Corgeat Privacy Policy
Last Updated: December 1, 2025
Introduction
CorgInc, ("CorgInc," "we," "our," or "us"), operates the website corgeat.com (the "Website") referred to as the "Services."
This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our meal planning and grocery management platform. Our Services help users plan meals, manage ingredients, create shopping lists, and track nutrition and costs.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services.
Data Controller & Contact Information
Data Controller:
CorgInc
60 rue Francois 1er
75008 Paris, France
Privacy Contact: contact@corgeat.com
Supervisory Authority (EU Users): Users in the European Union have the right to lodge a complaint with their local data protection authority. A list of supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
Scope of Processing
This Privacy Policy applies to:
- Registered Users: Individuals who create an account to access personalized features
- Anonymous/Guest Users: Individuals who use limited features without creating an account
- Platform Coverage: Our Website, mobile applications (iOS and Android), and any API services we provide
Data We Collect
Account & Identity Data
When you create an account, we collect:
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account identification, communication, password recovery | Yes |
| Username | Profile identification | Yes |
| Password | Account security (stored in hashed form only) | Yes |
| Profile information | Personalization (name, profile picture) | No |
Health, Nutrition & Body Data
To provide personalized meal planning, we may collect:
| Data Type | Purpose | Required |
|---|---|---|
| Height and weight | Calculating calorie needs and nutritional goals | Optional |
| Age and gender | Personalizing nutritional recommendations | Optional |
| Dietary preferences | Filtering meals (vegan, gluten-free, allergies, etc.) | Optional |
| Activity level | Adjusting calorie recommendations | Optional |
| Nutritional logs | Tracking daily intake and progress | User-entered |
| Meal plans | Organizing weekly/daily meals | User-created |
| Grocery lists | Managing shopping items | User-created |
Important: Health and nutrition data are used solely to provide and improve our meal planning services. We do not sell this data or use it for advertising purposes.
Payment & Subscription Data
For premium subscriptions, we collect:
| Data Type | Purpose | Storage |
|---|---|---|
| Subscription status | Determining feature access | Our servers |
| Transaction identifiers | Order tracking and support | Our servers |
| Billing dates | Subscription management | Our servers |
| Payment method details | Processing payments | Third-party processors only |
Note: We do not store complete credit card numbers, bank account details, or other sensitive payment information on our servers. All payment processing is handled by secure third-party payment processors (Apple App Store, Google Play Store, Stripe).
Technical & Usage Data
We automatically collect:
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention, approximate location for content |
| Browser type and version | Optimizing website display |
| Operating system | App compatibility and optimization |
| Device identifiers | Analytics, crash reporting |
| App version | Support and debugging |
| Timezone | Displaying correct times for meal planning |
| Access timestamps | Service analytics and security |
| Crash and diagnostic logs | Improving app stability |
Automatically Collected Data
| Data Type | Purpose | Control |
|---|---|---|
| Cookies | Session management, preferences, analytics | Cookie settings |
| Analytics data | Understanding usage patterns | Privacy settings |
| Location data (if enabled) | Local store pricing, nearby recipes | Device permissions |
Purpose of Processing
We process your personal data for the following purposes:
| Purpose | Description | Legal Basis |
|---|---|---|
| Service Operation | Providing meal planning, grocery lists, and recipe features | Contract performance |
| Account Management | Creating and maintaining your account | Contract performance |
| Personalization | Customizing meal recommendations based on preferences | Consent / Legitimate interest |
| Analytics & Improvement | Understanding usage patterns to improve Services | Legitimate interest |
| Customer Support | Responding to inquiries and resolving issues | Contract performance |
| Security & Fraud Prevention | Protecting accounts and detecting abuse | Legitimate interest |
| Marketing Communications | Sending newsletters and promotional content (with consent) | Consent |
| Legal Compliance | Meeting legal obligations | Legal obligation |
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:
- Consent: When you explicitly agree to processing (e.g., marketing emails, analytics cookies)
- Contract Performance: When processing is necessary to provide our Services (e.g., account creation, meal planning features)
- Legal Obligation: When we must comply with applicable laws
- Legitimate Interest: When processing serves our legitimate business interests without overriding your rights (e.g., security, service improvement)
You may withdraw consent at any time by contacting us or adjusting your account settings.
