Privacy Policy

Name: Smaklig
Author: Alexander Eriksson

Last updated: April 11, 2026

1. Data Controller

Alexander Eriksson is responsible for processing your personal data in Smaklig. Contact: lillalle@hotmail.com

2. Data We Collect

Account data: Name, email, password (hashed with Argon2id).

Health data (GDPR Art. 9 — special category): Weight, height, dietary goals, allergies, training data. This data is processed with explicit consent given at registration.

Usage data: AI generation logs (prompts + output metadata for quality improvement), store selections, recipe favorites, activity events (page views, recipe interactions).

Analytics data: Aggregated weekly savings statistics, cohort milestones (onboarding done, first weekly menu, etc), store changes. Used internally for product improvement only — not shared with third parties.

3. Legal Basis

Health data: Explicit consent (GDPR Art. 9(2)(a)). You can withdraw consent at any time via Settings → Delete account.

Account data: Contract (GDPR Art. 6(1)(b)) — necessary to provide the service.

4. Third-Party Services

We share data with: Anthropic (Claude AI), Neon (database, EU Frankfurt), Vercel (hosting, EU), ICA (store campaigns — only store IDs shared, no personal data). Coop planned during 2026.

Nutrition data: Nutrition values for Swedish foods come from the Swedish Food Agency's food database (CC BY 4.0). We never send personal data to the Swedish Food Agency — their database is imported locally.

5. Retention

Account data is retained as long as the account is active. Upon deletion, all data is removed within 30 days.

Analytics raw data (AI prompts, activity events, error logs) is automatically deleted after 90 days. Aggregated stats (without personal link) may be kept longer for product analysis.

Price history from store campaigns (without personal link) is kept for 2 years for long-term price trends.

6. Your Rights

You have the right to: request data export, correct inaccurate data, delete your account, withdraw consent, and lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Cookies

We use cookies to make the site function and to improve it over time.

Necessary cookies: The cookie_consent cookie stores your choice. It is necessary so we can remember whether you accepted or declined analytics cookies. Stored for 12 months. No third-party transfers.

Analytics cookies (consent required): The _ga and _ga_* cookies from Google Analytics 4 (Google LLC) help us understand how the site is used. Stored for up to 2 years. Data is transferred to the US under Standard Contractual Clauses in accordance with Schrems II.

Legal basis for cookies: Consent (GDPR Art. 6.1.a) for analytics cookies. Legitimate interest (GDPR Art. 6.1.f) for necessary cookies.

Change your choice: Delete the cookie_consent cookie in your browser to see the choice again.

Contact: Questions about cookies or data protection: lillalle@hotmail.com