FoodPlanAI← Back home
DRAFT · PRE-LAUNCH · PENDING LEGAL REVIEW

Privacy Policy

Last updated · 2026-05-28

This policy explains what personal data we collect when you visit foodplanai.app or pre-register for FoodPlanAI, why we collect it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and Romanian Law 190/2018.

1. Data controller

The data controller is Radu Nemerenco, operating FoodPlanAI from Romania. Contact for data-protection matters: r.nemerenco@gmail.com. We have not appointed a Data Protection Officer; the operator handles privacy requests directly.

2. What we collect

2.1 When you visit the landing page

  • Standard server logs from our hosting provider (Vercel): IP address, user agent, requested URL, referrer, timestamp. Used for security and operational monitoring only. No third-party analytics or advertising cookies are loaded on this site.

2.2 When you pre-register

  • Identity and contact data: email address you enter at checkout, name if you provide it.
  • Payment data: handled directly by Stripe and RevenueCat. We do not see or store your full card number; we receive a tokenised reference, the last 4 digits, card brand, and billing country.
  • Subscription metadata:plan chosen, billing cycle, renewal date, founders' rate status, cancellation events.

2.3 When the app launches

Future versions of the Service will collect food logs, macro targets, weight, training data, and AI conversation history that you choose to submit. We will update this policy and notify you by email before any new category of personal data is collected.

3. Why we collect it (legal bases)

  • To deliver the Service (Art. 6(1)(b) GDPR — contractual necessity): processing your subscription, sending you launch notifications, providing customer support.
  • To comply with legal obligations (Art. 6(1)(c)): retaining invoices and accounting records as required by Romanian tax law, responding to lawful requests from authorities.
  • Our legitimate interests (Art. 6(1)(f)): preventing fraud, securing the Service, improving the product. Where we rely on legitimate interests, you have a right to object — see Section 7.
  • Consent (Art. 6(1)(a)): only where required and always with a clear opt-in.

4. Who we share data with

We share personal data with the following processors, each bound by a Data Processing Agreement and operating under their own published privacy policies:

  • Stripe Payments Europe, Limited — payment processing.
  • RevenueCat, Inc. — subscription management. May transfer data to the United States under standard contractual clauses.
  • Vercel Inc. — website hosting and serverless infrastructure. May transfer data to the United States under standard contractual clauses.
  • Google LLC — font delivery via Google Fonts (limited to IP address at request time).

We do not sell your personal data and we do not share it with advertisers. We will share data with law-enforcement or regulatory bodies only where legally compelled to do so.

5. International transfers

Some of our processors (RevenueCat, Vercel) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework to ensure an adequate level of protection.

6. How long we keep your data

  • Active subscriptions: for as long as you remain a customer.
  • Cancelled subscriptions: we retain subscription and billing records for up to 10 years as required by Romanian accounting law (Law 82/1991).
  • Server logs: 30 days, then deleted automatically by our hosting provider.

7. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectification of inaccurate or incomplete data (Art. 16).
  • Erasure("right to be forgotten") where the conditions in Art. 17 apply. We may need to retain certain billing records to meet legal obligations (Section 6).
  • Restriction of processing (Art. 18).
  • Data portability in a structured, machine-readable format (Art. 20).
  • Object to processing based on our legitimate interests (Art. 21).
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at dataprotection.ro or any other competent EU supervisory authority.

To exercise any of these rights, email r.nemerenco@gmail.com from the address associated with your account. We respond within 30 days as required by Art. 12(3).

8. Cookies

This landing page does not set any cookies or use client-side analytics beyond what is strictly necessary to render the page. Stripe and RevenueCat may set their own cookies on the checkout pages they host — their cookie policies apply there.

9. Children

FoodPlanAI is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Security

We take reasonable technical and organisational measures to protect personal data, including encryption in transit (TLS), access control to production systems, and processor-side encryption at rest. No system is perfectly secure; if a breach affecting your data occurs, we will notify you and the relevant supervisory authority as required by Articles 33 and 34 GDPR.

11. Changes to this policy

We may update this Privacy Policy as the product evolves. Material changes will be communicated by email and reflected in the "Last updated" date above.

12. Related documents

See also our Terms of Service.

© 2026 FOODPLANAI · BUILT IN ROMANIA