1. Introduction

Aldenté ("we," "our," or "us") is the data controller for personal information processed through the Al Dente mobile application and related services. This Privacy Policy explains what we collect, why we collect it, how long we keep it, and the rights you have under the UK GDPR, EU GDPR, and equivalent laws (including PIPEDA in Canada and the Privacy Act 1988 in Australia).

2. Information We Collect

Personal Information

• Email address and authentication information
• Name and profile information
• Subscription and purchase information (processed by Apple and RevenueCat)
• Device information and app usage data

Usage Information

• Recipe preferences and dietary restrictions
• Meal planning data and grocery lists
• Photos you upload (profile picture, cook log photos)
• Chat interactions with our AI assistant
• App features used and interaction patterns

Technical Information

• Device type, operating system, and app version
• IP address and general location data
• Crash reports and performance analytics

3. How We Use Your Information

• Provide and improve our AI-powered recipe services
• Personalize your experience and recommendations
• Process subscriptions and manage entitlements
• Send transactional notifications (e.g., meal-plan reminders, social activity)
• Send product updates and announcements (only if you opt in)
• Analyze usage patterns to improve our service
• Provide customer support and respond to inquiries

4. Lawful Basis for Processing (UK / EU GDPR)

We rely on the following lawful bases under Article 6 of the UK and EU GDPR:

• Performance of a contract (Art. 6(1)(b)): creating and operating your account, syncing your recipes and meal plans, and processing your subscription.
• Consent (Art. 6(1)(a)): sending marketing notifications (feature updates, announcements), accessing your photo library, and sending push notifications. You can withdraw consent at any time in the app's settings.
• Legitimate interests (Art. 6(1)(f)): diagnosing crashes, preventing abuse, securing the service, and aggregate product analytics. We balance these interests against your rights and minimize the data used.
• Legal obligation (Art. 6(1)(c)): retaining records required for tax, accounting, or to respond to lawful requests from authorities.

5. Information Sharing

We do not sell, trade, or rent your personal information. We share data only with the processors listed in Section 9 and where required by law (e.g., responding to a valid court order) or in connection with a merger, acquisition, or sale of assets — in which case you will be notified.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Data is encrypted in transit (TLS) and at rest. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal data only as long as needed:

• Account data (profile, recipes, meal plans, photos): retained while your account is active. Deleted within 30 days of an account-deletion request; residual copies in encrypted backups are purged within 90 days.
• Subscription records: retained for up to 7 years after subscription ends to meet tax and accounting obligations.
• Crash and performance logs: retained for up to 90 days, then automatically deleted.
• Aggregate analytics: retained in anonymized form for up to 14 months.
• Public recipes you published: if you delete your account, your name is removed and your published recipes are anonymized to "Deleted User" so other users' saves and ratings remain functional.

8. Your Rights

Under the UK GDPR, EU GDPR, PIPEDA (Canada), and the Privacy Act 1988 (Australia) you have the following rights:

• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your account and personal data — available in-app under Settings → Account, or by emailing us
• Portability: receive your data in a structured, machine-readable format (request via the Contact page)
• Objection: object to processing based on legitimate interests
• Restriction: ask us to limit how we process your data
• Withdraw consent: turn off marketing notifications and revoke permissions in Settings at any time
• Lodge a complaint: UK users can complain to the Information Commissioner's Office (ico.org.uk); EU users can complain to their national data protection authority

To exercise any of these rights, please reach out via our Contact page. We aim to respond within 30 days.

9. Third-Party Processors

We rely on the following service providers to operate the app. Each acts as a data processor and is bound by a data processing agreement. Some providers may process data outside the UK/EU; in those cases we rely on Standard Contractual Clauses or equivalent safeguards.

• Apple: in-app purchases, App Store subscription billing
• Google / Firebase (Google Ireland Limited): authentication, database, cloud storage, analytics, crash reporting, push notifications, AI services
• RevenueCat: subscription entitlement management and receipt validation
• Google Sign-In: optional sign-in method

10. International Transfers

Our processors (notably Google/Firebase and RevenueCat) may transfer and store data in the United States and other countries outside the UK and EEA. Where such transfers occur, we rely on the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or other lawful transfer mechanisms.

11. Children's Privacy

Our service is not intended for children under 13 years of age (or under 16 in jurisdictions where that is the digital-consent age). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please reach out via our Contact page.