Privacy Policy
Gather — Meal Planning
Effective date: 2 May 2026
Version: 1.0
1. Who we are
Kelly Davidson
North Bondi, NSW, Australia
Contact: gatherprivacy@gmail.com
This Privacy Policy explains what personal data Gather collects, why, and how it is used when you use the Gather iOS app. "We", "us", and "our" refer to the data controller named above. "You" and "your" refer to you as a user of the app.
If you have any questions about this policy, contact us at the email address above.
2. Data we collect and why
2a. Account and authentication data
When you create an account we collect:
- Your email address — used to sign you in, identify your account, and send password reset emails when you request them. Your raw email address is never written to server logs; only a one-way SHA-256 hash of the email is recorded for security audit purposes.
- Your password — stored only as a salted hash by Supabase Auth. The plaintext password is never stored, transmitted in our logs, or visible to us.
- Device identifier — a device-level identifier (Apple's
identifierForVendor) collected at account creation and used to detect unusual sign-in patterns and prevent unauthorised access.
- IP address — collected at sign-in, sign-up, and password-reset requests for security monitoring and anomaly detection. Not used for advertising or profiling.
- Sign-in and sign-up timestamps — the date and time of authentication events, retained as a security audit trail.
Lawful basis: contractual necessity (to provide you with a working account) and legitimate interests (to protect account security and detect fraud).
2b. Health and dietary data — special category
Important notice. The following data is classified as special category personal data under Article 9 of the UK/EU GDPR because it relates to your health and physical condition. We process it only with your explicit consent, which you give during onboarding by confirming your selections and agreeing to this policy.
We collect:
- Allergen information — ingredients and food types you have identified as allergens (for example: nuts, shellfish, gluten, dairy, eggs, soy, sesame). This data is used exclusively as a hard exclusion filter: any recipe containing a flagged ingredient is removed from your plan without exception.
- Dietary identity tags — dietary commitments you identify during onboarding (for example: vegetarian, vegan, pescatarian). These are used to filter your meal plan.
How this data is protected:
- Allergen and dietary data is stored in a dedicated database table with the strictest access controls (Row Level Security). Only your account can read your own data. No Gather employee or third party can query your allergen data directly.
- This data is never shared with any third party for any purpose.
- This data is never used for advertising, profiling, or any purpose beyond generating your meal plan.
- This data is permanently deleted when your account is deleted.
You may update your allergen and dietary selections at any time in the app (Me → Edit your preferences). Changes to allergen data take effect immediately.
Lawful basis: explicit consent (Article 9(2)(a) UK/EU GDPR).
2c. Household, cooking, and food preferences
We collect during onboarding:
- Household size — the number of people you are cooking for, used to scale ingredient quantities.
- Cooking reality flags — flags describing your cooking context (for example: "weeknights need to be quick", "cooking for kids", "prefers eating less meat"). Used to calibrate plan style and difficulty.
- Soft exclusions (aversions) — ingredients you have asked us to avoid where possible. These are treated as preferences, not safety constraints — a recipe containing an aversion may still appear if no suitable alternative exists. Aversions are not allergens (see Section 2b for allergen handling).
- Preference vector — derived from a series of image pair choices during onboarding. This produces scores across seven dimensions (protein affinity, flavour profile, complexity tolerance, and four cuisine groups) that seed your initial meal plan. It is updated passively as you interact with the app.
You may update household size, cooking flags, and aversions at any time in the app (Me → Edit your preferences). You may rerun the image preference exercise at any time (Me → Replay pairwise).
Lawful basis: contractual necessity (to generate a personalised meal plan).
2d. In-app interaction signals
Every interaction you take in the app is logged as a signal and used to personalise your meal plan and improve the product. We collect:
- Meal swaps — when you swap a meal and the structured reason you select.
- Double-swap detection — when you swap the same meal slot twice in a single session.
- Swap alternatives — which alternative you chose and which you did not.
- Meal deletions and recoveries — whether you deleted a meal and whether you restored it or chose an alternative.
- Meal completions and reversals — when you mark a meal as cooked, and when you undo a completion.
- Star ratings — optional quality ratings on cooked meals.
- Portion adjustments — changes to serving size per meal.
- Recipe detail views — which recipes you tap to view in full.
- Shopping list edits — items you add or remove from your shopping list.
- Shopping completion events — when the "shopping done" sheet appears, when you confirm or dismiss it, and when you undo a confirmed shopping session.
- Use-up ingredients — items you add at onboarding or during the weekly use-up checkpoint.
- Use-up checkpoint skips — when you skip the weekly checkpoint without adding items.
- Screen dwell time — how long you spend on each onboarding question (used to identify friction in the setup flow; not linked to your personal profile beyond onboarding completion).
- Shopping session duration and timestamp — when and for how long you use the shopping list. Used to time push notifications to your actual shopping pattern when push is enabled in a future version.
- App return (week 2+) — whether you return to generate a second plan. This is a product health metric only.
These signals are used to:
- Make your next generated plan better (higher-quality recipes matched to your actual preferences, not just your stated ones).
- Calibrate your household's pantry model over time.
