SahiPlate
SahiPlate
Home
VP Technology Ventures LLC

Privacy Policy

Effective Date: May 10, 2026

VP Technology Ventures LLC, a limited liability company organized under the laws of the State of California, with its principal place of business at 144 S 3rd St, Unit 126, San Jose, CA 95112, USA ("SahiPlate", "Company", "we", "us" or "our"), is the data controller of personal data processed in connection with your use of the SahiPlate AI diet compliance assistant, the websites sahiplate.com and www.sahiplate.com, and any related features and services (collectively the "Services").

This policy explains what personal data we collect, why we collect it, how we share it, how long we keep it, and the rights you have. Any translation of this policy is provided for convenience only — the English version prevails. If you do not want us to process your personal data as described here, please do not use the Services.

1. Personal Data We Collect

1.1 Account & profile data

  • Account credentials: email address, hashed password (or sign-in token if you use a third-party sign-in provider).
  • Profile details you choose to provide: display name, first/last name, age, gender, country.
  • Diet preferences: cuisines you enable, allergies, custom no-list ingredients, religious diet flags (e.g. vegetarian, vegan, Jain, halal-friendly).
  • Acceptance records: terms version accepted, age confirmation, timestamps.

1.2 Meal & usage data

  • Photos you upload of meals or menus and the AI analysis derived from them (dish name, ingredients, portion tier, verdict, suggestions, pin annotations).
  • Meal-card history: which suggestions you opened, liked, saved, swapped or marked as eaten.
  • Self-reported satisfaction ratings on past meals.
  • Quota and feature-usage telemetry needed to enforce plan limits and operate the product.

1.3 Communications & support

  • The contents of messages you send to support, including any attachments.
  • Notifications and email preferences.

1.4 Device & technical data

  • IP address, approximate location derived from IP, device type, operating system, browser, language.
  • Diagnostic logs and error reports needed to keep the Services secure and reliable.

1.5 Payment data

When you buy a subscription, payment is processed by our Merchant of Record, Paddle.com. We do not collect or store your full card number, bank-account number or CVV. Paddle shares back with us limited transaction metadata such as a tokenized payment identifier, the plan purchased, currency and amount, billing country, and the email address used at checkout.

2. Why We Process Your Data & Legal Basis

  • Provide the Services — create and authenticate your account, run AI checks on your meal photos, generate verdicts, swaps and day plans, store your history. Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)).
  • Personalize compliance guidance — apply your saved cuisines, allergies and no-list to suggestions and AI prompts. Legal basis: contract performance and, where required for special-category health data, your explicit consent (Art. 9(2)(a)).
  • Operate and secure the platform — fraud prevention, abuse detection, debugging, capacity planning. Legal basis: legitimate interests (Art. 6(1)(f)) in running a safe and reliable service.
  • Process payments and tax — managed by Paddle as Merchant of Record. Legal basis: contract performance and legal obligation (Art. 6(1)(b),(c)).
  • Customer support — answering your questions and handling refund or rights requests. Legal basis: contract performance and legitimate interests.
  • Service improvement — aggregated and de-identified analytics on which features are used. Legal basis: legitimate interests.
  • Legal compliance — meeting record-keeping, tax, and dispute-handling obligations. Legal basis: legal obligation.
  • Marketing communications — only if you opt in. Legal basis: consent (Art. 6(1)(a)), withdrawable at any time.

3. Camera & Photo Access

SahiPlate asks for camera or photo-library permission only when you choose to upload a meal photo. You can revoke this permission at any time in your device or browser settings. Photos you upload are stored in our secure storage on Lovable Cloud (which uses Supabase / Amazon Web Services infrastructure) so the Services can show you your history and re-run analyses. Illustrative thumbnails shown in the app are AI-generated or generic category photos — they are never photos of your food.

4. AI Processing

SahiPlate's verdicts, swaps and assistant-style explanations are produced by third-party large language and image models that we access through the Lovable AI Gateway, which routes requests to providers including Google (Gemini) and OpenAI (GPT). To generate a useful answer we send the model the relevant input — for example a meal photo, the dish name, your saved cuisines and your allergy/no-list keywords. We do not send unrelated personal data, and your personal data is not used to train any third-party AI model. Model outputs may be inaccurate; you must verify any output before relying on it, especially for allergens or medical considerations.