Third-Party Services
We work with trusted third-party service providers to operate our Services:
Analytics & Performance
| Provider | Purpose | Privacy Policy |
|---|---|---|
| PostHog | Product analytics | https://posthog.com/privacy |
Error Monitoring
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Sentry | Crash reporting and diagnostics | https://sentry.io/privacy/ |
Payment Processing
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Apple App Store | iOS subscription payments | https://www.apple.com/privacy/ |
| Google Play Store | Android subscription payments | https://policies.google.com/privacy |
| Stripe (if applicable) | Web payment processing | https://stripe.com/privacy |
Cloud Infrastructure
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Vercel | Data storage and processing | https://vercel.com/legal/privacy-policy |
Data Sharing
We Do Not Sell Your Personal Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
When We Share Data
We may share your information in the following circumstances:
| Circumstance | Details |
|---|---|
| Service Providers | Third parties that help us operate our Services (hosting, analytics, payment processing) under strict contractual obligations |
| Legal Requirements | When required by law, court order, or government request |
| Protection of Rights | To protect our rights, privacy, safety, or property, or that of our users |
| Business Transfers | In connection with a merger, acquisition, or sale of assets (you will be notified of any change in ownership) |
| With Your Consent | When you explicitly authorize us to share information |
International Data Transfers
Our Services may involve transferring your data to countries outside your residence, including the United States and other jurisdictions.
Safeguards for International Transfers
When transferring data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms for data transfers
- Data Privacy Framework: For transfers to certified US companies
- Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
By using our Services, you consent to the transfer of your information to countries that may have different data protection standards than your country of residence.
Data Retention
We retain your personal data only as long as necessary for the purposes described in this Privacy Policy.
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days for backup removal |
| Health/nutrition data | Until account deletion or upon request |
| Transaction records | 7 years (for tax and legal compliance) |
| Analytics data | 26 months (aggregated/anonymized) |
| Support communications | 3 years after resolution |
| Server logs | 90 days |
Data Deletion
When you delete your account:
- Personal data is permanently deleted within 30 days
- Anonymized/aggregated data may be retained for analytics
- Some data may be retained if required by law
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Correction | Request correction of inaccurate data |
| Deletion | Request deletion of your data ("right to be forgotten") |
| Restriction | Request limitation of processing |
| Portability | Receive your data in a portable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw previously given consent at any time |
| Lodge Complaint | File a complaint with your local data protection authority |
Exercising Your Rights
To exercise any of these rights:
- In-App: Visit Settings > Privacy > Data Management
- Email: Contact contact@corgeat.com
- Account Deletion: Settings > Account > Delete Account
We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.
California Residents (CCPA/CPRA)
California residents have additional rights including:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising privacy rights
We do not sell personal information as defined under California law.
Children's Privacy
Our Services are not intended for children under the age of 16 (or 13 in the United States).
Our Commitments
- We do not knowingly collect personal information from children under the applicable age
- If we discover that a child has provided personal information without proper consent, we will delete it promptly
- Parents or guardians who believe their child has provided us with personal information should contact us immediately
Parental Rights
If you are a parent or guardian and believe your child has provided personal information to us, please contact us at contact@corgeat.com. We will:
- Verify your identity as the child's parent/guardian
- Provide access to the child's data upon request
- Delete the child's account and associated data
Security Measures
We implement industry-standard security measures to protect your personal data:
Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Sensitive data stored on our servers is encrypted
- Password Security: Passwords are hashed using secure algorithms (never stored in plain text)
- Access Controls: Strict access controls limit employee access to personal data
- Regular Audits: Security practices are regularly reviewed and updated
Your Responsibilities
To help protect your account:
- Use a strong, unique password
- Enable two-factor authentication if available
- Do not share your login credentials
- Log out when using shared devices
Security Incidents
In the event of a data breach affecting your personal information, we will:
- Notify you as required by applicable law
- Notify relevant supervisory authorities where required
- Take immediate steps to mitigate the impact
No system is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You use our Services at your own risk.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
How We Notify You
- Material Changes: We will notify you via email and/or prominent notice within our Services before changes take effect
- Minor Changes: Updates will be posted on this page with an updated "Last Updated" date
Your Acceptance
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, please stop using our Services and delete your account.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
CorgInc
Email: contact@corgeat.com
Mailing Address:
60 rue Francois 1er
75008 Paris, France
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
Additional Information by Region
European Economic Area (EEA), UK & Switzerland
- Data Controller: CorgInc, 60 rue Francois 1er, 75008 Paris, France
- Supervisory Authority: CNIL (Commission Nationale de l'Informatique et des Libertes)
- Legal Basis: See "Legal Basis for Processing" section
California, USA
- Categories of personal information collected: See "Data We Collect" section
- Business purposes: See "Purpose of Processing" section
- We do not sell personal information
- Contact for CCPA requests: contact@corgeat.com