Privacy Policy
Last updated:
Introduction
Monkeyfuse ("we", "our", or "us") is an independent software house committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our mobile applications (including MasterMeals) and visit our website.
Information We Collect
MasterMeals App - Data Collection
When you use MasterMeals, we collect the following information:
User Account Data:
- Email address — used for authentication and account recovery
- Password — stored securely using bcrypt hashing (we never store plain text passwords)
- Account creation timestamp
Recipe Data (content you create or import):
- Recipe title, cooking time, and serving size
- Ingredients and cooking instructions
- Original recipe URL (when you import recipes from websites)
- Recipe image URLs (when available)
- Creation and modification timestamps
Meal Planning Data:
- Weekly meal plan dates and names
- Selected recipes and custom serving counts
- Plan active status
- Creation and update timestamps
Shopping List Data:
- Ingredient items (generated from your meal plans)
- Check status (checked/unchecked items)
- Creation timestamps
Authentication Tokens:
- Access tokens — stored securely on your device using iOS Keychain or Android Keystore
- Refresh tokens — stored in our database with expiration dates
- Password reset tokens — temporary tokens that expire after 1 hour
Analytics and Tracking
MasterMeals does NOT use any analytics, tracking, crash reporting, or advertising services. We do not collect:
- Device information or identifiers
- App usage patterns or screen views
- Crash reports or performance metrics
- Location data of any kind
- Advertising identifiers
Information We Do NOT Collect
We do not collect:
- Precise or approximate geolocation data
- Contact lists or phone numbers
- Photos or media files from your device
- Financial information (payments are processed through Apple's App Store)
- Browsing history or search history
- Health or fitness data
How We Use Information
We use collected information to:
- Authentication & Authorization — verify your identity and provide secure access to your account
- Recipe Management — store, display, update, and delete your recipes
- Recipe Scraping — extract recipe data from URLs you provide using the recipe-scrapers library
- Meal Planning — create and manage your weekly meal plans
- Shopping List Generation — automatically generate shopping lists from your meal plan recipes
- AI-Powered Recipe Updates — send your recipe data (title, time, serves, ingredients, instructions) to OpenAI's API when you request recipe modifications or suggestions
- Password Reset — generate secure temporary tokens for password recovery
- Customer Support — respond to your inquiries and provide assistance
- Service Security — ensure the security and integrity of our services
AI Service Usage (OpenAI)
When you use AI-powered features to modify or enhance recipes, we send your recipe data to OpenAI's API. This includes:
- Recipe title, cooking time, and serving size
- Ingredients list
- Cooking instructions
- Your specific modification request
OpenAI processes this data to generate recipe suggestions and returns the results to you. We do not send your email address or any personally identifiable information to OpenAI. OpenAI's data usage is governed by their privacy policy at https://openai.com/privacy.
Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:
- Account data (email, password): Retained for the lifetime of your account. When you delete your account, all account data is permanently deleted within 30 days.
- Recipe, meal plan, and shopping list data: Retained for the lifetime of your account. When you delete your account, all your content is permanently deleted within 30 days.
- Refresh tokens: Automatically expire after a set number of days (configurable, typically 30 days).
- Password reset tokens: Expire after 1 hour.
- Support communications: Retained for up to 12 months to help us provide better customer service.
Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Password Security: All passwords are hashed using bcrypt before storage (we never store plain text passwords)
- Encryption in Transit: All data transmitted between your device and our servers uses industry-standard SSL/TLS encryption
- Secure Token Storage: Authentication tokens are stored securely on your device using iOS Keychain or Android Keystore
- Database Security: Personal information is stored on secure, protected servers with restricted access
- Token Expiration: Access and refresh tokens have expiration dates to limit unauthorized access
- Limited Access: Access to personal data is restricted on a need-to-know basis
However, no method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Third-Party Services
MasterMeals uses the following third-party services:
- OpenAI API: We use OpenAI's API to provide AI-powered recipe modification features. When you use these features, your recipe data (not your email or personal information) is sent to OpenAI for processing. OpenAI's privacy policy is available at https://openai.com/privacy
- Recipe Scrapers: We use the open-source recipe-scrapers library to extract recipe data from URLs you provide. This library processes recipe data locally on our servers.
Important: MasterMeals does NOT use any analytics services (such as Google Analytics, Firebase Analytics, Amplitude, or Mixpanel), crash reporting services (such as Crashlytics or Sentry), or advertising services.
Third-party services have their own privacy policies governing their use of information. We encourage you to review their privacy policies. We are not responsible for the privacy practices of third-party services.
Cookies
Our website may use cookies to enhance your experience. Cookies are small files stored on your device that help us analyze website traffic and improve our services. You can choose to accept or decline cookies through your browser settings.
Children's Privacy
Our applications are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete it.
Your Rights and Choices
General Rights
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Data Portability: Receive your data in a structured, commonly used format
- Withdraw Consent: Withdraw consent for data processing where we rely on consent
GDPR Rights (European Economic Area Residents)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Object: Object to processing of your personal data based on legitimate interests
- Right to Restrict Processing: Request restriction of processing in certain circumstances
- Right to Lodge a Complaint: Lodge a complaint with your local data protection authority
Legal Basis for Processing: We process your email address and account data based on contractual necessity (to provide you with an account and our services). We process your recipe, meal plan, and shopping list data based on contractual necessity (to provide the core functionality of our application).
International Data Transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of your personal information (Note: We do not sell your personal information)
- Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights
Categories of Information Collected: Identifiers (email address), User Content (recipes, meal plans, shopping lists)
Business Purpose: To provide services, improve our applications, and communicate with you
Sale of Personal Information: We do not sell your personal information to third parties
How to Exercise Your Rights
To exercise any of these rights, please contact us at hello@monkeyfuse.com. We will respond to your request within 30 days. To protect your privacy, we may need to verify your identity before processing your request.
You can also delete your account directly within our applications by going to Settings > Account > Delete Account.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.
Contact Us