Privacy Policy

Effective date: April 7, 2026

FeastTogether ("the App") is operated by Donncha Carroll ("we", "us", or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use FeastTogether.

1. Information We Collect

1.1 Account Information

When you sign in with Apple, we receive:

Apple User ID — a unique identifier for your account
Email address — either your real email or Apple's private relay address, depending on your choice
Display name — the name you provide during sign-up

1.2 Information You Provide

Profile data — display name, dietary preferences
Meals & events — titles, dates, locations, guest lists, menu items, and chat messages you create
Recipes — recipes you save, import, or create, including photos and personal notes
Phone number — optionally provided when inviting friends, used for friend matching only
Friends — connections you make and invitations you send

1.3 Device Permissions

The App requests the following permissions only when needed. You can deny or revoke any of them in iOS Settings.

Permission	Purpose
Camera	Take photos of recipes for import
Photo Library	Select recipe photos from your library
Contacts	Find friends who are already on FeastTogether (email and phone numbers are hashed before matching — raw contact data is never uploaded)
Calendar	Add meals and outings to your calendar
Notifications	Receive meal reminders, invitations, and updates

1.4 Automatically Collected Data

Push notification token — used solely to deliver notifications to your device

We do not collect analytics, device identifiers, IP addresses, or location data.

2. How We Use Your Information

Provide and operate the App's features (meal planning, recipes, friend connections)
Deliver push notifications you have opted in to
Process recipe text using AI when you import a recipe from a photo or URL, and estimate nutritional information
Improve the App's functionality

3. AI-Powered Features

When you import a recipe from a photo or URL, or estimate nutritional information, the recipe text is processed by Anthropic's Claude API via our secure server-side proxy. Only the recipe text and ingredient data is transmitted — no personal data, photos, or account information is included. Your requests are routed through a Cloudflare Worker that validates your identity and enforces rate limits; the Worker does not store recipe content. Anthropic's usage policies apply to the AI processing; see anthropic.com/privacy.

4. How We Store Your Data

Your data is stored in Google Firebase (Firestore and Firebase Authentication), hosted in the United States. Firebase is operated by Google LLC and is subject to Google's security practices and certifications. For details, see firebase.google.com/support/privacy.

5. Who We Share Data With

5.1 Other Users

Your display name is visible to other FeastTogether users when you participate in shared meals. Your email and phone number are used for friend matching only and are never displayed to other users. Meal details (items, chat messages) are visible to all participants of that meal.

5.2 Service Providers

Provider	Purpose	Data Shared
Google Firebase	Authentication, database, push notifications	Account data, app content, device token
Anthropic (Claude API)	Recipe text parsing, nutrition estimation	Recipe text and ingredient data only
Cloudflare	API proxy and rate limiting	Recipe text in transit (not stored)
Apple (Sign in with Apple)	Authentication	Per Apple's policies
Apple (App Store)	Subscription payments	Payment and transaction data per Apple's policies

5.3 We Do Not

Sell your personal data
Share data with advertisers
Use third-party analytics or tracking SDKs

6. Data Retention

We retain your data for as long as your account is active. When you delete your account (Profile → Delete Account), your authentication credentials and user data are permanently deleted. Meal data you created may persist for other participants of those meals.

7. Your Rights

7.1 All Users

You can:

Access and update your profile information in the App
Delete your account and associated data at any time
Revoke device permissions in iOS Settings

7.2 European Economic Area (GDPR)

If you are in the EEA or UK, you have additional rights under the General Data Protection Regulation:

Lawful basis: We process your data based on your consent (account creation) and legitimate interest (operating the service).
Right of access: Request a copy of your personal data.
Right to rectification: Correct inaccurate data.
Right to erasure: Request deletion of your data.
Right to data portability: Receive your data in a structured format.
Right to object: Object to processing based on legitimate interest.

To exercise these rights, contact us at [email protected].

7.3 California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information is collected and how it is used
Request deletion of your personal information
Opt out of the sale of personal information — we do not sell personal information
Non-discrimination for exercising your rights

8. Children's Privacy

FeastTogether is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

9. Security

We use industry-standard security measures including encrypted connections (TLS), Firebase Security Rules, and authenticated access. However, no method of transmission or storage is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:
[email protected]