Privacy Notice
Effective date: 17 May 2026 · Last updated: 17 May 2026
Who we are
Mila (mila.menu) is a personal meal-planning tool currently in a closed, invite-only beta, operated by a private individual based in the United Kingdom.
What data we collect
| Data | Why we collect it |
|---|---|
| Email address | To create your account, send a verification email, and send optional weekly planning reminders |
| Password (stored as a one-way hash) | To authenticate you — we never store your password in plain text and cannot read it |
| Dietary tags and requirements | To personalise the meal plans Mila generates for you |
| Equipment, complexity, and cooking time preferences | To generate practical, achievable meal plans |
| Generated meal plans, recipes, and shopping lists | To display your current plan and, in future, your history |
We do not collect payment information, location data, or data from social media accounts.
Legal basis for processing
Legitimate interests (Article 6(1)(f) UK GDPR): Running a small, closed beta for a personal meal-planning tool is the legitimate interest. Processing is limited to what is necessary to make the tool work. You can object to this processing at any time (see Your rights below).
Explicit consent (Article 9(2)(a) UK GDPR): Dietary preferences may constitute special category data (health data) under Article 9 UK GDPR. By creating an account and submitting your dietary preferences, you give explicit consent for us to process this data solely to provide the meal-planning service. You can withdraw consent at any time by deleting your account.
How long we keep your data
We retain your data for as long as your account is active. If you request account deletion, we will delete all your personal data within 30 days.
Who we share your data with
Your data passes through the following third-party services. We do not sell your data to any third party.
| Service | Purpose | What is sent |
|---|---|---|
| Supabase (EU region) | Database and authentication | Email, hashed password, dietary preferences, meal plans |
| Anthropic | AI meal plan generation | Dietary preferences and cooking inputs — your email is never sent |
| Vercel | Hosting | Standard request logs (IP address, pages accessed) |
| Resend | Transactional email | Email address and content of verification and reminder emails |
| Sentry | Error monitoring | Error stack traces — personal data fields are stripped before any data leaves the app |
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Deleteyour data (the “right to be forgotten”)
- Object to processing based on legitimate interests
- Withdraw consent for special category data processing at any time
You can exercise three of these rights yourself from Settings → Account & data inside mila:
- Download my data (Article 15, right of access) — emails you a JSON file containing your profile, family members, meal plans, recipes, ratings, and notes. Available immediately; the download link is valid for 24 hours.
- Change email — re-verifies a new email address with you before swapping it on your account. Your existing email continues to work until you click the verification link sent to the new address.
- Delete my account (Article 17, right of erasure) — permanently removes your profile, family members, meal plans, recipes, ratings, notes, and share links within seconds of confirmation. We keep a single anonymised AI-usage row per generation (model name, token count, cost) for billing audit — no personal information remains.
For any right not covered by the self-service flows above (data correction beyond what you can edit yourself, objection to processing, complaints), reply to any email you have received from mila.menu. We will respond within 30 days. If you are unsatisfied, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.
Changes to this notice
If we make material changes to this notice, we will notify active users by email before the changes take effect.