Privacy Policy for SirPrep

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Viktoriia Hrodetska
Heidenheimer Strasse 24
85748 Garching bei Muenchen
Germany
Email: info.foodb@gmail.com

We process your personal data only to the extent necessary to provide the features and functionality of SirPrep, a web app for weekly meal planning and grocery lists for German grocery stores. Depending on how you use the app, we may process:

• Account and authentication details
• Meal-planning preferences, such as grocery store, budget, household size, dietary goal, meals per day, weekly notes, and disliked ingredients
• Generated or saved weekly meal plans, shopping lists, and estimated per-serving nutrition values
• Subscription status and billing identifiers
• Technical diagnostics and security logs

SirPrep uses the preferences you provide to generate practical meal plans, grocery estimates, and grouped shopping lists. This information is not intended to be medical data. Estimated calories and macros describe generated meals per serving; SirPrep does not provide medical, nutritional, or health advice.

• Purpose: We process this data to provide meal planning, saved weekly plans, shopping lists, and budget-oriented grocery planning features.
• Legal basis: The processing is necessary for the performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR). Where you provide optional preferences, processing may also be based on your consent (Art. 6(1)(a) GDPR).
• Data control: You can update your planning preferences in the app. For deletion requests, contact us at the email address listed above.

To operate the app securely and efficiently, we use the following third-party service providers.

4.1. Clerk (Authentication)

We use Clerk to provide hosted account creation, sign-in, session management, and related authentication security features.

• Provider: Clerk, Inc., USA.
• Data processed: Account identifiers, email address, authentication events, session information, and security metadata.
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest in secure authentication (Art. 6(1)(f) GDPR).

4.2. Aurora PostgreSQL-Compatible Database (App Data)

We use an Aurora PostgreSQL-compatible database to store app data required for meal planning and saved weeks.

• Data processed: Planning preferences, saved weekly meal plans, shopping-list details, and subscription state keyed to your account identifier.
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

4.3. Stripe (Payments and Subscriptions)

We do not process card payments directly. Paid plans are handled through Stripe Checkout and the hosted billing portal from Stripe.

• Provider: Stripe Payments Europe, Ltd., Ireland, and Stripe, Inc., USA.
• Data processed: Billing contact details, payment status, subscription identifiers, invoices, and payment method metadata. We do not store raw card details.
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legal accounting obligations (Art. 6(1)(c) GDPR).

4.4. Google Generative AI (Meal Plan Generation)

SirPrep uses the Gemini API from Google to generate meal-plan content from your grocery-planning preferences.

• Provider: Google Ireland Limited, Ireland (via Google Cloud).
• Data processed: Store choice, budget, household size, day count, meals per day, dietary goal, weekly notes, disliked ingredients, and similar planning inputs.
• Data minimization: We do not intentionally send direct account identifiers, such as your name or email address, to Gemini for meal-plan generation.
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and, where applicable, your consent for optional preferences (Art. 6(1)(a) GDPR).

Your personal data is stored only for as long as necessary to provide SirPrep, maintain your account, comply with legal obligations, resolve disputes, and enforce agreements. If you ask us to delete your account data, we will erase personal data from active systems unless legal retention duties apply, such as commercial or tax-law obligations for payment records.

Some essential service providers may process data outside the European Economic Area (EEA), including in the United States. Where this occurs, we rely on appropriate GDPR safeguards such as the EU-US Data Privacy Framework for certified providers, Standard Contractual Clauses (SCCs), and technical and organizational security measures.

Under the GDPR, you have comprehensive rights regarding your personal data:

• Right of access (Art. 15): Request details about the data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your data.
• Right to restriction (Art. 18): Limit how your data is processed.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.

To exercise any of these rights, or to withdraw previously granted consent, please email us at: info.foodb@gmail.com.

We use technical and organizational security measures, such as TLS encryption in transit, access controls, and server-side integration boundaries, to protect personal data from unauthorized access, accidental loss, destruction, or manipulation.

SirPrep uses AI to generate meal-plan suggestions, but these suggestions are informational and user-controlled. We do not engage in legally binding automated decision-making or profiling that produces legal effects concerning you within the meaning of Art. 22 GDPR.

If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may contact the data protection authority in your habitual residence, your place of work, or the location of the alleged infringement.