Privacy & Cookie Notice
Last updated : 27 May 2025
1. Who we are
Chris Smith (sole trader) trading as Menue (“we”, “us”). Contact – hello@Menue.com · 10 High St, London EC1, UK.
2. What data we collect
- Email address (used as your login token)
- Weight, allergies & dietary restrictions (special-category health data)
- Meal-plan answers and the generated plan
- Technical logs: IP, user-agent, error traces, funnel positions, email-delivery status
- Optional analytics & session-replay data (Google Analytics 4, PostHog) only if you click “Accept” on our banner
3. Why we collect it
- Ordinary data – to generate and deliver your 5-day meal plan & send the ready-email (contractArt 6 (1)(b))
- Special-category data – explicit consentArt 6 (1)(a) + Art 9 (2)(a)
- Error logging & fraud prevention (legitimate interestArt 6 (1)(f))
- Funnel analytics, session replay & site usage (consentArt 6 (1)(a)) – disabled by default
Meal-plan generation
When you complete our onboarding form we collect your e-mail address and information about your dietary preferences, restrictions and goals. We use this information only to generate your personalised meal plan and to send it to you by e-mail.
Lawful basis: Article 6(1)(b) UK GDPR – performance of a contract; Article 9(2)(a) – your explicit consent.
Where we process it: The data are passed to our cloud workflow provider Inngest (UK / EU servers) to queue the plan-generation task.
Retention: Raw event data are deleted 30 days after your plan is generated; aggregate, fully pseudonymised statistics may be kept longer to improve the service.
Your rights: You can withdraw consent or request deletion at any time by e-mailing support@Menue.com.
4. How long we keep it
Meal-plan & technical logs: up to 12 months after your last interaction.
Server error logs: 30 days.
Analytics data: GA4 / PostHog default (26 months) – deleted sooner if you withdraw consent.
We then delete or anonymise the data.
5. Where it goes
Processors: Stripe (payments – token only), Supabase (DB), Vercel (hosting), PostHog (analytics & replay), Google (Analytics). All covered by EU DPF or SCCs.
6. Your rights
You can access, correct, delete, restrict or object to processing, and withdraw consent for special-category or analytics data at any time. Email us – we’ll reply within 30 days. Complaints → ICO.
If you withdraw consent for special-category data we must delete your plan and cannot provide the service.
7. Cookies & storage
| Name / key | Purpose | Expiry |
|---|---|---|
email (LocalStorage) | Keeps you logged in via magic link (essential) | Until you clear storage |
_ga (cookie) | Google Analytics 4 (optional) | 13 months |
ph_<id>_posthog (cookie) | PostHog session replay & analytics (optional) | 1 year |
Optional cookies & storage are set only if you click “Accept” on our banner. Change your mind any time via “Reject” or by clearing site data.