Privacy Policy

Last updated: May 31, 2026

This Privacy Policy for Daniele Desiderato (doing business as Piattofy) ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. Contact us at desideratod@gmail.com.

Table of Contents

  1. What Information Do We Collect?
  2. How Do We Process Your Information?
  3. What Legal Bases Do We Rely On?
  4. When and With Whom Do We Share Your Information?
  5. Do We Use Cookies or Tracking Technologies?
  6. How Long Do We Keep Your Information?
  7. How Do We Keep Your Information Safe?
  8. Do We Collect Information from Minors?
  9. What Are Your Privacy Rights?
  10. Controls for Do-Not-Track Features
  11. US State Privacy Rights
  12. EU/UK/EEA Privacy Rights (GDPR)
  13. International Data Transfers
  14. How Can You Contact Us?
  15. How Can You Review, Update, or Delete Your Data?

1. What Information Do We Collect?

Personal information you provide to us

We collect personal information that you voluntarily provide to us when you register on the Services, use the Services, or contact us. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use.

Personal Information Provided by You. We collect the following categories of personal information:

Sensitive Information

We process the following categories of sensitive personal information:

We use this sensitive information solely to provide and improve our Services (personalized meal planning and nutritional guidance). We do not sell or disclose this information to third parties.

Information automatically collected

Some information โ€” such as your IP address, device type, and general usage patterns โ€” is collected automatically when you use our Services to ensure security and improve performance. We do not use this information for advertising or tracking purposes.

2. How Do We Process Your Information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. Specifically, we process your personal information for the following purposes:

3. What Legal Bases Do We Rely On?

This section applies to users in the EU, UK, and EEA.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information:

4. When and With Whom Do We Share Your Information?

We may share your personal information with the following categories of third-party service providers ("sub-processors") to perform services on our behalf. These providers are contractually obligated to protect your data and may only use it as directed by us.

Provider Purpose Location Data Shared
Supabase Database, authentication, file storage EU (eu-west-1, Ireland) Account data, meal plans, profile
Google (Gemini AI) AI-powered meal plan and recipe generation United States Dietary preferences, health goals (anonymized prompts)
Cloudflare API gateway, content delivery United States (global edge) API requests
RevenueCat In-app subscription management United States Subscription status, purchase history
Unsplash Recipe images Canada/United States Search queries (no personal data)

We do not sell, rent, or trade your personal information to any third party. We do not share your data with advertising networks or data brokers.

5. Do We Use Cookies or Tracking Technologies?

Our mobile application does not use advertising cookies or third-party tracking technologies. We use essential technical mechanisms (e.g., authentication tokens) solely to provide the core functionality of the Services.

6. How Long Do We Keep Your Information?

We retain your personal information for as long as your account remains active. When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, unless we are required by law to retain it longer.

Specific retention periods:

7. How Do We Keep Your Information Safe?

We implement appropriate technical and organizational security measures designed to protect your personal information, including:

However, no electronic transmission over the Internet is 100% secure. While we do our best to protect your information, we cannot guarantee its absolute security.

8. Do We Collect Information from Minors?

We do not knowingly collect data from or market to children under 16 years of age. By using the Services, you represent that you are at least 16 years old. If we become aware that personal information from users under 16 has been collected without appropriate consent, we will delete that information.

9. What Are Your Privacy Rights?

Depending on your location, you may have the following rights regarding your personal information:

To exercise your rights, contact us at desideratod@gmail.com. We will respond within 30 days.

You may also submit a data subject access request through our privacy request service.

10. Controls for Do-Not-Track Features

Most web browsers and mobile operating systems include a Do-Not-Track ("DNT") feature. Because there is no uniform standard for responding to DNT signals, we do not currently respond to DNT signals. We do not track users across third-party websites for advertising purposes.

11. US State Privacy Rights

Depending on the state in which you reside, you may have additional privacy rights under applicable state law, including rights under:

We do not sell or share personal information for cross-context behavioral advertising. California residents may submit requests related to their personal information using the contact information below.

Categories of personal information collected in the last 12 months:

12. EU/UK/EEA Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent laws.

Our legal establishment is in Italy (EU). If you believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection supervisory authority. In Italy: Garante per la protezione dei dati personali.

Our lawful bases for processing health data (a special category under Art. 9 GDPR) are your explicit consent given at the time of registration, and the necessity of processing for the performance of our service.

13. International Data Transfers

Your personal information may be transferred to and processed in countries outside the EU/EEA (primarily the United States), specifically by our service providers Google, Cloudflare, and RevenueCat.

We ensure appropriate safeguards are in place for such transfers, specifically Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented in the respective providers' Data Processing Agreements (DPAs):

14. How Can You Contact Us?

If you have questions or comments about this Privacy Policy, or wish to exercise your privacy rights, please contact us:

15. How Can You Review, Update, or Delete Your Data?

You have the right to request access to, correction of, or deletion of your personal information. To exercise these rights:

When you delete your account, we will delete the following data:

Some data may be retained for up to 30 days in encrypted backups before being permanently purged.