Moonova Labs Limited, trading as SyncMeals ("we", "us", "our"), is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988–2018. This Privacy Policy explains what data we collect, how we use it, and your rights. By using SyncMeals, you agree to this policy. Questions? Contact us at support@syncmeals.com
2. What Data We Collect
Account Data
- Email address
- Password (encrypted via Supabase Auth — we never see your plain-text password)
- Name (if provided)
Health & Medication Data
- GLP-1 medication type (e.g. Ozempic, Wegovy, Mounjaro, Zepbound)
- Injection day
- Dietary preferences (e.g. Vegetarian, Gluten-free)
- Food allergies (e.g. Nuts, Dairy, Shellfish)
- Meal ratings and symptom logs you submit
This health-adjacent data is collected solely to personalise your meal plan. We do not share it with third parties for marketing purposes.
Usage Data
- App usage patterns (screens visited, features used)
- Device type and operating system
- Crash reports and error logs
Payment Data
Payments are processed by Apple (via Apple In-App Purchase), Google (via Google Play Billing), or Stripe (for web subscribers). We do not store your payment card details. Each payment provider's own privacy policy applies to payment data. We store only your subscription status, plan type, and renewal date.
3. How We Use Your Data
- Create and manage your account
- Generate and personalise your weekly meal plan based on your injection cycle
- Adapt meal suggestions based on your logged symptoms and ratings
- Process and manage your subscription via Apple In-App Purchase, Google Play Billing, or Stripe depending on how you subscribed
- Send transactional emails (account confirmation, password reset)
- Improve the app using anonymised usage data
- Comply with legal obligations
We do not use your data for advertising. We do not sell your data to any third party.
4. Legal Basis for Processing
- Contract: To provide the SyncMeals service you have signed up for
- Legitimate interests: To improve the app and prevent fraud
- Legal obligation: To comply with applicable laws
- Consent: Where we ask for your explicit consent (e.g. health data during onboarding)
5. Data Sharing
We share data only with the following third-party service providers:
- Supabase — database and authentication (EU region)
- Apple — payment processing for iOS app subscribers (Apple In-App Purchase)
- Google — payment processing for Android app subscribers (Google Play Billing)
- Stripe — payment processing for web subscribers (app.syncmeals.com)
- Anthropic — AI-powered meal swap suggestions (anonymised prompts only, no personal data)
All providers are contractually required to protect your data and may only use it to provide services to us.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Account data and meal logs deleted within 30 days
- Payment records retained for 7 years as required by Irish tax law
- Anonymised, aggregated usage data may be retained indefinitely
7. Your Rights Under GDPR
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your data
- Right to restriction — ask us to limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent
To exercise any of these rights, contact us at support@syncmeals.com. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission of Ireland at www.dataprotection.ie
8. Data Security
- Encrypted storage via Supabase
- HTTPS encryption for all data in transit
- Secure password hashing — we never store plain-text passwords
- Access controls limiting who can access personal data
In the event of a data breach affecting your rights, we will notify you and the Data Protection Commission as required by law.
9. Cookies
The SyncMeals web app may use essential cookies and local storage to maintain your session and preferences. We do not use advertising or tracking cookies.
10. Children's Privacy
SyncMeals is not intended for use by anyone under 18. We do not knowingly collect data from children. Contact us at support@syncmeals.com if you believe a child has provided data and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification. Continued use of SyncMeals after changes constitutes acceptance of the updated policy.