MealMint
Import

Legal

Data Processing Addendum

Last updated June 1, 2026

This Data Processing Addendum applies when a MealMint user or customer is a controller of personal data and MealMint processes that personal data as a processor under GDPR or similar data protection law.

If there is a signed agreement between you and MealMint, that agreement controls if it conflicts with this public addendum.

Roles

  • Customer is the controller for personal data it chooses to submit to MealMint.
  • MealMint is the processor for customer personal data processed only to provide the service.
  • MealMint remains an independent controller for account administration, security, billing and creator subscription records, service analytics where lawful, and legal compliance.

Processing Instructions

MealMint will process customer personal data only to provide, secure, support, and improve the service, to comply with documented customer instructions, and as required by law.

Categories Of Data

  • Account and contact information.
  • Profile information, including username, bio, avatar, websites, and social links.
  • Recipe, pantry, meal plan, shopping list, comment, rating, and community data.
  • Creator subscription metadata, including subscriber relationships, subscription status, Paddle identifiers, billing period metadata, payout ledgers, reconciliation logs, and payout estimates.
  • Moderation reports and related review records.
  • Imported public page content, metadata, extracted recipe fields, and stored image URLs.
  • Technical identifiers, session data, logs, and security events.

Categories Of Data Subjects

  • MealMint users and account holders.
  • People named or described in user-submitted content.
  • Community participants and people who contact MealMint.

Confidentiality And Security

MealMint will ensure that personnel authorized to process personal data are bound by confidentiality obligations and will maintain reasonable technical and organizational measures appropriate to the risk of processing.

Subprocessors

MealMint may use subprocessors for hosting, storage, databases, email delivery, fonts, search, analytics, AI-assisted extraction, public page fetching, payment processing, monitoring, and security. MealMint will require subprocessors to protect personal data under terms that are materially consistent with this addendum.

International Transfers

Where required, MealMint will use appropriate transfer safeguards for personal data transferred outside the European Economic Area, United Kingdom, or Switzerland, such as Standard Contractual Clauses or equivalent safeguards.

Data Subject Requests

MealMint will provide reasonable assistance for data subject requests where the request relates to personal data processed by MealMint as a processor and the customer cannot fulfill the request using available service features.

Security Incidents

MealMint will notify affected customers without undue delay after becoming aware of a personal data breach affecting customer personal data, consistent with applicable law and the information reasonably available to MealMint.

Deletion And Return

At the end of service use, MealMint will delete or return customer personal data upon request unless retention is required by law, needed for security, or maintained in backups for a limited period under standard backup practices.

Audits

MealMint will make reasonable information available to demonstrate compliance with this addendum. Any audit must be reasonable in scope, scheduled in advance, and subject to confidentiality and security requirements.

Contact

For privacy, data protection, or DPA questions, contact privacy@mealmint.app.