PrepFlowPREPFLOW

Privacy Policy

Last Updated: February 2026

1. Responsible Body (Controller)

The controller for data processing on this website and in the PrepFlow app is:

Julian Doppelhofer
Akazienhof 7/12, 1120 Vienna, Austria
Email: contact@prepflow.app

2. What Data We Collect

We collect and process the following data:

  • Account Data: Your email address and authentication details (via Supabase).
  • Purchase & Subscription Data: Since purchases are handled via the Apple App Store, we process information regarding your subscription status, transaction IDs, purchase timestamps, currency, and country. We do not store credit card numbers or billing addresses on our servers; this data is handled exclusively by Apple.
  • Usage Data: Your cooking preferences (e.g., diet, allergies), saved recipes, and cooking history.
  • Technical & Analytics Data: IP address, device information, and usage events (via PostHog), linked to your user ID.
  • Diagnostic Data: Crash reports and performance data (via Sentry) to fix bugs.

3. How We Use Your Data

We use your data to:

  • Provide the PrepFlow service (authentication, saving your history).
  • Generate meal suggestions (using anonymous parameters).
  • Improve app stability (analyzing crashes).
  • Analyze usage patterns to improve and optimize the product (via PostHog analytics).
  • Communication: Send you transactional emails (e.g., password reset) and, if you have opted in, product updates or newsletters. You can unsubscribe from marketing emails at any time.

4. Third-Party Services

We use the following third-party service providers. We have entered into Data Processing Agreements (DPA) with these providers where required.

  • Apple App Store (Payments): Handles all payment processing. Apple acts as the "Merchant of Record" and processes your data according to their own privacy policy.
  • RevenueCat (Subscription Management): Used to manage and verify your subscription status. We share a unique User ID with RevenueCat to ensure your purchase is synced with your PrepFlow account.
  • Supabase (Database & Auth): Hosted on AWS in Ireland (EU). Used for secure data storage and user authentication.
  • Vercel (Hosting): Used to host our website and landing page.
  • Sentry (Crash Reporting): Used to collect crash logs and performance issues. Sentry may process your IP address and device data to help us identify errors.
  • OpenAI (AI Features): We use OpenAI's API to generate ranking logic. We send only anonymous parameters (e.g., "15 minutes time", "vegetarian") to OpenAI. We do not share your personal data (email, name, user ID) with OpenAI.
  • PostHog (Analytics): Used to collect usage events and device metadata to understand how users interact with PrepFlow. This data is linked to your user ID to provide a complete picture of your usage patterns for product optimization. PostHog is hosted in the EU (Frankfurt).
  • Resend (Email Service): Resend Inc. is used to send transactional emails (e.g., password reset, account notifications) and, if you have opted in, newsletters and product updates. Resend processes your email address, sending timestamps, and email engagement metrics (e.g., open rates, delivery status) to ensure reliable email delivery. Resend is based in the USA; data transfer is covered by the EU-US Data Privacy Framework.

5. International Data Transfers

Some of our service providers (e.g., Sentry, OpenAI, Resend, RevenueCat) are based in the USA. Data transfer to the USA is based on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCC) to ensure an adequate level of data protection.

6. App Tracking Transparency

For iOS users, we adhere to the App Tracking Transparency (ATT) framework. If you grant permission, we link purchase events and usage data to help us measure and improve our marketing efforts and product features. You can change your tracking preferences at any time in your iOS system settings.

7. Your Rights (Deletion & Access)

Under the GDPR, you have the right to access, correct, or delete your personal data.

  • Account Deletion: You can delete your account and all associated personal data directly within the PrepFlow app settings. This is immediate and irreversible.
  • Important: Deleting your PrepFlow account does not automatically cancel an active subscription billed through Apple. Subscriptions must be cancelled manually within your Apple ID Subscription Settings to avoid further charges.
  • Alternatively, you can contact us at contact@prepflow.app to request deletion or information.

8. Data Retention

We retain your data only as long as your account is active. If you delete your account, your personal data is removed from our live database immediately.

9. Contact

If you have questions about this privacy policy, please contact us at contact@prepflow.app.