Skip to main content
MV Menuvivo

Menuvivo privacy policy (EN)

This policy explains what data we process, why we do it, on what legal basis, and what rights you have.

1. Data controller and contact

The controller of your personal data is Juliusz Ćwiąkalski, conducting business under the name JCw Solutions Juliusz Ćwiąkalski, entered in the Central Registration and Information on Business (CEIDG), NIP 913-150-47-11, REGON 021461414 (hereinafter: the “Controller”, the “Service Provider”).

Privacy contact: contact@menuvivo.com.

2. Scope

The policy applies to the processing of personal data in connection with:

  1. using the Menuvivo app available at https://app.menuvivo.com,
  2. using the information website https://www.menuvivo.com (if available),
  3. communicating with us (e.g., e-mail, in-app chat – if available).

3. Categories of data we process

The scope of data depends on how you use Menuvivo. We may process:

  1. Account and authentication data: user identifier with the Authentication Provider, basic profile data provided as part of login (e.g., name/profile name, e-mail address, profile photo – if the provider makes it available).
  2. Group (family) subscription data: role (Subscription Administrator / Subscription Member), information about invitations, membership, and account relationships within the subscription.
  3. Content and application data: inventory, lists, meal plans, dietary preferences, notes, corrections, and other content entered by the user.
  4. Photos and related data: photos (e.g., of the fridge/pantry/products) and metadata and processing results (e.g., labels, recognized products, corrections).
  5. Technical data and logs: IP address, device/browser identifiers, timestamps, error information, server logs, and security events.
  6. Billing data (if we introduce payments): data necessary for settlements and accounting documentation (e.g., invoice data, payment history). In such a case, we may use a payment operator (it will be indicated in the app or in this policy after payments are implemented).
  7. Communication and mailing data: e.g., e-mail address, communication preference information, contact history (if you write to us or subscribe to a mailing list).

We process data for the following purposes, on the following legal bases:

  1. Entering into and performing a contract / providing the service Creating and maintaining an Account, authentication, providing app functionality, handling a Group (family) Subscription and sharing data within it. Basis: Art. 6(1)(b) GDPR (contract).

  2. Security, abuse prevention, stability, and diagnostics Detecting abuse, preventing fraud, ensuring system security, keeping logs, diagnosing errors, auditing, and accountability. Basis: Art. 6(1)(f) GDPR (the Controller’s legitimate interest).

  3. Legal obligations Fulfilling obligations under applicable law (e.g., tax/accounting settlements – where applicable, complaint handling, responding to requests from authorized authorities). Basis: Art. 6(1)(c) GDPR (legal obligation).

  4. Contact and service-related communication Responding to messages, handling inquiries, technical and security communications, information about changes to the terms/policies (when required). Basis: Art. 6(1)(b) and/or (f) GDPR (depending on the nature of the contact).

  5. Analytics and usage measurement (cookies / similar technologies) Measuring traffic and behavior in the website/app to better understand how the product works and improve the user experience. Basis: as regards cookies and similar technologies: consent under ePrivacy/telecommunications laws; and as regards further processing of data: Art. 6(1)(a) GDPR (consent). We run analytics tools only after your consent (see the “Cookies” section).

  6. Mailing (e.g., product updates / mailing list) If you subscribe to a mailing list or consent to such communication, we may send e-mail messages. Basis: as a rule, Art. 6(1)(a) GDPR (consent) and ePrivacy provisions regarding marketing communications (if marketing content is involved).

  7. AI improvement based on photos (opt-in) Using photos and related data for research and development purposes (e.g., training/testing/fine-tuning AI models) only if you enable the voluntary opt-in setting in the app. Basis: Art. 6(1)(a) GDPR (consent). You may withdraw your consent at any time with effect for the future (details in the “Retention period” section).

5. Data sources

In most cases you provide data to us directly (e.g., you create content in the app). Some data may come from the Authentication Provider (e.g., account identifier, e-mail) – to the extent it makes it available as part of login.

6. Recipients of data (who we may share data with)

We may disclose data to recipients only to the extent necessary for the operation of the service or for the purposes described in this policy, in particular:

  1. Hosting, infrastructure, and operational tool providers We use AWS (Amazon Web Services) cloud infrastructure to maintain systems, databases, and backups.

  2. Authentication providers Entities enabling login (e.g., Google; other providers in the future). The scope of data depends on the chosen login method.

  3. Analytics providers (after consent to cookies) We may use analytics tools such as PostHog (EU cloud / PostHog Cloud EU) – run only after obtaining your consent to cookies/similar technologies. In the future, we may also use other analytics tools (e.g., Google Analytics) – also only after consent.

