Privacy Policy

Last updated: March 15, 2026

Meels Inc. ("Meels," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (meels.com), our mobile application "Meels Chef-Prepared Meals" (available on iOS and Android), and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

Information You Provide

• Account information: Name, email address, phone number, and password when you create an account.
• Profile information: Postal code and avatar (all optional).
• Shipping & billing addresses: Full mailing address including name, street, city, province, country, and postal code.
• Payment information: Credit card details are collected and processed securely by Stripe. We store only the last four digits, card brand, expiration date, and card country for your records. We never store full card numbers.
• Dietary preferences: Food preferences, allergies, and plan size selections for subscription meal customization.
• Reviews & feedback: Product reviews including ratings, titles, and written feedback.
• Communications: Messages sent to us via email or our contact form.

Information Collected Automatically

• Device information: Browser type, operating system, and device identifier for security and fraud prevention.
• Session data: IP address, hostname, ISP, approximate location (city, region, country), and user agent string. This data is recorded when you log in or place an order.
• Usage data: Pages visited, actions taken, and interactions with our Service.
• Cookies & tokens: Session tokens, refresh tokens, and CSRF tokens for authentication and security. See "Cookies" section below.

Information from Third Parties

• IP geolocation: We use ipinfo.io, ip-api.com, and ipapi.co to determine your approximate location from your IP address for fraud prevention and to connect you with your nearest kitchen.
• Referral data: If you sign up via a referral link, we record the referral code and referrer information.

2. How We Use Your Information

We use your personal information to:

• Provide the Service: Process orders, manage subscriptions, deliver meals, and handle payments.
• Personalize your experience: Auto-select meals based on your dietary preferences, recommend products, and tailor your subscription.
• Communicate with you: Send order confirmations, delivery notifications, subscription review emails, cutoff reminders, and account updates.
• Manage rewards: Track and issue reward points, process referral credits, and apply gift card balances.
• Prevent fraud: Detect and prevent fraudulent orders, account abuse, and referral manipulation using device fingerprints, IP addresses, and behavioural patterns.
• Improve the Service: Analyze usage patterns, troubleshoot issues, and develop new features.
• Legal compliance: Comply with applicable laws, regulations, and legal processes.

3. Mobile Application

Our mobile app for iOS and Android collects the following additional data:

• Push notifications: When you enable notifications, we store a device token to send order updates, menu alerts, delivery reminders, and subscription confirmations.
• Approximate location: The app uses your IP address (via ipapi.co) to determine your approximate location and connect you with the nearest kitchen. We do not access your device's GPS or precise location services.
• Secure storage: Authentication tokens are stored securely on your device using the platform's secure storage (Keychain on iOS, Keystore on Android).
• App updates: The app may receive over-the-air updates. No additional personal data is collected during this process.

Notification Preferences

You can manage your notification preferences from your account settings. We support the following notification categories:

• Order updates and confirmations
• New menu alerts
• Delivery and cutoff reminders
• Promotional offers and newsletters
• Review requests
• Cart reminders

You may opt out of any category at any time. Transactional notifications (order confirmations, payment receipts) may still be sent as required.

4. Cookies & Similar Technologies

We use cookies to keep you logged in, remember your referral link, and protect your account during checkout.

We use Google Analytics to understand how visitors use our website and app. Google Analytics collects anonymous usage data such as pages visited, time on site, and general location. This data is aggregated and does not personally identify you. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use advertising trackers or sell your data to advertisers.

5. Third-Party Services

We use trusted third-party services to operate the Service, including:

• Payment processing: Your card details are handled securely by Stripe (PCI-DSS Level 1 certified). We never store full card numbers.
• Analytics: We use Google Analytics to understand usage patterns. See the Cookies section above for details.
• Service providers: We work with third-party providers for email delivery, address validation, push notifications, and hosting. These providers only receive the minimum data necessary to perform their function.

We do not sell your personal information to any third party.

6. Data Retention

• Account data: Retained for as long as your account is active, plus 2 years after deletion for legal and tax purposes.
• Order history: Retained indefinitely for your records and our legal obligations.
• Session logs: IP addresses, device fingerprints, and login history are retained for 1 year for security purposes.
• Push tokens: Retained while active; removed when you disable notifications or uninstall the app.
• Reward points: Points expire 365 days after earning (extended by new purchases). Credit-type points do not expire.

7. Data Security

We implement industry-standard security measures to protect your data:

• All connections are encrypted via SSL/TLS (HTTPS).
• Passwords are hashed using bcrypt — we never store plaintext passwords.
• Payment data is handled by Stripe (PCI-DSS Level 1 certified) and never stored on our servers.
• Authentication tokens use HttpOnly, Secure, SameSite cookies.
• Two-factor authentication (2FA) and passkey support are available for additional account security.
• CSRF tokens protect all form submissions.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: You can delete your account directly from the mobile app (Account > Delete Account) or by contacting us at [email protected]. When you delete your account, it is deactivated immediately, all sessions are revoked, and any active subscriptions are cancelled. Your order history and transaction data are retained for legal and tax record-keeping purposes as described in the Data Retention section.
• Portability: Request your data in a structured, machine-readable format.
• Opt-out: Unsubscribe from marketing emails and push notifications at any time.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. Minors between 13 and the age of majority in their jurisdiction should use the Service only with parental or guardian consent.

10. International Transfers

Your data may be processed and stored in Canada and, through our third-party service providers, in other jurisdictions. By using the Service, you consent to the transfer of your data to these jurisdictions. We ensure that any such transfers comply with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

For privacy-related questions, data requests, or concerns:

• Email: [email protected]
• Website: meels.com/contact

Meels Inc.
Canada