- Improve Gather's recipe selection and plan generation algorithm for all users in aggregate.
These signals are not sold to or shared with any third party. They are not used for advertising. They are permanently deleted when your account is deleted.
Lawful basis: contractual necessity (personalisation is core to the service) and legitimate interests (product improvement). You may object to processing on legitimate interests grounds by contacting us at gatherprivacy@gmail.com.
2e. Push notification data
Push notifications are not enabled in the current version of the app. When push notifications are added in a future version, the following will apply:
- If you grant notification permission in iOS, Gather will send a weekly plan prompt and a shopping prompt timed to your observed shopping pattern.
- To deliver notifications, your device's push token will be shared with Apple's Push Notification service (APNs). No personally identifiable data beyond the notification content is passed to Apple.
- You will be able to revoke notification permission at any time in iOS Settings.
This policy will be updated when push notifications are enabled, and you will be notified of the change as described in Section 10.
Lawful basis (when applicable): consent (iOS permission prompt).
2f. Payment data
Subscriptions and payment processing are not enabled in the current version of the app. When subscriptions are added in a future version:
- Subscription payments will be processed by Stripe. Gather will not store your payment card details.
- Your name and email address will be shared with Stripe for billing purposes. Stripe processes all payment data under their own privacy policy.
- Stripe is a certified PCI DSS compliant payment processor.
This policy will be updated when subscriptions are enabled.
Lawful basis (when applicable): contractual necessity (to process your subscription).
3. Data we do not collect
- We do not use any third-party analytics or tracking SDKs in the Gather app at this time.
- We do not track you across other apps or websites.
- We do not collect precise location data.
- We do not access your contacts, photos, or any other device data beyond what is described in this policy.
4. How we store your data
All user data is stored in the European Union (Frankfurt, Germany — AWS eu-central-1).
Data is stored using Supabase (Supabase Inc.), a managed database and authentication platform. All data at rest is encrypted. All data in transit is encrypted via TLS. Access to your data is restricted by Row Level Security policies — no other user can access your data.
5. Our subprocessors
The following third party processes personal data on our behalf in the current version of the app:
| Subprocessor | Purpose | Data shared | Location |
|---|
| Supabase Inc. |
Database, authentication, edge functions |
Account data, interaction signals, auth logs |
EU (Frankfurt, Germany — AWS eu-central-1) |
Additional subprocessors will apply when subscriptions and push notifications are enabled in future versions:
| Subprocessor | Purpose | Data shared | Location | Status |
|---|
| Stripe Inc. |
Payment processing |
Name, email, payment data |
USA (Standard Contractual Clauses apply) |
Not currently in use |
| Apple Inc. |
Push notification delivery |
Device push token |
Apple infrastructure |
Not currently in use |
We do not use any advertising networks, social tracking pixels, or data brokers.
6. Data retention
| Data category | Retention period |
|---|
| Account data (email, password hash, device identifier) | Life of account |
| Allergen and dietary identity | Life of account |
| Household, cooking, and food preferences | Life of account |
| Interaction signals | 12 months rolling — signals older than 12 months are deleted automatically |
| Auth event logs (hashed email, IP, device identifier, timestamps) | Life of account |
All data in the categories above is permanently deleted within 30 days of account deletion.
7. Deleting your account
You can delete your account at any time from the app: Me → Delete account.
Deleting your account permanently removes:
- Your email address and all account credentials
- All allergen and dietary data
- All household, cooking, and food preferences
- All interaction signals and meal history
- All meal plans and shopping lists
Deletion is irreversible. There is no grace period. Your data cannot be recovered after deletion.
If you are unable to access the app, contact us at gatherprivacy@gmail.com to request account deletion.
8. Your rights under UK/EU GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of all data we hold about you.
- Right to rectification — correct inaccurate data. Most data can be updated directly in the app (Me → Edit your preferences).
- Right to erasure — delete your account and all associated data (see Section 7).
- Right to restriction — request that we limit processing of your data in specific circumstances.
- Right to data portability — request your data in a portable format. Data export is not currently available in the app. Contact us at gatherprivacy@gmail.com to request a manual export.
- Right to object — object to processing based on legitimate interests (see Section 2d).
- Right to withdraw consent — you may withdraw consent for allergen and dietary data processing at any time by deleting your account. You may update your allergen and dietary selections at any time in the app.
To exercise any of these rights, contact us at gatherprivacy@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with a data protection authority:
- UK users: Information Commissioner's Office (ICO) — ico.org.uk
- EU users: the supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred.
9. Children
Gather is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, contact us at gatherprivacy@gmail.com and we will delete it promptly.
10. Changes to this policy
We will notify you of material changes to this policy by updating the effective date at the top of this policy. When push notifications are enabled in a future version, we will also send a notification through the app for material changes.
Continued use of the app after a policy change constitutes acceptance of the updated policy for non-material changes. For material changes (new data categories, new third parties, changes to lawful basis), we will seek fresh consent where required.
11. Contact
For any privacy questions, requests, or complaints:
Kelly Davidson
North Bondi, NSW, Australia
Email: gatherprivacy@gmail.com
This policy was last updated on 2 May 2026.