  4. Mailing / communication providers We may use Brevo as a tool for managing mailing lists and sending e-mail messages (to the extent we use it).

  5. AI providers (processing at your request) and AI providers as part of opt-in training Menuvivo may use external providers of AI models and/or AI infrastructure (providers may change). Depending on the function, data may be transferred to such a provider for processing (e.g., photo analysis, generating suggestions). If you enable AI Improvement opt-in, your materials may be used in R&D processes in accordance with your consent.

  6. Payment operators and accounting providers (if we implement payments) For the implementation of payments and the fulfillment of tax/accounting obligations.

  7. Authorized authorities If required by law, we may disclose data to authorized authorities (e.g., based on a valid request).

7. Transfers of data outside the EEA (international transfers)

Depending on which external services we use (e.g., some AI providers, tool providers), your data may be transferred outside the European Economic Area.

If a transfer outside the EEA takes place, we apply safeguards required by the GDPR, in particular Standard Contractual Clauses (SCC) or other mechanisms provided for by law – as appropriate for the specific transfer and provider.

8. Retention period (data retention)

We apply the principle: we store data only for as long as is necessary to achieve the purpose.

  1. Account data and application data are stored for the duration of the contract (having an Account) and for the period necessary to:

    • handle claims and defend against claims,
    • fulfill legal obligations.

  2. Photos and related data are generally stored for the duration of the contract (having an Account) or until you delete them (if the functionality allows it) – subject to backups.

  3. Technical and security logs are stored for the period necessary to ensure security and accountability, and then deleted or anonymized.

  4. Billing data (if applicable) is stored for the period required by law.

  5. AI Improvement (opt-in):

    1. if you withdraw consent (disable opt-in), new photos will not be used for AI Improvement;
    2. photos previously collected for AI Improvement are deleted or excluded from future training datasets within a reasonable time;
    3. we may complete ongoing in-progress processes (“jobs”) in which data is already being processed;
    4. withdrawing consent does not mean “unlearning” AI models that were already trained before consent was withdrawn.

9. Your rights

You have rights under the GDPR, in particular:

  • the right of access to data,
  • the right to rectification,
  • the right to erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object (when we process data under Art. 6(1)(f) GDPR),
  • the right to withdraw consent (when we process data on the basis of consent) – including consent to AI Improvement (opt-in),
  • the right to lodge a complaint with a supervisory authority: the President of the Personal Data Protection Office (PUODO).

To exercise your rights, contact us: contact@menuvivo.com.

10. Children (13+) and Group Subscription

  1. The minimum age for using the app is 13 years.
  2. In the Group (family) Subscription model, the contract is concluded by the Subscription Administrator (18+), who invites and removes Subscription Members.
  3. Subscription Members within the same group may see shared resources and User Content in accordance with the app’s functionality (e.g., inventory, lists, plans, fridge/pantry photos, product thumbnails). This means that when you add content to shared areas, it is also available to other members of your group.
  4. AI Improvement (opt-in): for Minor Users, opt-in decisions may be made as part of subscription management by the Subscription Administrator (in accordance with the Terms). An adult Subscription Member decides on opt-in independently for their own Account.

11. Automated decision-making and AI

Menuvivo may use AI to generate suggestions (e.g., meal proposals, product recognition). Such suggestions may be inaccurate. We do not make decisions about you that produce legal effects or similarly significantly affect you solely in an automated manner.

12. Cookies and similar technologies (ePrivacy)

  1. The website/app may use cookies and similar technologies:

    • necessary for operation (e.g., security, maintaining basic settings),
    • analytics – only if you give consent.

  2. Analytics after consent (cookie opt-in): If we use analytics tools (e.g., PostHog Cloud EU, and in the future also other tools), we run them only after obtaining your consent.

  3. Consent cookie mv_consent: We use a consent cookie (mv_consent) scoped to .menuvivo.com to share your consent decision between www.menuvivo.com and app.menuvivo.com. This way, you set your preferences only once for all our subdomains.

  4. You can change your cookie consent at any time in the privacy settings / consent management tool (if available on the website/app) or in your browser settings (remember that blocking necessary cookies may make the service harder to use).

13. Security

We apply technical and organizational measures appropriate to the risks, in particular limiting access to data, encrypting transmission, access control mechanisms, and security monitoring.

14. Changes to the privacy policy

  1. We may update this policy for important reasons (e.g., changes in the law, changes in providers, changes in functionality).
  2. In the event of material changes, we will inform the Subscription Administrator in advance (as a rule, at least 14 days), indicating the effective date of the changes.
  3. The changes do not infringe Consumers’ rights under mandatory provisions of law.