Meal Prep

Privacy & terms

Last updated: 13 June 2026

Imprint (operator)

This service is operated by an individual:

Emanuel Frank
Scheuchzerstrasse 20
8006 Zürich, Switzerland
emafrank@ethz.ch

What this is

Mealprep is a free meal-planning tool for households / WGs. You create a group, add people with their daily kcal targets, build menus from products (e.g. Migros articles), and the app generates shopping lists and per-person cost splits.

Data we collect

  • Your email + password— used to sign in to your account and for group invitations. Passwords are stored as bcrypt hashes by Supabase Auth; we never see the plaintext. We don't use your email for marketing or share it with anyone.
  • The meal-prep data you enter — people, menus, products, cycles, shopping lists, attachments. Visible only to members of your group (row-level security in our database).
  • Audit trail — every change is logged so group members can see who did what (visible at /activity).
  • Server logs — Vercel keeps standard HTTP logs (timestamp, route, status, IP) for diagnostics. Not used for tracking.

No third-party analytics, no ad networks, no cookies beyond the session cookie Supabase uses for sign-in.

Where data is stored & who processes it

We use the following processors to run the service. Each handles only the data needed for its job, under its own data-processing agreement:

  • Supabase (EU-Central) — database, accounts, and file uploads (cycle attachments).
  • Vercel (USA) — application hosting + standard HTTP server logs.
  • Stripe (USA) — subscription payments. Your card details go directly to Stripe; we never see or store them.
  • Resend — invitation & password-reset emails.
  • Fly.io (EU/Frankfurt) — a small proxy used only to fetch public Migros product data; it processes no personal data.

International transfers:some processors (Vercel, Stripe) are in the USA. Those transfers rely on EU/Swiss Standard Contractual Clauses and/or the Swiss–U.S. Data Privacy Framework, as provided in each processor's agreement. Under the Swiss revised Data Protection Act (revDSG) you can request access to, or deletion of, your data at any time (see below).

Retention & deletion

Data sticks around as long as you do. You can delete your account at any time from /groups — it cascades through every group you own (their data goes with you), removes you from groups you joined, and deletes your email from our auth records.

If self-service deletion doesn't work for some reason, email us and we'll do it manually.

Terms of use

  • The service is provided as-is, no uptime guarantee, no warranty.
  • Don't use it for anything illegal, abusive, or harmful.
  • Don't scrape, hammer, or try to break the service.
  • We may remove accounts that abuse the service.
  • We may change these terms — material changes will be flagged in the UI.

Contact

Questions, bug reports, deletion requests: emafrank@ethz.ch.