Privacy Policy

Last updated: April 26, 2026

MealVault is a private food-journal app built and operated by Zack Barett. This page explains what information the app collects, where the data lives, who else sees it, and how you can have it deleted. If anything here is unclear, email zack@nymbl.app and I will answer personally.

Who runs MealVault

MealVault is operated by Zack Barett as a personal project. There is no company behind it, no analytics vendor, no ad network, and no data broker. It is software for households, made by one person.

What the app collects

When you create an account, the app stores:

• Username -- a short identifier you choose (e.g. zack).
• Email address -- used to verify your account and send password resets. Required for new accounts.
• Password -- hashed with bcrypt before being stored. The plaintext password is never written to disk.
• Display name and avatar initial -- what the app shows next to your visits.

When you use the app, the app stores:

• Visit records -- the restaurant, date, participants, your notes, ratings, the items you ate, sentiment labels (Loved, Liked, Mixed, Skip), and whether you would reorder each item.
• Voice recordings -- if you record a voice note, the audio is sent to OpenAI's transcription API (gpt-4o-mini-transcribe) to produce a text transcript. The audio file is discarded after transcription. The transcript text is stored with your visit record.
• Photos -- if you attach photos to a visit, they are stored in Cloudflare R2 (a private object-storage bucket) and are only accessible via your authenticated session.
• AI-generated summaries -- the app sends your text notes or transcripts to Anthropic's Claude API to extract structured data (items, sentiments, participants). The extracted data is stored with your visit record.
• Taste profiles -- the app periodically asks Claude to summarize your preferences across visits into a short profile string that is shown in the app.

What the app does NOT collect

• No advertising identifiers, no device fingerprints, no precise location data.
• No contacts, calendar, or biometric data.
• No third-party usage analytics or crash-reporting SDKs.
• The app does not track you across other apps or websites.

Where your data lives

• Database: A managed PostgreSQL instance hosted on Neon (aws-us-east-1). Connections are TLS-encrypted with sslmode=require.
• API server: Runs on Render (api.mealvault.app, US-East region). The server is single-tenant and does not share infrastructure with any other product.
• Photo storage: Cloudflare R2, served from photos.mealvault.app. Photos are private; the app issues short-lived (10-minute) signed URLs to your phone or browser when you view them.
• On your device: The app stores a login token in the device's secure storage (Android Keystore / iOS Keychain) so you do not have to sign in every time. These are encrypted by the operating system and are wiped when you uninstall the app.

Third parties the app talks to

MealVault sends data to these third parties, and only these:

• Anthropic (Claude API) -- receives your text notes or voice transcripts so Claude can extract structured visit data and produce taste-profile summaries. Privacy policy. Anthropic does not use API inputs to train its models by default.
• OpenAI (transcription API) -- receives your audio recordings so OpenAI can transcribe them to text. API data-usage policy. OpenAI does not use API inputs to train its models by default.
• Resend -- delivers transactional email (account verification, password resets) on our behalf. Privacy policy.
• Cloudflare -- serves the photo CDN, the marketing site, and the Turnstile captcha that protects signup. Privacy policy.
• Neon and Render -- host the database and API server respectively (see above). They are infrastructure providers; they do not use the data for any other purpose.

No other third parties receive your data.

How to delete your account and data

To delete your account, follow the steps on our account-deletion page or email zack@nymbl.app from the address attached to your account. All of the following will be deleted:

• Your account row (username, email, password hash, display name).
• All visit records associated with your user ID.
• All item feedback, sentiment labels, photos, and notes.
• Any AI-generated taste profiles derived from your visits.

Deletion is immediate and irreversible. Photo objects are removed from R2; the DB rows are dropped. Cloudflare CDN edges may briefly retain previously-served bytes (typically <15 minutes) before they expire.

You can also uninstall the app from your phone at any time. Uninstalling does not delete your server-side data; use the contact above if you want the server-side data removed too.

Children

MealVault is intended for adults. It is not designed for use by children under 13 and does not knowingly collect data from children under 13. If you believe a child has created an account, contact zack@nymbl.app and we will delete it.

Security

• All network traffic is encrypted in transit via TLS 1.2+.
• Passwords are hashed with bcrypt (cost factor 12) on the server.
• JWTs are signed with HMAC-SHA-256 using a secret known only to the server and expire after 30 days.
• Photo URLs are signed with 10-minute expirations and not publicly listable.
• Signup is gated by Cloudflare Turnstile to deter automated account creation.

No security system is perfect. If you believe you have found a security issue with MealVault, please email zack@nymbl.app.

Changes to this policy

This policy may change over time. When it does, the "Last updated" date at the top of this page will change and the new text will replace the old text. Material changes will also be announced in-app.

Contact

Zack Barett -- zack@nymbl.app