Dinnerable Privacy Policy

DRAFT โ€” for Jason's review. Not legal advice; consider counsel review before publishing. Intended hosting: https://dinnerable.food/privacy. Required by Apple App Store and Google Play.

Effective date: [DATE โ€” set at publication]

Dinnerable ("we," "us") is operated by North Lafayette, a Limited Liability Company based in Colorado. This policy explains what we collect when you use the Dinnerable mobile app and website, why, and the choices you have. You can reach North Lafayette at privacy@dinnerable.food or visit northlafayette.us.

What we collect

Account information. Email address and password (or Apple/Google sign-in identifiers) when you create an account. Passwords are handled by our authentication provider and never visible to us in plain text.

Household preferences. What you tell Dara (our AI assistant) about your household: household size, dietary preferences and restrictions, cuisines you like, cooking-time preferences, dislikes, and allergies. You provide this to get personalized meal plans.

Chat conversations. Your messages with Dara are stored so the app can maintain context and improve your recommendations week over week.

Meal plan and shopping activity. Your weekly plans, recipe selections and swaps, recipe ratings, grocery lists, and whether you opened a grocery cart with a delivery partner.

Usage analytics. App interaction events (screens viewed, features used, funnel steps completed), device type, OS version, and app version.

Session recordings. We record how the app's screens are used (taps, scrolls, and navigation) to find and fix confusing or broken flows. Recordings mask what you type โ€” including your conversations with Dara โ€” and are linked to a pseudonymous identifier, not your name or email.

Crash and error data. Diagnostic information when the app crashes or malfunctions.

We do not collect precise location, contacts, photos, health data, or advertising identifiers.

How we use it

We do not sell your personal information, and we do not use it for third-party advertising.

Who processes your data

We use the following service providers ("processors") to run Dinnerable:

Provider Purpose What they receive
Supabase Database, authentication, backend hosting Account info, preferences, plans, chat history
Anthropic AI conversation (Claude powers Dara) Chat message content and household preferences needed to respond. Per our agreement, API inputs/outputs are not used to train Anthropic's models.
Spoonacular Recipe search and data Search filters derived from your preferences (never your identity)
Instacart / Impact Grocery cart handoff and affiliate attribution The grocery items you send to your cart; an anonymous referral identifier
PostHog Product analytics and session replay Usage events, pseudonymous identifiers, and session recordings (typed text masked)
Sentry Crash reporting Device/diagnostic data associated with errors
Vercel Website hosting (dinnerable.food) IP address and request logs when you visit the site; the email address you submit to our launch list
Resend Email delivery Your email address and the emails we send you

Each processor receives only what it needs for its function.

Affiliate disclosure

Dinnerable earns a commission when you place orders with grocery partners (such as Instacart) through links in the app. This is how Dinnerable is free to use. It does not affect the prices you pay.

Data retention & deletion

Children

Dinnerable is not directed at children under 13, and we do not knowingly collect personal information from them. Household size/preferences describe your household in aggregate, not individual children.

Security

Data is encrypted in transit (TLS) and at rest. Server-side API keys are held in managed secret stores and never shipped inside the app. Access to production data is limited to the operator.

Your rights

Depending on where you live (e.g., California, EEA/UK), you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Contact privacy@dinnerable.food and we will honor applicable requests. We do not discriminate against you for exercising these rights.

Changes

We'll post updates here and update the effective date. Material changes will be flagged in-app.

Contact

North Lafayette LLC โ€” privacy@dinnerable.food


Open items โ€” resolved 2026-07-05 unless noted: (1) entity block confirmed (North Lafayette LLC, Colorado). (2) privacy@dinnerable.food forwarding via Google Workspace (see docs/email-setup.md). (3) Supabase backups are 7-day rolling; retention text updated to match. (4) Counsel review still open โ€” especially session-replay consent mechanics (Apple 2.5.14); enablement checklist tracked on NOR2-190. Remaining before publish: set effective date, remove DRAFT banner, re-copy to web/content/.