PIATR

Updated

April 2026

Privacy Policy

PIATR ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application PIATR, including any related websites, services, and functionalities (collectively, the "Services").

We process personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, Italian Legislative Decree 196/2003 as amended, and all applicable data protection laws. By using PIATR, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of personal

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address, username, password (hashed), and optional profile information such as name, age, gender, height, weight, and dietary preferences.

  • Usage Data: Recipes you create, save, or share; meal plans; shopping lists; food preferences; nutritional goals; allergies and intolerances; ingredient substitutions.

  • Payment Information: If you subscribe to premium features, we collect billing details processed through third-party payment providers (we do not store full payment card details).

  • Communication Data: Information you provide when contacting support, including email address and message content.

  • User Content: Any recipes, notes, photos, or other content you upload or generate within PIATR.

1.2 Information Collected Automatically

  • Device Information: Device type, model, operating system, unique device identifiers, IP address, mobile network information, and crash reports.

  • Usage and Analytics Data: App interactions, pages visited, time spent, features used, search queries, and referral sources.

  • Location Data: Approximate location derived from IP address (not precise GPS data unless explicitly authorized).

  • Cookies and Tracking Technologies: Local storage, cookies, and similar technologies to enhance functionality and analytics.

1.3 Information from Third Parties

  • Nutritional data from third-party databases (e.g., USDA, Open Food Facts).

  • Analytics from services like Firebase, Amplitude, or similar.

  • Login via social media (if implemented), providing basic profile information.

2. How We Use Your Information

We use your personal data for the following purposes:

Purpose Legal Basis (GDPR) Data Categories Provide and maintain PIATR services (meal planning, recipe management, shopping lists) Contract performance (Art. 6(1)(b)) Account, usage, user content Personalize your experience (recommendations, preferences) Legitimate interests (Art. 6(1)(f)) Usage, preferences Process payments and subscriptions Contract performance (Art. 6(1)(b)) Payment information Communicate with you (support, updates, newsletters) Consent (Art. 6(1)(a)) or Legitimate interests Communication data Analyze usage and improve services Legitimate interests (Art. 6(1)(f)) Usage, analytics Prevent fraud and ensure security Legitimate interests (Art. 6(1)(f)) Device, account Comply with legal obligations Legal obligation (Art. 6(1)(c)) All categories Marketing (if opted-in) Consent (Art. 6(1)(a)) Email, preferences

3. Sharing Your Information

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud hosting (e.g., AWS, Google Cloud), analytics (Firebase), payment processors (Stripe, Apple Pay), email services (SendGrid), crash reporting (Sentry).

  • Legal Authorities: When required by law, court order, or to protect rights, safety, or property.

  • Business Transfers: In case of merger, acquisition, or sale of assets.

  • Third-Party Integrations: Nutritional APIs, grocery delivery services (with your explicit consent).

All third parties are contractually obligated to protect your data and use it only for specified purposes.

4. International Data Transfers

PIATR services may be hosted on servers located outside the European Economic Area (EEA), such as the United States. We ensure appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Adequacy decisions for certain countries.

  • Binding Corporate Rules for group companies.

You may request details of transfer mechanisms by contacting us.

5. Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Account Data: Duration of account + 30 days after deletion request.

  • Usage Data: 26 months for analytics (anonymized thereafter).

  • Payment Data: 10 years per Italian tax law.

  • Backup Data: Encrypted backups retained up to 90 days.

Upon expiry, data is securely deleted or anonymized.

6. Your Data Protection Rights (GDPR)

As a data subject in the EEA, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure ("right to be forgotten"): Delete your data (subject to legal retention).

  • Restriction: Limit processing in certain cases.

  • Portability: Receive data in structured format.

  • Object: Oppose processing based on legitimate interests.

  • Withdraw Consent: At any time (does not affect prior processing).

To exercise rights, email privacy@piatr.app. We respond within 30 days.

7. Children's Privacy

PIATR is not intended for children under 16 years. We do not knowingly collect data from children. If we become aware of such data, we delete it promptly. Parents/guardians may contact us regarding their child's data.

8. Security Measures

We implement appropriate technical and organizational measures:

  • Data encryption in transit (TLS 1.3) and at rest (AES-256).

  • Secure authentication (OAuth 2.0, JWT tokens).

  • Regular security audits and penetration testing.

  • Access controls (least privilege principle).

No system is completely secure; we cannot guarantee absolute security.

9. Cookies and Tracking

PIATR uses essential cookies for functionality and optional analytics cookies. You can manage preferences via device settings. Third-party cookies are governed by their policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy. Material changes will be notified via in-app notice or email. Continued use constitutes acceptance.

11. Contact Information

Data Controller: Bertuprojects (PIATR)
Address: [Your registered address, Milan, Italy]
Email: privacy@piatr.app
DPO Contact (if applicable): dpo@piatr.app

Complaints: Contact the Italian Data Protection Authority (Garante Privacy) at www.garanteprivacy.it.

This Privacy Policy is GDPR-compliant and tailored for PIATR. Replace placeholders (e.g., addresses, DPO) with your details and have it reviewed by a legal expert before publishing.