Privacy Policy
Last updated: May 15, 2026
MealPlan exists to help you eat better around a busy schedule. We collect only what we need to run the service, we never sell your data, and we will hand it back or delete it any time you ask.
1. Who we are
MealPlan is operated by Gray Swan Solutions ("we," "us," "our"). MealPlan is a web application that generates personalized weekly meal plans by combining your dietary preferences, household details, and Google Calendar schedule. This policy describes how we collect, use, store, and share information when you use mealplan.grayswan.solutions.
2. Information we collect
Information you provide directly
- Account information: your name and email address, supplied either through Google Sign-In or by entering an email at login.
- Dietary preferences: cuisines you like, ingredients to avoid, allergies, and other meal preferences you enter.
- Household information: number of people you cook for, typical meal sizes, and similar context that helps us size recipes correctly.
- Recipes and meal feedback: custom recipes you save, ratings, and edits you make to suggested plans.
Information we receive from Google (with your permission)
- Google account profile: when you sign in with Google, we receive your email address, name, and Google account ID. We never see or store your Google password.
- Google Calendar events: if you separately connect Google Calendar, we read events from the calendars you select so we can plan around busy nights, travel, and dinner commitments. We do not read events from calendars you have not selected.
Information we collect automatically
- Usage and diagnostic data: standard server logs (IP address, browser, timestamp, requested URL) used for security monitoring and debugging.
- Session cookies: a single first-party cookie used to keep you logged in. We do not use third-party advertising or analytics cookies.
Payment information
Billing is handled by Stripe. We never see or store your full card number, CVC, or bank credentials. Stripe sends us a customer ID, the last four digits of your card, and subscription status so we can show you your billing state and unlock paid features.
3. How we use your information
We use the information described above only to:
- Authenticate you and keep your session secure.
- Generate personalized meal plans, grocery lists, and schedule-aware suggestions.
- Read your selected Google Calendar events so plans avoid conflicts with busy days.
- Process subscription payments and manage your free trial.
- Respond to your support requests.
- Diagnose, debug, and improve the service.
- Send transactional emails (account, billing, important service notices). We do not send marketing email without your explicit opt-in.
4. How Google user data is used (Google API Services disclosure)
MealPlan's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We request only the minimum Google scopes needed: basic profile (email, name) for sign-in, and read access to the Google Calendar(s) you explicitly select for schedule-aware planning.
- We use calendar data only to render your schedule inside MealPlan and to inform the meal plan generator about which days are busy. We do not use calendar data for any other purpose.
- We do not sell, rent, or trade Google user data.
- We do not use Google user data for advertising.
- We do not allow humans to read Google user data except (a) with your explicit permission, (b) when strictly necessary for security or to comply with applicable law, or (c) when the data has been aggregated and de-identified and is used solely for internal operations.
- We do not transfer Google user data to AI/ML models for training. Calendar event titles and times may be sent to our AI model (Anthropic Claude) at the moment a meal plan is generated, solely so the model can plan around your schedule. Anthropic does not train on this data — see Section 5.
You can revoke MealPlan's access to your Google account at any time at myaccount.google.com/permissions or by disconnecting Google Calendar from your MealPlan preferences page.
5. Service providers we share data with
We do not sell your personal information. We share limited data with the following service providers, each contractually obligated to handle it securely:
- Google (OAuth and Calendar): used to authenticate you and read calendar events you select.
- Anthropic (Claude AI): when you generate a meal plan, we send your dietary preferences, household info, and the relevant week's calendar event titles/times to Anthropic's Claude API so the model can produce a personalized plan. Per Anthropic's commercial terms, Anthropic does not train its models on data submitted via the API.
- Stripe (payments): all card processing, subscription billing, and payment receipts are handled by Stripe under Stripe's privacy policy.
- Railway / hosting infrastructure: our application servers and database run on managed cloud infrastructure under standard data-processing agreements.
6. How we store and secure your data
- All connections to MealPlan use HTTPS/TLS.
- OAuth access and refresh tokens are stored in our database; sensitive credentials are not exposed in client-side code.
- Passwords are never stored — authentication is delegated to Google or to email-only login.
- Access to production data is restricted to the operator of the service.
- We retain your data for as long as your account is active. When you delete your account, we delete your stored preferences, recipes, plans, and tokens within 30 days. Backups containing your data are purged on a rolling 90-day cycle.
No system is perfectly secure. If a breach affecting your personal data occurs, we will notify you in accordance with applicable law.
7. Your rights and choices
You can, at any time:
- Disconnect Google Calendar from your preferences page, which deletes the stored calendar token.
- Revoke MealPlan's Google access at myaccount.google.com/permissions.
- Cancel your subscription from the billing page; cancellation takes effect at the end of the current billing period.
- Request a copy of the personal data we hold about you.
- Request correction or deletion of your account and associated data.
To exercise any of these rights, email holden@grayswan.solutions. We will respond within 30 days.
If you are in California, the EU, or the UK, you have additional rights under the CCPA, GDPR, and UK GDPR — including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. The same contact address handles those requests.
8. Children
MealPlan is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
9. International users
MealPlan is operated from the United States. If you use the service from outside the U.S., you understand that your information will be transferred to and processed in the United States, which may have data protection rules different from those in your country.
10. Changes to this policy
If we make meaningful changes to this policy, we will update the date at the top of this page and notify active users by email or in-app notice before the changes take effect. We will not quietly reduce your protections.
11. Contact
Questions, requests, or complaints about this policy or our data practices? Reach out at holden@grayswan.solutions.