PrivacyPolicy
Last updated June 2026 · Version 1.0
AlignEat helps you read restaurant menus against your dietary needs. To do that we handle some personal data — including sensitive health information — so we treat your privacy as seriously as your safety.
Plain-language summary. We collect only what we need to match menus to your profile. Your dietary and health data is used to power the app, never sold, and you can export or delete it anytime. Analytics and marketing cookies run only with your consent.
This document is a template prepared for AlignEat and should be reviewed by qualified legal counsel before launch to confirm compliance with the EU/UK GDPR, the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and equivalent GCC data-protection laws.
01Who we are
AlignEat (“AlignEat”, “we”, “us”) is the controller of your personal data. We are based in Dubai, United Arab Emirates. For any privacy matter you can reach our data protection contact at privacy@aligneat.app.
This policy explains what we collect, why, the legal bases we rely on, who we share it with, how long we keep it, and the rights you have under applicable law — including the EU and UK GDPR, the UAE Personal Data Protection Law, and data-protection frameworks across the GCC (KSA PDPL, Bahrain PDPL, Qatar, Oman and Kuwait).
02Data we collect
We collect only what we need to provide and improve AlignEat:
- Account data — name, email, password (hashed), and authentication identifiers.
- Dietary profile — allergies, intolerances, religious and lifestyle diets, health goals and food preferences. Some of this is special-category health data (see section 5).
- Usage data — menus you scan, results, saved dishes and places, and in-app activity needed to deliver features.
- Device & technical data — device type, OS, app version, language, and approximate region.
- Support & communications — messages you send us and their contents.
- Cookies & similar technologies — see our Cookie Policy.
We do not require precise location. Camera images of menus are processed to extract text; we describe retention in section 8.
03How we use data
- To create and run your account and dietary profile.
- To analyse menus and match dishes to your needs.
- To provide translation, allergy cards and group/family features.
- To provide customer support and respond to your requests.
- To keep AlignEat secure and prevent abuse.
- With consent, to measure and improve the product (analytics) and to tell you about relevant features (marketing).
04Legal bases for processing
Where the GDPR or an equivalent GCC law applies, we rely on the following bases:
| Purpose | Legal basis |
|---|---|
| Providing the app | Performance of a contract with you |
| Dietary & health data | Your explicit consent (GDPR Art. 9(2)(a)) |
| Security & fraud prevention | Our legitimate interests |
| Analytics & marketing | Your consent (withdrawable anytime) |
| Legal compliance | Compliance with a legal obligation |
05Health & special-category data
Your allergies, intolerances and health-related dietary needs are special-category data. We process them only with your explicit consent, solely to deliver AlignEat’s core function, and you can withdraw consent at any time by editing your profile or deleting your account.
Safety note. AlignEat supports your decisions but is not a medical device and does not replace professional medical advice. For life-threatening allergies, always confirm with the kitchen and carry any prescribed medication.
06Sharing & processors
We do not sell your personal data. We share it only with:
- Service providers (processors) — cloud hosting, analytics (with consent), and customer-support tools, bound by contract to protect your data and act only on our instructions.
- Authorities — where required by law or to protect rights and safety.
- Business transfers — if AlignEat is involved in a merger or acquisition, with continued protection.
07International transfers
We operate from the UAE and may process data in other countries. Where we transfer personal data across borders, we use lawful transfer mechanisms — such as Standard Contractual Clauses, adequacy decisions, or your explicit consent — to ensure your data stays protected to the standard of your home jurisdiction.
08Data retention
We keep personal data only as long as needed for the purposes above. Account and profile data is retained while your account is active. Scanned menu images are processed to extract text and are not retained longer than necessary to deliver and improve the result. When you delete your account, we delete or irreversibly anonymise your personal data within a reasonable period, except where law requires us to keep certain records.
09Your rights
Depending on where you live, you have some or all of these rights:
- Access — a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — delete your data (see Delete Account).
- Restriction & objection — limit or object to certain processing.
- Portability — receive your data in a portable format.
- Withdraw consent — at any time, without affecting prior processing.
- Complain — to your local supervisory authority (e.g. an EU DPA, the UK ICO, or the UAE Data Office).
To exercise any right, email privacy@aligneat.app. We respond within the timeframe your law requires.
10Children
AlignEat is not directed at children under 16 (or the minimum age in your country). Children’s dietary profiles may be added and managed only by a consenting parent or guardian within a Family plan. We do not knowingly collect data directly from children.
11Security
We use technical and organisational measures — encryption in transit, access controls, and least-privilege practices — to protect your data. No system is perfectly secure, but we work to keep your information safe and will notify you and regulators of qualifying breaches as required by law.
12Changes & contact
We may update this policy as the product and law evolve. We’ll post the new version here with an updated date and, for material changes, notify you in-app. Questions or requests: privacy@aligneat.app or visit our Contact page.