Privacy Policy — TastyPlan

Last updated: November 1, 2025

This Policy explains how the mobile application TastyPlan, operated byKwargs, s.r.o., collects, uses and protects your personal data in accordance with GDPR and Act No. 18/2018 Coll.

1. Data Controller

Kwargs, s.r.o.
Application: TastyPlan
E-mail: hello@tastyplan.app
Web: www.tastyplan.app

Note: The company does not have a designated Data Protection Officer (DPO), because the scope of processing is appropriate for operating a mobile application.

2. What Data We Process

a) Personal Data

email (registration and login), first and last name (voluntarily).

b) Health and Nutrition Data (special category)

body weight, height, age, goals, nutrition plan, daily food and drink records, food photos (AI analysis), physical activity data.

c) Technical Data

device identifiers, OS information, anonymized usage data, error reports and performance data.

3. Purposes and Legal Basis of Processing

Purpose	Legal Basis
Registration and providing application services	Art. 6 para. 1 b GDPR — contract performance
Processing health data (e.g. weight, meal plan)	Art. 9 para. 2 a GDPR — explicit consent
Personalized recommendations and AI photo analysis	Art. 6 para. 1 a / Art. 9 para. 2 a — consent
Analytics and service improvement	Art. 6 para. 1 f — legitimate interest
Fulfilling legal obligations	Art. 6 para. 1 c — legal obligation
Marketing communication (newsletter, news, promotions)	Art. 6 para. 1 a GDPR — consent

User Communication

The email address you enter during registration is also processed for the purpose of sending important service messages (e.g. onboarding emails, notifications related to trial version or warnings regarding app usage). These messages do not serve as marketing announcements, but help ensure proper functioning and use of the application.

The legal basis for sending service/informational emails is service performance or legitimate interest of the operator to ensure that the user receives important information necessary for using the application.

Marketing Communication

During registration, you have the option to give consent to receive marketing communication to your email address. Marketing communication may contain information about app updates, promotions, healthy eating tips and other TastyPlan company services.

The legal basis for sending marketing communication is your explicit consent according to Art. 6 para. 1 a GDPR. You can withdraw this consent at any time by clicking the "Unsubscribe" link in any marketing email or by sending a request to email hello@tastyplan.sk. After withdrawing consent, we will not send you further marketing messages.

Consent to health data processing can be withdrawn by the user at any time by emailing hello@tastyplan.app.

4. How We Use Data

tracking nutritional intake and progress,
generating personalized recommendations,
synchronization between devices,
anonymous analytics and feature development,
AI training on anonymized data.

5. AI Photo Analysis

The application uses AI to analyze food photos. Photos are processed anonymously through secure cloud APIs. Before processing, anonymization takes place so that it is not possible to directly connect the result with the user's identity.

6. Who Has Access to Data / Sharing

We share personal data only with trusted service providers necessary for application operation:

Google Firebase — authentication and database,
AI cloud services — image analysis,
Analytics services — anonymized statistics.

These services may transfer data to third countries (e.g. USA). Transfer is protected by standard contractual clauses (SCC) or other adequate safeguards according to GDPR.

7. Data Retention

We retain data only for the time necessary for processing purposes:

for the duration of an active user account,
personal data will be deleted within 30 days after account cancellation,
anonymized data may remain for analytical purposes,
backup copies are automatically deleted within 90 days.

8. Security

We implement appropriate technical and organizational measures to protect data, including:

transmission encryption (TLS/SSL),
access control and authentication,
secure API access and regular security audits.

9. Your Rights

You have the right to access data, correct it, delete it, restrict processing, data portability, object to processing and withdraw consent. Send a request to exercise rights to hello@tastyplan.app.

If you believe that processing violates GDPR, you have the right to file a complaint to:

Personal Data Protection Office of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27
Web: www.dataprotection.gov.sk

10. Cookies and Tracking

The application uses only necessary technical cookies, anonymized analytical cookies and local storage for offline functionality.

11. Minors

The application is not intended for persons under 18 years of age. If we find that we have accidentally collected data of a minor, we will immediately delete it.

12. Policy Changes

We may update these Policies. We will inform you about significant changes in the application or on the website. By continuing to use after publishing changes, you agree to their new wording.