Munchi: AI-powered meal planning
Home Terms Cookies

Privacy Policy

Last updated: 5 July 2026

This Privacy Policy explains how CrossDEV (“Munchi”, “we”, “us”), established at Cruquiuszoom 52, 2142 EW Cruquius, the Netherlands, and registered with the Dutch Chamber of Commerce (KvK) under number 76028704, collects, uses and protects your personal data when you visit our website or use the Munchi mobile application and related services (together, the “Service”).

We are the data controller for the processing described here. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Dutch GDPR Implementation Act (UAVG).

Contents
  1. What data we collect
  2. Why we use it & legal bases
  3. Dietary & health information
  4. Who we share data with
  5. International transfers
  6. How long we keep data
  7. Your rights
  8. Security
  9. Children
  10. Mobile app permissions & stores
  11. Account deletion
  12. Changes & contact

1. What data we collect

CategoryExamples
Account & contact dataName, email address, password (stored hashed), waitlist sign-up email.
Profile & preferencesDietary preferences, allergies/intolerances, nutrition goals, household size, cuisines you like.
Usage & content dataMeal plans generated, recipes saved, grocery lists, in-app actions, feature usage.
Device & technical dataIP address, device type, operating system, app version, language, crash logs, approximate region, and sampled session replays (screen recordings with all text and images masked).
Cookies & analyticsIdentifiers and usage metrics set only with your consent. See our Cookie Policy.
CommunicationsMessages you send us (support, contact form, email).

2. Why we use it & legal bases

PurposeLegal basis (GDPR Art. 6)
Create and manage your account; provide the meal-planning ServicePerformance of a contract (Art. 6(1)(b))
Generate personalized meal plans, recipes and grocery listsPerformance of a contract (Art. 6(1)(b)); for dietary/health data, your explicit consent (Art. 9(2)(a))
Send the early-access waitlist confirmation and product updatesConsent (Art. 6(1)(a)); withdraw any time via the unsubscribe link
Analytics and product improvementConsent (Art. 6(1)(a)) via the cookie banner
Marketing & campaign measurement (Meta Pixel)Consent (Art. 6(1)(a)) via the cookie banner
Security, fraud prevention, debugging, crash diagnostics & session replayLegitimate interests (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

3. Dietary & health information

Information about allergies, intolerances, medical diets or health goals may qualify as special category data under Article 9 GDPR. We process it solely to generate the meal plans and recommendations you ask for, and only on the basis of your explicit consent, which you give when you enter this information. You can withdraw consent and delete this data at any time in the app; doing so may limit personalization.

4. Who we share data with

We do not sell your personal data. We share it only with:

  • Service providers (processors) acting on our instructions, e.g. cloud hosting, email delivery, analytics and AI/model providers used to generate recommendations. Each is bound by a data processing agreement under Article 28 GDPR.
  • Sentry (Functional Software, Inc., “Sentry”) as a processor for crash reporting and diagnostics, including sampled session replay. Replays are captured with text and images masked, so the content you type and view is not recorded, only interaction and error context. This is used purely for reliability and debugging on the basis of our legitimate interests (Art. 6(1)(f)); it is not advertising or cross-app tracking, uses no Advertising Identifier (IDFA), and is separate from the consent-based analytics and marketing described in our Cookie Policy.
  • App stores (Apple App Store, Google Play) for distribution and, with consent, store analytics.
  • Authorities where required by law, or to protect our rights.

5. International transfers

Where a provider processes data outside the European Economic Area, we rely on an adequacy decision or on the European Commission’s Standard Contractual Clauses, together with supplementary safeguards where needed. You can request a copy of the relevant safeguards using the contact details below.

Our Sentry crash-reporting and session-replay data is stored in the EU (Sentry’s Frankfurt / .de region), so no transfer outside the EEA occurs for this processor.

6. How long we keep data

  • Account data: for as long as your account is active, then deleted or anonymised within 90 days of closure.
  • Waitlist emails: until you unsubscribe or we launch and migrate you to an account.
  • Analytics data: for the retention period configured in our analytics tool (see the Cookie Policy).
  • Legal/financial records: for the statutory retention period that applies to us (in the Netherlands, generally 7 years for tax records).

7. Your rights

Under the GDPR you have the right to: access; rectification; erasure (“right to be forgotten”); restriction; data portability; objection to processing based on legitimate interests; and to withdraw consent at any time without affecting prior processing. To exercise any right, contact us at hello@munchi.io. We respond within one month.

You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens.

8. Security

We apply appropriate technical and organisational measures, such as encryption in transit, hashed passwords, access controls and regular review, to protect your data. No method of transmission is 100% secure, but we work to protect your information and will notify you and the supervisory authority of a qualifying breach as required by Articles 33–34 GDPR.

9. Children

The Service is not directed at children under 16. We do not knowingly collect their data; if you believe a child has provided us data, contact us and we will delete it.

10. Mobile app permissions & app stores

The Munchi app may request device permissions, always with an in-context prompt you can decline:

  • Notifications: meal reminders and updates.
  • Camera / Photos: only if you add a photo to a recipe or scan an item (optional).
  • Network access: required to sync your plans.

We provide the disclosures required by Apple’s App Store (“App Privacy” / Nutrition Label) and Google Play’s Data Safety section. In those labels, Diagnostics data (including IP address and your account ID, used for crash reporting and masked session replay) is declared as linked to your identity and used for App Functionality. We do not use the iOS Advertising Identifier (IDFA) and do not track you across other companies’ apps and websites; none of this diagnostics data is used for tracking.

11. Account deletion

You can delete your Munchi account and personal data at any time:

  • In the app: go to Settings → Account → Delete account and confirm. Your account and associated personal data are removed from active systems, and deleted or anonymised within 90 days (some records may be retained only where the law requires, e.g. financial records).
  • By email: send a request from your account email to hello@munchi.io with the subject “Delete my account”. We verify your identity and confirm once the deletion is complete.

Deleting your account also removes your dietary and health-related preferences. Backups are overwritten on their normal rotation. If you only want to withdraw a specific consent (for example marketing emails) without deleting your account, use the unsubscribe link or contact us and we will action it.

12. Changes & contact

We may update this policy; the “Last updated” date shows the latest version and we will notify you of material changes. We have not appointed a Data Protection Officer, as we are not legally required to; for any privacy question please contact us:

  • Email: hello@munchi.io
  • Controller: CrossDEV, Cruquiuszoom 52, 2142 EW Cruquius, the Netherlands
  • KvK (Chamber of Commerce): 76028704
© 2026 Munchi (CrossDEV). Stop wondering what to eat.
Privacy Terms Cookies Cookie settings