Privacy Policy

Hello Emma AB ("we," "us," or "our") operates TableSet, a personalized meal planning service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant regulations.

1. Company Information

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), and name when you create an account.
• Family Preferences: Family size, dietary restrictions, food preferences, dislikes, allergies, and meal planning preferences you provide during onboarding.
• Payment Information: Payment details processed securely through our payment processor (Stripe). We do not store complete credit card numbers.
• Communications: Messages, feedback, and support requests you send to us.

2.2 Information Automatically Collected

• Usage Data: Pages visited, features used, meal swaps, and interactions with the Service.
• Device Information: Browser type, device type, operating system, IP address, and unique identifiers.
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience (see Section 8).

3. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: Generate personalized meal plans, shopping lists, and recipes based on your family preferences.
• Process Payments: Complete transactions and manage subscriptions.
• Improve the Service: Analyze usage patterns, optimize features, and develop new functionality.
• Customer Support: Respond to inquiries, troubleshoot issues, and provide assistance.
• Communications: Send service updates, meal plan notifications, and optional marketing communications (you can opt-out).
• Legal Compliance: Comply with legal obligations, enforce our Terms of Service, and protect our rights.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contractual Necessity: To fulfill our contract with you (providing meal planning services).
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security.
• Consent: For marketing communications (you can withdraw consent at any time).
• Legal Obligations: To comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who help us operate the Service (e.g., hosting, payment processing, AI model providers). These providers are contractually obligated to protect your data.
• Payment Processors: Stripe processes payments on our behalf. See Stripe's privacy policy for details.
• Legal Requirements: When required by law, court order, or to protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal or compliance purposes.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent for marketing communications at any time.

To exercise these rights, contact us at support@tableset.me.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and remember your preferences. Types of cookies we use:

• Essential Cookies: Required for the Service to function (e.g., authentication).
• Analytics Cookies: Help us understand how you use the Service.
• Preference Cookies: Remember your settings and preferences.

You can manage cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

9. Data Security

We implement industry-standard security measures to protect your data, including encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA) where our service providers are located. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR requirements.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

You also have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local supervisory authority if you believe we have not complied with data protection laws.