5. How We Share Your Data

  • Lovable Cloud / Supabase — hosts our database, authentication, storage and edge functions (acting as our processor).
  • Lovable AI Gateway and underlying model providers (Google, OpenAI) — to run the AI features described in Section 4 (acting as our processors).
  • Paddle.com Inc. — our Merchant of Record for the sale of subscriptions, payment processing, fraud screening, sales-tax/VAT/GST compliance, invoicing and refund handling. Paddle is an independent controller for tax-compliance purposes.
  • Email and notification providers — to deliver transactional and security emails.
  • Professional advisers — accountants, auditors and lawyers, where reasonably needed.
  • Authorities — where we are legally required, or to protect rights, property or safety.
  • Successors — in connection with a merger, acquisition, financing or sale of assets, subject to equivalent privacy protections.

We never sell your personal data. We do not use your health-related data for advertising.

6. International Transfers

SahiPlate is operated from the United States, and several of our processors (including Lovable Cloud, Paddle and AI providers) may process data in the United States or other countries. Where personal data is transferred from the EEA, UK or Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum or Swiss equivalent where applicable), together with appropriate technical and organisational safeguards.

7. Data Retention

We keep personal data only for as long as we need it for the purposes set out in this policy:

  • Account, profile and meal history — for as long as your account is active.
  • Meal photos — for as long as your account is active, unless you delete them earlier in-app.
  • Support communications — typically for up to 24 months after the last interaction.
  • Billing and tax records (held by Paddle and by us) — for as long as required by tax and accounting law (typically 7–10 years).
  • Security and abuse-prevention logs — typically up to 12 months.

You can deactivate your account at any time in app settings or by emailing legalnotice@sahiplate.com. We will action your request within one month. Encrypted backups may take up to a further 90 days to be overwritten.

8. Your Rights

8.1 EEA / UK residents (GDPR & UK GDPR)

  • Right of access to your personal data and a copy of it.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten") in defined circumstances.
  • Right to restrict or object to processing based on legitimate interests.
  • Right to data portability for data processed by automated means on the basis of contract or consent.
  • Right to withdraw consent at any time, without affecting prior processing.
  • Right to lodge a complaint with your local supervisory authority.

8.2 California residents (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose and (if applicable) sell or share.
  • Right to delete personal information we have collected.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising.
  • Right to non-discrimination for exercising your privacy rights.

8.3 Indian residents (DPDPA)

  • Right to access, correction and erasure of your personal data.
  • Right to nominate another individual to exercise your rights in case of death or incapacity.
  • Right to withdraw consent at any time.
  • Right to grievance redressal — contact our grievance officer at legalnotice@sahiplate.com.

To exercise any right, email legalnotice@sahiplate.com from the address linked to your SahiPlate account. We will respond within one month (extendable by up to two further months for complex requests, with notice).

9. Security

We use reasonable technical and organisational safeguards to protect your personal data, including:

  • encryption of data in transit (HTTPS/TLS) and at rest;
  • row-level security on our database so users can only access their own data;
  • least-privilege role-based access for our team;
  • periodic vulnerability scanning and dependency monitoring;
  • secret management for third-party API keys.

No internet transmission or storage system is 100% secure. To report a suspected security incident, email legalnotice@sahiplate.com.

10. Cookies & Similar Technologies

We and our service providers use a small number of cookies and similar technologies (e.g. local storage) to operate the Services. These fall into:

  • Strictly necessary — sign-in sessions, security tokens, CSRF protection, preference storage. These cannot be turned off.
  • Functional — remembering your cuisines, photo mode, theme and other UI preferences.
  • Analytics — aggregated usage statistics that help us improve the Services. Where required by law we ask for your consent before setting these.

We do not use third-party advertising cookies. You can manage cookies through your browser settings; disabling strictly necessary cookies will break parts of the Services.

11. Children

SahiPlate is intended for adults aged 18 and over and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, contact us and we will delete it.

12. Communications

You may receive transactional emails (account, billing, security) and in-app notifications related to your use of the Services. You may opt out of marketing communications at any time using the unsubscribe link in those emails or in your account settings, but you cannot opt out of essential service messages.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date and, if changes are material, give you advance notice via the Services or by email.

14. Contact

VP Technology Ventures LLC
144 S 3rd St, Unit 126
San Jose, CA 95112, USA
Email: legalnotice@sahiplate.com

If you are in the EEA or UK and would like to contact our representative, please use the same email address with the subject line "EEA/UK representative".

See also: Terms of Use · Cancellation & Refund Policy

Terms of UsePrivacy PolicyCancellation & RefundCookie PolicyAI RulesMedical Disclaimerlegalnotice@sahiplate.com