Sunday Reset Plan

Privacy Policy

Version 1.0.0 · Last updated 2026-04-26

Heads up: these terms have NOT been reviewed by a lawyer. Treat as a starting point — get legal review before public launch.

This policy explains what we collect, how we use it, and what rights you have. Questions? Email privacy@sundayresetplan.com.

What We Collect

  • Account data: your email address and account preferences.
  • Household profile: member first names, age ranges, dietary restrictions, allergies, macro targets, cooking preferences, equipment, and shopping day. Sensitive fields (names, address, notes) are encrypted at rest.
  • Payment data: your payment method and billing details are handled directly by Stripe; we never see or store your card number. We store only a Stripe customer ID and subscription status.
  • Generated content: the meal plans, recipes, and shopping lists produced for your household, plus your thumbs-up/thumbs-down feedback.
  • Operational logs: request timestamps, IP-hash, and user-agent hash for abuse prevention.

How We Use It

  • Generate personalized weekly meal plans and shopping lists.
  • Manage your account, billing, and customer support.
  • Improve the product using anonymized, aggregated metrics (e.g., overall thumbs-up rate by cuisine).
  • Send transactional email (sign-in links, billing receipts).

We do not sell your personal data. We do not use your meal-planning data to train third-party AI models.

Third-Party Processors

  • Cloudflare — hosting, edge compute, and storage.
  • Anthropic (Claude) — generates your meal plans. Prompts and responses may be retained by Anthropic per their data-use policy. We send only the minimum data needed (typically de-identified household profile + plan context).
  • Stripe — processes payments and stores billing data.
  • USDA FoodData Central — read-only macro lookups; no personal data shared.

Data Security

We use TLS in transit and per-household envelope encryption at rest for sensitive PII (names, address, free-text notes). Only the smallest possible data set leaves our systems for AI processing.

Your Rights (GDPR / CCPA)

  • Access: download your data from Settings → Profile → Download My Data (coming soon).
  • Erasure: delete your account and all household data from Settings → Profile → Delete Account.
  • Correction: edit your profile fields anytime in Settings.
  • Opt-out of sale: N/A — we don't sell data.

Data Retention

  • Account data: kept while your account is active; deleted within 30 days of account deletion.
  • Generated meal plans: retained for the life of your account; deletable on request.
  • Audit logs: retained 12 months for security purposes.
  • Stripe billing records: retained per Stripe's terms (typically 7 years for accounting compliance).

Cookies

We use a single essential cookie, __session, to keep you signed in. It is HttpOnly and SameSite=Lax. We do not use analytics cookies, advertising cookies, or tracking pixels. See the Cookie Policy for details.

Children's Privacy

Sunday Reset Plan is not directed at children under 13. Adults may add children to the household profile; only age range (not date of birth) is collected, and child names are encrypted at rest.

International Users

If you access the service from outside the United States, your data will be processed in the United States and other countries where our infrastructure operates.

Changes

We will notify you of material changes via email and post the updated policy with a new version number.

Contact

privacy@sundayresetplan.com