Dinnerable Privacy Policy
DRAFT โ for Jason's review. Not legal advice; consider counsel review before publishing. Intended hosting:
https://dinnerable.food/privacy. Required by Apple App Store and Google Play.
Effective date: [DATE โ set at publication]
Dinnerable ("we," "us") is operated by North Lafayette, a Limited Liability Company based in Colorado. This policy explains what we collect when you use the Dinnerable mobile app and website, why, and the choices you have. You can reach North Lafayette at privacy@dinnerable.food or visit northlafayette.us.
What we collect
Account information. Email address and password (or Apple/Google sign-in identifiers) when you create an account. Passwords are handled by our authentication provider and never visible to us in plain text.
Household preferences. What you tell Dara (our AI assistant) about your household: household size, dietary preferences and restrictions, cuisines you like, cooking-time preferences, dislikes, and allergies. You provide this to get personalized meal plans.
Chat conversations. Your messages with Dara are stored so the app can maintain context and improve your recommendations week over week.
Meal plan and shopping activity. Your weekly plans, recipe selections and swaps, recipe ratings, grocery lists, and whether you opened a grocery cart with a delivery partner.
Usage analytics. App interaction events (screens viewed, features used, funnel steps completed), device type, OS version, and app version.
Session recordings. We record how the app's screens are used (taps, scrolls, and navigation) to find and fix confusing or broken flows. Recordings mask what you type โ including your conversations with Dara โ and are linked to a pseudonymous identifier, not your name or email.
Crash and error data. Diagnostic information when the app crashes or malfunctions.
We do not collect precise location, contacts, photos, health data, or advertising identifiers.
How we use it
- Generate personalized weekly dinner plans and grocery lists
- Power conversations with Dara, our AI assistant
- Build grocery carts with delivery partners you choose
- Understand aggregate product usage and fix bugs
- Send transactional email related to your account (we do not send marketing email without separate consent)
We do not sell your personal information, and we do not use it for third-party advertising.
Who processes your data
We use the following service providers ("processors") to run Dinnerable:
| Provider | Purpose | What they receive |
|---|---|---|
| Supabase | Database, authentication, backend hosting | Account info, preferences, plans, chat history |
| Anthropic | AI conversation (Claude powers Dara) | Chat message content and household preferences needed to respond. Per our agreement, API inputs/outputs are not used to train Anthropic's models. |
| Spoonacular | Recipe search and data | Search filters derived from your preferences (never your identity) |
| Instacart / Impact | Grocery cart handoff and affiliate attribution | The grocery items you send to your cart; an anonymous referral identifier |
| PostHog | Product analytics and session replay | Usage events, pseudonymous identifiers, and session recordings (typed text masked) |
| Sentry | Crash reporting | Device/diagnostic data associated with errors |
| Vercel | Website hosting (dinnerable.food) | IP address and request logs when you visit the site; the email address you submit to our launch list |
| Resend | Email delivery | Your email address and the emails we send you |
Each processor receives only what it needs for its function.
Affiliate disclosure
Dinnerable earns a commission when you place orders with grocery partners (such as Instacart) through links in the app. This is how Dinnerable is free to use. It does not affect the prices you pay.
Data retention & deletion
- Your data is retained while your account is active.
- You can delete your account in the app (Account โ Delete account). Deletion removes your account, household, preferences, chat history, plans, and grocery data from our production systems within 30 days; residual copies in encrypted backups expire on a rolling basis within 7 days after that.
- You may also request deletion or a copy of your data at privacy@dinnerable.food.
Children
Dinnerable is not directed at children under 13, and we do not knowingly collect personal information from them. Household size/preferences describe your household in aggregate, not individual children.
Security
Data is encrypted in transit (TLS) and at rest. Server-side API keys are held in managed secret stores and never shipped inside the app. Access to production data is limited to the operator.
Your rights
Depending on where you live (e.g., California, EEA/UK), you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Contact privacy@dinnerable.food and we will honor applicable requests. We do not discriminate against you for exercising these rights.
Changes
We'll post updates here and update the effective date. Material changes will be flagged in-app.
Contact
North Lafayette LLC โ privacy@dinnerable.food
Open items โ resolved 2026-07-05 unless noted: (1) entity block confirmed (North Lafayette
LLC, Colorado). (2) privacy@dinnerable.food forwarding via Google Workspace (see
docs/email-setup.md). (3) Supabase backups are 7-day rolling; retention text updated to
match. (4) Counsel review still open โ especially session-replay consent mechanics (Apple
2.5.14); enablement checklist tracked on NOR2-190. Remaining before publish: set effective
date, remove DRAFT banner, re-copy to web/content/.