Privacy Policy

Fussless ("we", "us") is operated by Fussless, based in Belgium. For privacy questions, contact hello@fussless.one.

• Account data: email address, authentication identifiers, and (if you sign in with Google) your Google profile name and avatar.
• App content you create: eater profiles, safe foods, avoided ingredients, preferred textures, meal feedback, saved meals, grocery list items, and notes.
• Technical data: device type, browser, operating system, IP address (collected by hosting infrastructure for security and routing), and approximate location derived from IP.
• Usage data: pages viewed, features used, and interaction events collected through analytics (see Cookies & Tracking).
• Billing data: if you subscribe, our payment processor (Stripe) collects your name, billing address, and card details on our behalf. We receive only a customer reference, subscription status, and the last 4 digits of the card; we never see or store full card numbers.

• To provide the service (creating your account, saving profiles, generating meal suggestions and grocery lists) — legal basis: performance of a contract (GDPR Art. 6(1)(b)).
• To improve the service (anonymous/aggregated analytics, debugging) — legal basis: legitimate interests (Art. 6(1)(f)).
• To send service emails (account confirmation, password resets, important changes) — legal basis: contract performance.
• For optional analytics and marketing cookies — legal basis: your consent (Art. 6(1)(a)). You can withdraw consent at any time.
• To comply with legal obligations (e.g. invoicing, tax records) — legal basis: legal obligation (Art. 6(1)(c)).

We use the following categories of processors. Each is bound by GDPR-compliant data processing terms:

• Hosting & database: Supabase / cloud infrastructure providers (data stored in the EU where available).
• Authentication: Supabase Auth and (optionally) Google Sign-In.
• Analytics: Google Analytics (only with your consent).
• Payments: Stripe handles card processing and stores payment credentials under its own privacy policy.

Some processors may transfer data outside the EU/EEA. Where this happens, we rely on Standard Contractual Clauses or adequacy decisions.

We use a small number of essential cookies required to keep you signed in and to remember your filter preferences. Optional analytics or marketing cookies are only set after you give consent through our cookie banner. See the Cookies & Tracking page for details.

• Account & app data: kept while your account is active and deleted within 30 days of account deletion.
• Backups: retained for up to 90 days after deletion before being overwritten.
• Billing records: retained for 7 years as required by Belgian tax law.
• Analytics: retained according to the analytics provider's default retention (typically 14 months).

• Right of access to your personal data
• Right to rectify inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time (without affecting prior processing)
• Right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at dataprotectionauthority.be

To exercise any of these rights, email hello@fussless.one. We respond within 30 days.

Fussless is intended for adults (parents and caregivers). We do not knowingly create accounts for children under 16. If you believe a minor has created an account, contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect.