Skip to content

Privacy Policy

Last updated: July 11, 2026

1. Data Controller

Alexander Eriksson is responsible for processing your personal data in Smaklig. Contact: lillalle@hotmail.com

2. Data We Collect

Account data: Name, email, password (hashed with Argon2id).

Health data (GDPR Art. 9 — special category): Weight, height, dietary goals, allergies, and training data that you provide in your profile and onboarding are currently used for personalized features. A separate, server-verified, rejectable health-consent flow is not yet active.

Usage data: AI generation logs (prompts + output metadata for quality improvement), store selections, recipe favorites, activity events (page views, recipe interactions).

Analytics data: Aggregated weekly savings statistics, cohort milestones (onboarding done, first weekly menu, etc), store changes. Used internally for product improvement only — not shared with third parties.

3. Legal Basis

Health data: Smaklig has previously relied on explicit consent under GDPR Art. 9(2)(a), but the current registration checkbox is not a separate server-verified consent flow and no granular withdrawal control for general health processing is available yet. Today, processing can be stopped by deleting the account. The GDPR Art. 6 basis for health personalization is under legal review.

Account data: Contract (GDPR Art. 6(1)(b)) — necessary to provide the service.

4. Third-Party Services

We use Google Gemini for AI processing, Neon for the primary database in Frankfurt, and Vercel for hosting, serverless execution, and related storage. Gemini and Vercel may process data outside the EU/EEA under contractual transfer safeguards. Campaign providers receive store IDs only, not personal profile or health data.

Nutrition data: Nutrition values for Swedish foods come from the Swedish Food Agency's food database (CC BY 4.0). We never send personal data to the Swedish Food Agency — their database is imported locally.

5. Retention

Account data is retained as long as the account is active. Upon deletion, all data is removed within 30 days.

Analytics raw data (AI prompts, activity events, error logs) is automatically deleted after 90 days. Aggregated stats (without personal link) may be kept longer for product analysis.

Price history from store campaigns (without personal link) is kept for 2 years for long-term price trends.

6. Your Rights

You have the right to: request data export, correct inaccurate data, delete your account, withdraw consent, and lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Cookies

We use cookies to make the site function and to improve it over time.

Necessary cookies: The cookie_consent cookie stores your choice. It is necessary so we can remember whether you accepted or declined analytics cookies. Stored for 12 months. No third-party transfers.

Analytics cookies (consent required): The _ga and _ga_* cookies from Google Analytics 4 (Google LLC) help us understand how the site is used. Stored for up to 2 years. Data is transferred to the US under Standard Contractual Clauses in accordance with Schrems II.

Legal basis for cookies: Consent (GDPR Art. 6.1.a) for analytics cookies. Legitimate interest (GDPR Art. 6.1.f) for necessary cookies.

Change your choice: Delete the cookie_consent cookie in your browser to see the choice again.

Contact: Questions about cookies or data protection: lillalle@hotmail.com