Privacy Policy

Last Updated: November 22, 2025

1. Introduction

Loma ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Service").

By using Loma, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Eligibility

You must be at least 13 years old to use Loma. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any information to us.

3. Information We Collect

3.1 Information You Provide

We collect information you voluntarily provide when using the Service:

  • Account Information: Name, email address, password
  • Profile Information: Age, gender, height, weight, activity level
  • Health & Nutrition Data: Dietary preferences, food allergies, nutrition goals, calorie targets, macro preferences
  • Cooking Preferences: Cooking frequency, available equipment, disliked ingredients
  • Payment Information: Processed by Stripe (we do not store credit card details)
  • User Content: Recipe ratings, reviews, feedback

3.2 Automatically Collected Information

When you use the Service, we automatically collect:

  • Usage Data: Recipes generated, recipes cooked, features used, time spent in app
  • Device Information: Device type, operating system, unique device identifiers
  • Log Data: IP address, app crashes, performance data
  • Analytics: User behavior, feature usage, engagement metrics

4. How We Use Your Information

We use your information for the following purposes:

  • Provide Services: Generate personalized recipes, calculate nutrition targets, track progress
  • Account Management: Create and maintain your account, authenticate your identity
  • Personalization: Tailor recipes to your preferences, goals, and dietary restrictions
  • Payment Processing: Process subscription payments through Stripe
  • Customer Support: Respond to inquiries, troubleshoot issues, provide assistance
  • Improve Services: Analyze usage patterns, fix bugs, develop new features
  • Communications: Send service updates, subscription reminders, promotional offers (with your consent)
  • Security: Detect fraud, prevent abuse, ensure platform security
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service

5. Third-Party Services

We share your information with trusted third-party service providers who assist us in operating the Service:

5.1 Service Providers

  • Supabase: Backend database and authentication services
  • Stripe: Payment processing and subscription management
  • Sentry: Error tracking and performance monitoring
  • OpenAI: AI-powered recipe generation (planned)
  • Cloud Storage: Secure data storage and backups

These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data in accordance with this Privacy Policy and applicable laws.

6. International Data Transfers

IMPORTANT: Your information may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers are located. These countries may have different data protection laws than your country.

By using Loma, you consent to the transfer of your information to the United States and other countries where we operate. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specifically:

  • Account Data: Retained for the lifetime of your account
  • Recipe Data: Saved permanently unless you delete specific recipes
  • Usage Data: Retained for up to 2 years for analytics purposes
  • Payment Records: Retained as required by law (typically 7 years)

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing in certain circumstances

8.2 GDPR Rights (EU/EEA Users)

If you are located in the European Economic Area, you have additional rights under GDPR including the right to lodge a complaint with a supervisory authority.

8.3 CCPA Rights (California Users)

California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information. We do not sell your personal information.

To exercise your rights, please contact us through our Help Center.

9. Cookies and Tracking

We use cookies and similar tracking technologies to improve user experience and analyze app usage:

  • Essential Cookies: Required for authentication and app functionality
  • Analytics Cookies: Help us understand how users interact with the app
  • Performance Cookies: Monitor app performance and errors

You can control cookies through your device settings, but disabling certain cookies may affect app functionality.

10. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security audits and monitoring
  • Access controls and employee training
  • Partnerships with SOC 2 compliant providers (Supabase, Stripe)

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

If you believe we have collected information from a child under 13, please contact us through our Help Center.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy in the app
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please visit our Help Center.