Privacy Policy

Last updated: April 22, 2026

This Privacy Policy describes how the Aioli mobile app handles your information. We believe in collecting as little as possible and being specific about what we do collect.

Data We Collect

  • Account email — provided through Sign in with Apple. Used to identify your account and, if you choose, to contact you about service issues.
  • Meal plans and shopping lists — content you generate in the app is stored on our servers so it syncs across your devices and persists after reinstall.
  • Subscription status — a record that you hold an Aioli Chef subscription, its billing period, and its expiration date. Payment details themselves are handled by Apple and never reach us.
  • Diagnostic and analytics data — anonymised crash reports and product-usage events (e.g. “meal plan generated”, “paywall opened”). We do not collect your device’s advertising identifier (IDFA).

Location

Aioli may request your location if you choose to enable local pricing. When granted, the app uses kilometer-level GPS accuracy and reverse-geocodes it on-device into a short place label (for example, “Budapest, Hungary”). Only that place label leaves your phone — raw coordinates never do. The place label is sent to Google’s Gemini API to fetch regional ingredient prices, and it is stored on our servers alongside the generated meal plan and linked to your account so that we can display it on meal plan tiles and keep your plans organized by location. It is not used for advertising, tracking, or shared with any third party other than Gemini. When you delete your account or an individual meal plan, the associated location label is deleted with it.

Data We Do Not Collect

Aioli does not collect contacts, photos from your library, health data, advertising identifiers, or any data used for cross-app tracking.

Third-Party Services

  • Firebase Authentication (Google) — verifies your Sign in with Apple identity.
  • Firebase Analytics and Crashlytics (Google) — anonymised product analytics and crash reports. IDFA collection is disabled.
  • Google Gemini API — generates meal plans, recipes, and images from the preferences you enter. Prompts are sent in the moment of generation; Gemini’s use of API data is governed by its own policies.
  • Apple StoreKit — handles subscription purchases and renewals. We receive only a signed receipt confirming that a valid subscription exists; no payment details are exposed to us.
  • Railway — hosts our backend infrastructure.

Data Retention

We retain your account data as long as your account exists. When you delete your account from Settings → Delete Account, we hard-delete your Firebase identity, meal plans, shopping lists, and server-side user record. Analytics events already sent are retained in aggregated, non-identifiable form.

Your Rights

Under GDPR and applicable consumer-protection law you have the right to:

  • Access and export the data we hold about you (email us to request).
  • Correct inaccurate data.
  • Delete your data (via the in-app Delete Account flow, which is immediate and irreversible).
  • Withdraw consent for analytics processing (uninstall the app or contact us).
  • Lodge a complaint with your local data-protection authority.

Children

Aioli is not directed at children under 13 and we do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us and we will delete the account.

Changes

We may update this Privacy Policy over time. Material changes will be reflected by updating the date above.

Contact

Questions about this policy or a data request? Reach us at [email protected].