Privacy Policy — Replate

Overview

This Privacy Policy explains how Replate ("we", "us") collects, uses, and protects your personal data when you use our mobile application (the "App"). We comply with the EU General Data Protection Regulation (GDPR).

1. Data We Collect

You provide directly (during onboarding and use):

Account: email address and password (stored hashed by our authentication provider).
Profile: name, age, gender, height, weight, activity level, dietary goal, food preferences, allergies, disliked ingredients, and meals per day.
Generated content: your meal plans and related macro/calorie targets.

Collected automatically:

Basic technical/diagnostic data (app version, device type, crash logs) where applicable.
Language and theme preferences (stored on your device).

We do not intentionally collect special-category health data beyond the dietary information you choose to enter.

2. Why We Use It

Purpose	Data	Lawful basis
Create and maintain your account	email, password	Performance of a contract
Generate personalized meal plans	profile, goals, preferences	Performance of a contract
Provide AI meal suggestions	recipe/profile context sent to our AI provider	Performance of a contract
App stability & security	diagnostic/crash data	Legitimate interest
Analytics (if enabled)	usage events	Consent

3. Who We Share It With

We use trusted third parties that process data on our behalf under data-processing agreements:

Supabase — database, authentication, and storage hosting (EU region).
Anthropic — AI meal generation; we send recipe and relevant profile context to produce your plan. Your data is not used to train their models per their commercial terms.
Apple / Google — app distribution and in-app purchases.
RevenueCat — subscription and purchase management.

We do not sell your personal data.

4. International Transfers

Some processors may process data outside the EU. Where they do, transfers are covered by adequacy decisions or Standard Contractual Clauses.

5. Retention

We keep your data while your account is active. If you delete your account, we delete your personal data within 30 days, except where we must retain limited records for legal obligations (e.g. tax or payment records).

6. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, object to processing, port your data, and withdraw consent. You can:

Edit your profile in the App.
Export or delete your account from Settings → Account, or by emailing replateai@gmail.com.
Lodge a complaint with your supervisory authority (in Poland: UODO — Urząd Ochrony Danych Osobowych).

7. Children

The App is intended for adults aged 18 or over. We do not knowingly collect data from anyone under 18.

8. Security

We use industry-standard measures (encryption in transit, row-level security, hashed passwords). No method is 100% secure, but we work to protect your data.

9. Changes

We may update this policy; material changes will be notified in-app. The effective date reflects the latest version.

10. Contact

Szymon Tabiś, Poland — replateai@gmail.com