Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to our service, or contact us for support.

Personal Information

• Email address (required for account creation)
• Password (encrypted and securely stored)
• Family preferences (family size, dietary restrictions)
• Meal plan selections and preferences
• Payment information (processed securely through Stripe)

Usage Information

• Pages visited and features used
• Time spent on the service
• Device and browser information
• IP address and general location data

2. How We Use Your Information

Legal Basis for Processing (EU Users)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our meal planning service and process payments
• Legitimate Interest: To improve our service, prevent fraud, and ensure security
• Consent: For marketing communications (you may withdraw consent anytime)
• Legal Obligation: To comply with tax, accounting, and regulatory requirements

We use the information we collect to:

• Provide and maintain our meal planning service
• Personalize meal plans based on your preferences
• Process payments and manage subscriptions
• Send you weekly meal plans and service updates
• Respond to your comments, questions, and support requests
• Improve our service and develop new features
• Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our service:

• Supabase: Database hosting and user authentication
• Stripe: Payment processing and subscription management
• Resend: Email delivery service
• Vercel: Web hosting and content delivery

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4. Data Security

We implement appropriate security measures to protect your personal information:

• All data transmission is encrypted using SSL/TLS
• Passwords are hashed and securely stored
• Database access is restricted with row-level security
• Regular security updates and monitoring
• Payment information is handled by PCI-compliant Stripe

5. Your Privacy Rights

General Rights

• Access: Request a copy of your personal data within 30 days
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data in certain circumstances
• Objection: Object to processing based on legitimate interests

GDPR Rights (EU Residents)

• Right to withdraw consent for marketing communications
• Right to lodge a complaint with your local data protection authority
• Right to object to automated decision-making (if applicable)

California Privacy Rights (CCPA)

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

To Exercise Your Rights: Contact us at privacy@wehadababywhatnow.com with your request and account information.

6. Cookies and Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for login, security, and basic functionality (cannot be disabled)
• Analytics Cookies: Vercel Analytics for usage patterns (privacy-focused, no personal identification)
• Preference Cookies: Remember your meal plan settings and dashboard preferences
• Local Storage: Shopping list checkboxes and user interface preferences

Third-Party Cookies

• Stripe: Payment processing and fraud prevention
• Supabase: Authentication and session management
• Vercel: Performance monitoring and analytics

Managing Cookies: You can control cookies through browser settings, but disabling essential cookies may impair service functionality. Analytics cookies can be disabled without affecting core features.

7. Children's Privacy

While our service provides meal plans for families with toddlers, we do not knowingly collect personal information from children under 13. Our service is designed for use by parents and caregivers who are 18 years or older.

8. International Users

Our service is hosted in the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

9. Data Retention

We retain your personal information according to the following schedule:

Account Data

• Active accounts: Retained while account is active plus 90 days after cancellation
• Cancelled accounts: Personal data deleted within 30 days of cancellation request
• Legal compliance data: Retained for 7 years as required by tax and financial regulations

Specific Data Types

• Email preferences: Until you unsubscribe or account deletion
• Usage analytics: Anonymized after 24 months
• Payment records: 7 years for tax compliance
• Support communications: 3 years for service improvement

Deletion Process

Account deletion permanently removes your personal data within 30 days, except for:

• Legal compliance requirements (tax records, fraud prevention)
• Anonymized analytics data (personally identifiable information removed)
• Data stored by third-party processors (deleted according to their retention policies)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@wehadababywhatnow.com

Support: support@wehadababywhatnow.com