Legal
Privacy Policy
Last updated: 13 May 2026
Mealody ("we", "our", or "us") is operated by Matt Collis, a sole trader registered in Australia (ABN 50 865 504 657). This privacy policy explains what data we collect, how we use it, and your rights.
By using Mealody you agree to this policy. If you do not agree, do not use the app.
1. Age Requirement
Mealody is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us at hello@mealody.org and we will delete it.
2. What Data We Collect
Data from Spotify: When you connect your Spotify account, we receive your recently played tracks and listening history (used to generate your mood profile and recipe) and your Spotify user ID (used only to identify your session). We do not store your Spotify password. Access is granted via Spotify's secure OAuth login.
Data you provide in the app: Protein preferences (optional, subscribers only) and dishes you choose to exclude (optional), both used only to personalise your recipe.
Saved recipes (subscribers only): Recipes you choose to save are stored against your account.
Account data (subscribers only): A unique user ID issued by Supabase (our authentication provider) and your sign-in method (Sign in with Apple or Sign in with Google). We do not store your name, email address, or any other personal details from your Apple or Google account in our database.
Subscription data: Your subscription status (active, expired, trial) managed by RevenueCat. We do not store payment card details — all payment processing is handled by Apple or Google.
3. How We Use Your Data
We use your data only to operate the app: Spotify listening data is used to generate a mood profile and suggest a recipe; preferences are used to personalise your recipe; your user ID is used to associate saved recipes with your account; subscription status is used to determine which features you can access.
We do not sell your data. We do not use your data for advertising.
4. Third-Party Services
Mealody uses the following third-party services. Each has its own privacy policy.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Spotify | Music data via OAuth | spotify.com/privacy |
| Supabase | User authentication | supabase.com/privacy |
| RevenueCat | Subscription management | revenuecat.com/privacy |
| Anthropic (Claude) | Recipe and mood generation via AI | anthropic.com/privacy |
| fal.ai | Dish image generation (receives dish name only — no personal data) | fal.ai/privacy |
| Apple (iOS users) | Sign in with Apple, in-app purchases | apple.com/privacy |
| Google (Android users) | Sign in with Google, in-app purchases | policies.google.com/privacy |
| Railway | Backend hosting and database | railway.app/privacy |
5. Data Storage and Security
Your data is stored on servers hosted by Railway in the United States. We use industry-standard security practices including encrypted connections (HTTPS/TLS) for all data in transit.
We retain your saved recipes and account data for as long as your account is active. If you delete your account, your data is deleted within 30 days.
6. Your Rights
- Access The data we hold about you
- Delete Your account and all associated data
- Withdraw Consent at any time by disconnecting Spotify or deleting the app
To exercise any of these rights, contact us at hello@mealody.org.
7. Changes to This Policy
We may update this policy from time to time. If we make significant changes we will notify you within the app. The date at the top of this page reflects the most recent update.
8. Contact
Questions about this privacy policy?
Matt Collis · ABN 50 865 504 657 · mealody.org