal bases:
- Contract — processing necessary to provide the service you signed up for (Article 6(1)(b))
- Legitimate interests — to improve our service and ensure security (Article 6(1)(f))
- Consent — where you have given explicit consent, such as opting in to marketing communications (Article 6(1)(a))
5. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting and authentication | Account data, all user-generated content |
| Stripe | Payment processing | Email address (for payment identification). Card details are entered directly on Stripe's secure page. |
| Open Food Facts | Food product data | No personal data shared. Product barcodes are sent to look up nutrition information. |
| YouTube API | Cooking videos | No personal data shared. Search queries (meal names) are sent to find relevant videos. |
| Pixabay | Food images | No personal data shared. Search queries are sent to find food images. |
| Spoonacular | Recipe data and search | No personal data shared. Search queries are sent to find recipes. |
All API calls to third-party services are routed through our server-side proxy. Your browser does not communicate directly with these services (except Open Food Facts for barcode lookups), and no personal data is included in these requests.
5a. Browser Extension (Mealiv Shopping Helper)
We offer an optional browser extension ("Mealiv Shopping Helper") that enhances the online shopping experience. Here is how the extension handles data:
- No data collection — the extension does not collect, store, or transmit any personal data to our servers or any third party
- Local communication only — the extension acts as a message bridge between your Mealiv shopping list tab and retailer tabs open in the same browser. All communication stays within your browser session.
- Retailer page access — the extension runs content scripts on supported retailer websites (Tesco, Sainsbury's, ASDA) solely to detect "add to basket" button clicks and navigate search results. It does not read, store, or transmit any data from these pages.
- No cookies or tracking — the extension does not use cookies, analytics, or tracking of any kind
- No remote code — the extension does not download or execute any remote code
The extension requires access to specific retailer websites and your Mealiv page to function. It does not access any other websites. You can uninstall the extension at any time via your browser's extension management page.
6. Data Storage and Security
- Your data is stored securely in a Supabase (PostgreSQL) database with Row Level Security (RLS) policies, meaning you can only access your own data
- Passwords are hashed using industry-standard algorithms before storage
- All data is transmitted over HTTPS (encrypted in transit)
- Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor
7. Data Retention
- Account data — retained for as long as your account is active
- User content (meals, recipes, shopping lists) — retained until you delete them or delete your account
- Subscription records — retained for accounting and legal obligations after cancellation
When you delete your account, all personal data and user-generated content will be permanently removed within 30 days.
8. Your Rights (UK GDPR)
You have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, contact us at privacy@mealiv.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
9. Children's Privacy
Mealiv is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. International Data Transfers
Your data may be processed by our third-party service providers in countries outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with UK GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a prominent notice on our website or by email. The "Last updated" date at the top of this page indicates when this policy was last revised.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
- Email: privacy@mealiv.com
- Company: Digital Ideations Limited