Privacy Policy

Zoremi (the "Service") is a family organiser for meal planning, budget management, calendars, shopping lists and family life coordination. This Privacy Policy explains what personal data the Service processes, how, why, and what rights you have. It is prepared with reference to the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

The controller responsible for the processing of your personal data is Zoremi. Privacy contact: [email protected].

The Service operates in two modes: • Without an account — tools (budget calculator, meal planner, shopping list) are available without registration. In this mode we do not collect or store any personal data on our servers. • With an account — you may optionally register to save your data and synchronise it with the Zoremi mobile app. Upon registration you provide: • First and last name. • Email address and password (or sign in via Google). Once signed in, you may store: • Family budget data: accounts, budgets, transactions, categories. • Recipes, meal plans and shopping lists. • Family member profiles (names, roles). • Allergen and dietary preference information (some of which may constitute health data — special category under Art. 9 GDPR). • Account settings. Where data is stored: • Without an account — solely in your browser (localStorage). We do not receive this data. • With an account — data is stored on our secured servers within the EEA. • Mobile app backup files — saved where you place them; we do not upload them to our servers.

Your data is used solely to: • Provide the core features of the Service (budgeting, planning, recipes). • Generate an AI meal plan if you use that feature (see below). • Synchronise data between the website and the mobile app. • Respond to your requests and provide support. • Delete your data upon your request. We do not use your data for advertising, profiling or tracking, and we do not sell your data.

• Consent (Art. 6(1)(a)) — when you register, enter data and, separately, when you use the AI meal planning feature. • Performance of a contract (Art. 6(1)(b)) — to provide the Service. • Health-related information (allergens, dietary restrictions) is processed only on the basis of your explicit consent (Art. 9(2)(a)).

The Service offers an optional AI-powered weekly meal plan generator, built on the Anthropic Claude API. When you use this feature, the parameters you enter (number of adults, children, dietary style, excluded ingredients, maximum cooking time) are sent from your browser to our server and then forwarded to the Anthropic Claude API to generate the plan. We do not store these requests and do not share them with any other third parties. Important: • Anthropic may log requests in accordance with their Privacy Policy and Terms of Use. • The request contains no personally identifying information — only anonymous meal planning parameters. • The feature is available without an account and is rate-limited to 1 generation per hour per IP address. • The feature is intended for adult users only. • More information: https://www.anthropic.com/privacy and https://www.anthropic.com/legal/consumer-terms

We do not share your data with advertising networks or data brokers. To operate the Service we use trusted sub-processors (hosting, database) within the EEA or under appropriate safeguards under Art. 46 GDPR. Anthropic PBC — sub-processor for the AI meal planning feature. Receives only anonymous request parameters, no personal user data. If you sign in via Google, Google Ireland Ltd. acts as an authentication provider and receives a limited set of data (email, name) per their policy: https://policies.google.com/privacy

• Account data is retained until you delete your account or withdraw consent. • Upon account deletion: your email and personal details are anonymised, sessions are removed. If you are the only active member of a family — all family data is deleted. If there are other members — your membership is ended (status LEFT) and shared family data is retained for the remaining members. • Browser data (without an account) is retained until you clear your browser's localStorage.

• All data is transmitted over encrypted connections (HTTPS/TLS). • Passwords are stored exclusively as bcrypt hashes. • Sessions are managed via httpOnly cookies and short-lived JWT access tokens. • AI requests contain no personal data and are not stored on our servers.

You have the right to: • Access your data (Art. 15) — all data is accessible in your account. • Rectify inaccurate data (Art. 16) — directly in the Service or by contacting [email protected]. • Erase your data (Art. 17) — via Settings → Delete Account, or by request. • Restrict processing (Art. 18). • Data portability (Art. 20) — contact [email protected]. • Object (Art. 21). • Withdraw consent (Art. 7(3)) at any time, without affecting the lawfulness of prior processing. • Lodge a complaint with your national supervisory authority. Contact [email protected] for requests that cannot be handled within the Service. We respond within a reasonable time and no later than one month.

The Service is intended for adult users. We do not knowingly collect data from individuals under 18 without parental or guardian consent. The AI meal planning feature is intended for adult users only. If you become aware that a child has registered an account without authorisation, contact [email protected].

We may update this Policy as the Service evolves. Material changes will be communicated on the website, and the 'Last updated' date will be adjusted accordingly. Continued use of the Service constitutes acceptance of the revised Policy.

Privacy enquiries: [email protected]