← Back to Mealo

Privacy policy

Last updated: March 2026

This policy describes what data Mealo collects, why, and where it goes. We try to collect as little as possible.

What we collect

• Account info: your email address, used for authentication.
• Profile info: name, birth year, sex, height, weight, activity level, and dietary goals. You provide these during onboarding to personalize your experience.
• Food journal: your meal entries, including food descriptions, quantities, nutrition data, and meal photos or barcode scans you submit.
• Weight logs: weight and body fat entries you record over time.
• Conversation history: your messages to Mealo's AI assistant, including text and images, so the AI can understand context across a session.
• Social connections: friend relationships and the data you choose to share with friends (meals, goals, weight).

How we use it

• Provide and improve the service — log your meals, track your nutrition, show your trends.
• Process your input through AI to identify foods and estimate nutritional content.
• Adapt to your language and preferences.

What we don't do

• We don't sell your data.
• We don't use your data to train AI models.
• We don't show you ads or share data with advertisers.
• We don't track you across other apps or websites.

Third-party services

To provide Mealo, we use a small number of third-party services. Here's exactly what goes where:

• Supabase (auth): stores your email and authentication tokens. Servers in the EU.
• OpenAI (AI processing): receives your meal descriptions, food photos, and nutrition label images to identify foods and estimate nutrition. We don't send your name, email, or profile. We use their API with data processing agreements — your data is not used to train their models.
• Google AI (AI processing): used for nutritional trend analysis. Same principle — minimal data, no training.
• Bugsnag (error tracking): receives crash reports and error logs to help us fix bugs. May include technical context but not your food data or personal profile.

Analytics

Our website (mealo.fit) uses Umami, a privacy-focused, self-hosted analytics tool. Umami does not use cookies, does not collect personal data, and does not track you across sites. We only see aggregate page views, referrers, and device types. All analytics data is stored on our own server.

The Mealo app itself does not use analytics or tracking of any kind.

Where your data lives

Your personal profile and food data are stored on our server in Germany. Authentication data is stored by Supabase in the EU. AI processing requests are sent to US-based providers (OpenAI, Google) but are not stored by them beyond what's needed to process the request.

Data retention

We keep your data for as long as you have an account. When you delete your account, all your data is permanently deleted — food journal, weight logs, profile, conversation history, friend connections. There is no recovery after deletion.

Your rights

Under GDPR and Estonian law, you have the right to:

• Access the personal data we hold about you.
• Delete your account and all associated data at any time through the app.
• Rectify inaccurate data (you can edit your profile and food entries directly).
• Object to processing or request restriction of processing.
• Data portability — request your data in a portable format.

To exercise any of these rights, email contact@mealo.fit or use the in-app account deletion feature.

Legal basis for processing

We process your data based on:

• Contract: processing necessary to provide the service you signed up for (meal logging, nutrition tracking).
• Legitimate interest: error tracking and service improvement, where our interest doesn't override your rights.

Children

Mealo is not for people under 13. We don't knowingly collect data from children.

Changes

We may update this policy. If we make significant changes, we'll post the new version here and notify you through the app.

Contact

Questions about your data? Email contact@mealo.fit