Sunday Reset Plan

Privacy Policy

Version 1.1.1 · Last updated 2026-05-03

This policy explains what information Sunday Reset Plan collects, how we use it, who we share it with, and what rights you have. Questions? Email privacy@sundayresetplan.com.

Who We Are

Sunday Reset Plan is operated by 1111 Ideas LLC ("we", "us", "our"), and this policy applies to sundayresetplan.com and the associated app.

Overview

We collect information you provide directly (when you create an account, build your household profile, add a recipe, or chat with our AI agents) and information generated automatically as you use the service (timestamps, hashed IPs, hashed user-agent strings). We do not buy personal data from data brokers, and we do not sell or rent personal data.

Information We Collect

  • Account data: your email address, account preferences, and sign-in method (magic-link or OAuth provider).
  • Information from third-party login services: if you sign in with Google or Apple, we receive your email address, name, and provider user ID. We do not request access to your contacts, calendar, drive, photos, or other private data from those providers.
  • Household profile: member first names, age ranges, dietary restrictions, allergies, macro targets, cooking preferences, equipment, workout schedule, kid-meal strategy, and shopping/cooking day. Sensitive fields (names, address, free-text notes) are encrypted at rest using per-household envelope encryption.
  • Generated content: the meal plans, recipes, shopping lists, and daily-take summaries produced for your household, plus your thumbs-up/thumbs-down feedback.
  • User-submitted content: any custom recipes you add, photos you upload, and chat messages with our onboarding and revision agents.
  • Payment data: handled directly by Stripe — we never see or store your card number. We retain a Stripe customer ID, subscription status, and billing history metadata.
  • Operational logs: request timestamps, salted IP hashes, salted user-agent hashes, AI spend ledger entries, and error traces. Used for abuse prevention, capacity planning, and troubleshooting.

How We Use Your Information

  • Generate personalized weekly meal plans, shopping lists, recipes, and daily summaries.
  • Manage your account, billing, and customer support.
  • Send transactional email (sign-in links, billing receipts, plan-ready notifications, weekly recaps if enabled).
  • Detect and prevent abuse, fraud, and security incidents.
  • Improve the product using anonymized, aggregated metrics (e.g., overall thumbs-up rate by cuisine, average plan-generation time).

We do not use your meal-planning data to train third-party AI models, and we have not enabled any provider's data-retention-for-training option.

AI Processing

To generate plans, recipes, and chat responses, we send the minimum relevant data — typically a de-identified household profile snapshot, the meal slot we're filling, and conversation context — to large-language-model providers via the Cloudflare AI Gateway. Current providers include xAI (Grok models) as the primary, with Anthropic (Claude models) used in specific workflows or as a fallback.

These providers process the request to generate a response and may temporarily retain inputs and outputs to monitor for safety per their respective terms. We do not authorize them to train models on your data. We log token counts and cost (but not the prompt or response body) to our internal AI spend ledger for billing and capacity reasons.

Cookies & Tracking

We use a single essential cookie, __session, to keep you signed in. It is HttpOnly, Secure, and SameSite=Lax. We do not use analytics cookies, advertising cookies, third-party tracking pixels, or fingerprinting. See the Cookie Policy for details.

Sharing Your Information

We share your information only in the limited cases below.

Service Providers / Sub-Processors

  • Cloudflare — hosting, edge compute, D1 database, KV, Workers, and email delivery.
  • Stripe — payment processing and subscription management.
  • xAI (Grok) and Anthropic (Claude) — AI text and image generation, routed through the Cloudflare AI Gateway.
  • Google and Apple — single-sign-on (only when you choose to use them).
  • USDA FoodData Central — read-only nutrition reference; no personal data is sent.

Each sub-processor is bound by contract or by the terms of their public data-processing agreement to use the data only as needed to provide their service to us.

Legal & Safety

We may disclose information if we have a good-faith belief that doing so is necessary to (a) comply with a valid legal process, (b) enforce our Terms, (c) prevent fraud, security incidents, or harm to users, or (d) protect our rights, property, or safety.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice and continue to honor commitments made in this policy.

Data Security

We use TLS in transit and per-household envelope encryption at rest for sensitive PII (names, address, free-text notes). The encryption key is held in a Cloudflare-managed secret separate from the database. Only the minimum data set leaves our systems for AI processing. No system can be guaranteed 100% secure; we encourage you to use a strong, unique password on your sign-in email or OAuth provider.

Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to opt out of certain types of processing.

  • Access: download your data from Settings → Profile → Download My Data (coming soon).
  • Correction: edit your profile fields anytime in Settings.
  • Deletion / right to be forgotten: delete your account and all household data from Settings → Profile → Delete Account.
  • Portability: the download tool above provides a machine-readable JSON export.
  • Opt out of "sale" or "sharing" (CCPA/CPRA): N/A — we do not sell or share personal information for cross-context behavioral advertising.
  • Withdraw consent: you may withdraw consent for non-essential processing at any time by emailing privacy@sundayresetplan.com.

To exercise any of these rights, contact privacy@sundayresetplan.com. We will respond within the timeframes required by applicable law (typically within 30 days under GDPR and 45 days under CCPA).

You may also lodge a complaint with your local data-protection authority.

Data Retention

  • Account data: kept while your account is active; deleted within 30 days of account deletion (subject to backups, which roll off within 90 days).
  • Generated meal plans, recipes, shopping lists: retained for the life of your account; deletable on request.
  • Operational and audit logs: retained 12 months for security purposes.
  • AI spend ledger: retained 24 months for accounting and capacity planning. Contains household IDs, model names, and token counts — not prompt or response bodies.
  • Stripe billing records: retained per Stripe's terms and applicable tax/accounting laws (typically 7 years).

Children's Privacy

Sunday Reset Plan is intended for use by adults aged 18 and older. We do not knowingly collect personal information directly from children under 13.

Adults may add children to their household profile so that the planner can account for their dietary needs. For each child, we collect only the information needed to plan meals — typically a first name, age range, and food preferences/restrictions. Child names are encrypted at rest. We do not collect children's photos, contact information, geolocation, or behavioral data.

If you believe we have inadvertently collected information from a child under 13, please contact privacy@sundayresetplan.com and we will delete it promptly.

International Users

The service is operated from the United States and processed on Cloudflare's global edge network. If you access the service from outside the United States, your information will be transferred to and processed in the United States and other countries where our infrastructure or sub-processors operate. By using the service, you consent to this transfer. Where required, we rely on appropriate safeguards such as the Standard Contractual Clauses for transfers from the European Economic Area, the United Kingdom, and Switzerland.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email and post the updated policy with a new version number and effective date.

Contact

General questions: hello@sundayresetplan.com Privacy and data-rights requests: privacy@sundayresetplan.com