Privacy Policy

DoseMeals is a meal planning service for people taking GLP-1 medications, operated at dosemeals.com. For privacy enquiries, contact us at hello@dosemeals.com.

Account data

• Email address and password (hashed — we never store your raw password)
• Name (if provided via Google OAuth)
• Account creation date

Health & profile data (you provide voluntarily)

• GLP-1 medication name (e.g. Ozempic, Wegovy, Mounjaro)
• Injection day and duration on medication
• Self-reported side effects (nausea, fatigue, constipation, etc.)
• Weekly symptom logs: nausea level, appetite, energy, and free-text notes
• Recipe favourites and meal ratings

Usage data

• Pages visited and features used
• Approximate location (country/region derived from IP — not precise GPS)
• Device type and browser (via Vercel Analytics)
• Email open and click events (via Resend)

Payment data

• Subscription status and billing history
• Payment is processed by Stripe — we never see or store your card details

• Personalise your meal plan — your medication, injection day, symptoms, and logged side effects directly power your weekly recipe recommendations
• Send weekly meal plan emails — recipe previews delivered on your shot day
• Send symptom check-in reminders — the day after your injection to prompt symptom logging
• Improve the Service — aggregate, anonymised usage data helps us understand which features are valuable
• Billing and account management — process subscriptions and communicate about your account
• Legal compliance — retain records as required by applicable law

We do not use your data for advertising, sell it to data brokers, share it with insurers or employers, or use it to train AI models.

If you are in the European Economic Area or UK, we process your data on the following bases:

• Contract performance — processing necessary to provide the Service you signed up for
• Legitimate interests — improving the Service, preventing fraud, and security
• Consent — for health data and marketing emails (you may withdraw consent at any time)
• Legal obligation — where required by law

We share your data only with the following trusted service providers, solely to operate the Service:

• Neon (database hosting) — stores your account, profile, and symptom data securely
• Vercel (hosting & analytics) — serves the application and collects anonymised usage analytics
• Stripe (payments) — processes subscription payments; governed by Stripe's privacy policy
• Resend (email delivery) — sends transactional emails (meal plans, check-ins, account notifications)

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes. We do not share your data with any other third parties without your explicit consent.

Health information (medication, symptoms, side effects) is considered sensitive personal data. We apply additional protections:

• Stored in encrypted databases with restricted access
• Never shared with advertisers, insurers, or employers
• Never sold to data brokers or third parties
• Accessible only by you and authorised DoseMeals systems
• Deleted upon account deletion request (within 30 days)

By providing health information, you consent to its use solely for the purpose of personalising your meal plan and check-in emails. You may withdraw this consent at any time by deleting your profile or contacting hello@dosemeals.com.

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days to allow reactivation, after which inactive account data is anonymised or deleted.

Billing records may be retained for up to 7 years as required by financial regulations. Anonymised, aggregated usage data may be retained indefinitely for product improvement.

DoseMeals uses minimal cookies:

• Session cookie — keeps you logged in (expires when you close your browser or after 30 days)
• Vercel Analytics — privacy-friendly, anonymised, no cross-site tracking

We do not use advertising cookies, cross-site tracking, or third-party analytics platforms such as Google Analytics.

You have the right to:

• Access — request a copy of all personal data we hold about you
• Correction — update inaccurate data via your account settings or by contacting us
• Deletion — request deletion of your account and all associated data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to certain processing activities
• Withdraw consent — for any processing based on consent, at any time
• Unsubscribe — opt out of marketing or reminder emails at any time

To exercise any of these rights, email us at hello@dosemeals.com. We will respond within 30 days. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit (TLS 1.2+)
• Passwords hashed with bcrypt (never stored in plaintext)
• Database access restricted by IP allowlisting
• Rate limiting on all authentication endpoints to prevent brute-force attacks
• Regular dependency updates to address security vulnerabilities

No method of internet transmission is 100% secure. If you believe your account has been compromised, contact hello@dosemeals.com immediately.

DoseMeals is not directed to children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

DoseMeals is operated from the United States. If you access the Service from the EU, UK, or other regions, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards for international data transfers where required by law.

We may update this Privacy Policy from time to time. Material changes will be communicated by email and by updating the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For privacy questions, data requests, or complaints, contact us at: hello@dosemeals.com

We aim to respond to all privacy requests within 30 days. If you are unsatisfied with our response, you have the right to contact your local data protection authority.