Back to homepage

Yummo Privacy Policy

Last updated: January 2025

1. Data Controller

  • The controller of your personal data is Yummo Sp. z o.o. based in Poland.
  • Contact for data protection matters: privacy@yummo.app

2. Data We Collect

Personal data:

  • Name and email address (for account creation)
  • Password (stored in encrypted form)

Health data (special category under GDPR Art. 9):

  • Weight, height, age, gender
  • Allergies and food intolerances
  • Dietary goals (weight loss, maintenance, muscle building)
  • Physical activity level
  • Meal plan history

3. Legal Basis for Processing

  • User consent (Art. 6.1.a GDPR) - for optionally collected data
  • Contract performance (Art. 6.1.b GDPR) - for data necessary to provide the service
  • For health data: explicit user consent (Art. 9.2.a GDPR)

4. Purpose of Data Processing

  • Personalizing meal plans based on your preferences
  • Calculating calorie and macronutrient requirements
  • Excluding recipes containing selected allergens
  • Generating shopping lists tailored to your plan
  • Tracking progress in achieving nutritional goals
  • Improving algorithm and service quality (anonymized data)

5. Your Rights (GDPR)

  • Right of access - you can request a copy of your data
  • Right to rectification - you can correct inaccurate data
  • Right to erasure ("right to be forgotten") - you can request deletion of all data
  • Right to data portability - you can download your data in machine-readable format
  • Right to withdraw consent - you can withdraw consent at any time
  • Right to object - you can object to processing for marketing purposes
  • Right to lodge a complaint with a supervisory authority

6. Data Retention

  • Data is stored for the duration of service use.
  • After account deletion: data is deleted within 30 days.
  • Backups are deleted within 90 days of account deletion.
  • Anonymized data for statistical purposes may be stored indefinitely.

7. Data Security

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password storage (bcrypt hashing)
  • Regular security audits
  • Data access restricted to authorized personnel only
  • Data stored on servers within the European Union

8. Data Sharing

  • We do not sell your data to third parties.
  • Data may be shared with service providers (hosting, analytics) only to the extent necessary to provide the service.
  • All providers are required to comply with GDPR.
  • Data may be disclosed to law enforcement based on a valid court order.

9. Cookies

  • We use cookies for proper service operation.
  • Detailed information can be found in the Cookie Policy.

10. Contact

  • For personal data matters: privacy@yummo.app
  • General contact: hello@yummo.app

This document requires review by a lawyer / Data Protection Officer before official implementation.