Privacy Policy
Last updated: December 17, 2025
At PrepIt, we respect your privacy and are committed to protecting your personal data. This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable North American and International privacy laws.
1. INFORMATION WE COLLECT
We collect data to provide personalized AI meal planning and secure payment processing.
- Personal Identifiers: Name, email address, and IP address.
- Health & Sensory Data (Special Category Data under GDPR): Dietary preferences, allergies, fitness goals, and physical characteristics. By inputting this data, you provide explicit consent for us to process it for your meal plans.
- Commercial Information: Transaction history and payment metadata.
- Note: Direct web payments are processed via PCI-DSS compliant providers (e.g., Stripe). We do not store full credit card numbers.
- Usage Data: Interaction with the app, recipe saves, and device identifiers.
2. LEGAL BASIS FOR PROCESSING (EU/UK USERS)
Under the GDPR, we process your data based on:
- Consent: For processing health/allergy data and sending newsletters.
- Contractual Necessity: To provide the meal planning service you signed up for.
- Legal Obligation: For tax/accounting purposes regarding web-based subscriptions.
- Legitimate Interests: To improve our AI models and ensure app security.
3. DATA SHARING AND AI PROCESSING
- AI Disclaimer: We use third-party AI processors (e.g., OpenAI, Google Cloud) to generate recipes. We use data masking to ensure no PII (name/email) is sent to these AI models.
- No Sale of Data: We do not "sell" your personal information as defined by the CCPA. We do not share your health data with advertisers.
- Service Providers: We share data with hosting providers (e.g., AWS/Google Cloud) and payment processors.
4. INTERNATIONAL DATA TRANSFERS
PrepIt is headquartered in the United Kigdom. Data collected in the EU/EEA may be transferred to and processed in the United States or Canada. We utilize Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives the same level of protection as it does in the EU.
5. YOUR REGIONAL PRIVACY RIGHTS
| Right | EU/UK (GDPR) | California (CCPA/CPRA) | Canada (PIPEDA) |
|---|---|---|---|
| Right to Access | Yes | Yes | Yes |
| Right to Deletion | Yes ("Forget Me") | Yes | Yes |
| Right to Correct | Yes | Yes | Yes |
| Data Portability | Yes | Yes | No (but recommended) |
| Opt-out of Profiling | Yes | Yes | Yes |
To exercise these rights, please email us at support@tryprepit.app. We will respond within 30 days (GDPR) or 45 days (CCPA).
6. DATA SECURITY & RETENTION
- Security: We use AES-256 encryption for data at rest and TLS for data in transit.
- Retention: We retain your data only as long as your account is active. If you delete your account, we purge your health and identity data within 30 days, except for transaction records required by tax authorities.
7. CALIFORNIA "DO NOT SELL OR SHARE" NOTICE
We do not sell your personal information. However, we may share hashed identifiers with service providers for app analytics. You may opt-out of "sharing" for cross-contextual advertising via your device settings (Limit Ad Tracking).
8. CHILDREN’S PRIVACY (COPPA)
The Service is not directed to individuals under 13 (or 16 in certain EU member states). We do not knowingly collect personal information from children.
9. CONTACT US
If you have questions regarding this policy or our data practices, please contact our Data Protection Officer (DPO):
DocWhizz (PrepIt) Address: The Old Forge, Teeton, Northampton, England, NN6 8LS
Email: support@tryprepit.app
