Data Retention Policy

This Data Retention Policy describes how long mealtally retains your personal data, how we delete data when it's no longer needed, and your rights to request deletion. This policy supplements our Privacy Policy.

1. Retention Periods by Data Type

We retain different types of data for different periods based on legal requirements, business needs, and user expectations:

2. Active Account Data

While your account is active, we retain:

• Meal history: All logged meals with nutrition data, timestamps, and SMS metadata
• Weight logs: All weight entries you manually log
• Profile information: Display name, email, phone number, height, weight, bio, timezone, avatar, and dietary preferences
• Settings and preferences: Calorie goals, protein goals, reply mode, summary notification preferences
• Subscription information: Tier, billing history, payment method (stored by Stripe)
• Usage data: Features used, login history, last active timestamp

This data is retained indefinitely while your account is active to provide the Service and maintain your meal tracking history.

3. Account Deletion

3.1 User-Initiated Deletion

You can delete your account at any time by contacting privacy@mealtally.com or using the "Delete Account" button in your dashboard settings (when available).

3.2 Deletion Process

When you delete your account:

1. Immediate soft delete (Day 0): Your account is marked for deletion and becomes immediately inaccessible. You cannot log in or use the Service.
2. 30-day recovery window: Your data is retained in a "soft deleted" state for 30 days. During this period, you can contact us to restore your account.
3. Permanent deletion (Day 30): After 30 days, all your data is permanently deleted from our systems, including:
   • All meal events and meal items
   • All weight logs
   • Profile information and settings
   • Messages and SMS history
   • API keys and push tokens
   • Session tokens
4. Backup deletion (Day 60): Your data is permanently removed from all database backups (backups older than 30 days are automatically purged on a rolling basis).

3.3 What is NOT Deleted

Certain data may be retained after account deletion for legal, tax, or security reasons:

• Billing records: Stripe retains payment records for 7 years for tax compliance. We retain references to your Stripe customer ID and subscription history for accounting purposes.
• Aggregated analytics: Anonymized, aggregated usage data may be retained indefinitely for product analytics (no personally identifiable information).
• Legal holds: If your data is subject to a legal hold, subpoena, or investigation, it may be retained longer as required by law.

4. Inactive Account Data

If you stop using mealtally but do not delete your account, your data is retained indefinitely. We do not automatically delete inactive accounts.

If you wish to delete your data after inactivity, you must request deletion by contacting privacy@mealtally.com.

5. Server Logs and Technical Data

5.1 Server Logs

Server logs (access logs, error logs, API request logs) are retained for 30 days for:

• Security monitoring and incident response
• Debugging and troubleshooting
• Performance optimization

After 30 days, logs are automatically deleted.

5.2 Analytics Data (PostHog)

Product analytics data collected via PostHog is retained for 90 days. After 90 days, PostHog automatically deletes event data according to their retention settings.

6. Database Backups

We maintain rolling database backups for disaster recovery:

• Backups are created daily
• Backups are retained for 30 days
• Backups older than 30 days are automatically deleted

When you delete your account, your data remains in backups for up to 30 days before being permanently purged. We do not restore backups to selectively remove individual user data, except in exceptional circumstances.

7. Billing Records

Billing records, including subscription history, payment amounts, and Stripe customer IDs, are retained for 7 years to comply with:

• IRS tax record retention requirements
• State and federal audit requirements
• Stripe's record retention obligations

After 7 years, billing records are permanently deleted.

8. Legal Holds

If your data is subject to a legal hold, subpoena, court order, or government investigation, we may retain your data beyond the periods specified in this policy as required by law.

Data subject to a legal hold will be retained until the hold is lifted or the legal matter is resolved.

9. Your Data Deletion Rights

9.1 Right to Request Deletion (GDPR, CCPA)

Under GDPR (European Economic Area, UK) and CCPA (California), you have the right to request deletion of your personal data.

To request deletion, contact us at privacy@mealtally.com or use the "Delete Account" feature in your settings.

We will respond to your request within 30 days.

9.2 Exceptions to Deletion

We may retain certain data even after a deletion request if:

• Required by law (e.g., tax records, legal holds)
• Necessary to complete a transaction or fulfill a contract
• Necessary for security, fraud prevention, or debugging
• Necessary to comply with our legal obligations or exercise legal rights

If we cannot delete certain data, we will explain why in our response to your deletion request.

10. Changes to This Policy

We may update this Data Retention Policy from time to time to reflect changes in our data practices or legal requirements. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date.

11. Contact Us

If you have questions about data retention or wish to request deletion of your data, please contact us:

• Email: privacy@mealtally.com
• Data deletion requests: privacy@mealtally.com
• Website: https://mealtally.com