Privacy Policy

Last updated: March 2026

1. Overview

Eat Magic ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using the Service, you agree to the practices described here.

2. Information We Collect

Information you provide directly:

  • Phone number (used as your account identifier and for SMS delivery)
  • Dietary preferences, health goals, allergies, household size, and budget range
  • Payment information (processed by Stripe; we do not store full card numbers)

Information collected automatically:

  • Basic usage and error logs (e.g., failed SMS delivery, webhook events)
  • IP address and browser information when you visit our website

3. How We Use Your Information

  • To deliver personalized weekly grocery lists via SMS
  • To authenticate your account via one-time passcode
  • To process and manage your subscription and billing
  • To improve the quality and accuracy of the Service
  • To communicate account-related updates (e.g., billing issues, service changes)
  • To comply with legal obligations

We do not sell your personal information to third parties.

4. Third-Party Service Providers

We share your data only with trusted service providers necessary to operate the Service:

  • Twilio — SMS delivery and phone verification
  • Stripe — Payment processing and subscription management
  • OpenAI — AI-generated grocery list content (preference data is sent to generate your list)
  • Railway / hosting providers — Infrastructure and database hosting

Each provider is bound by their own privacy policies and data processing agreements.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you cancel your subscription and request deletion, we will remove your personal data within 30 days, except where we are required to retain it by law (e.g., financial records).

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and personal data
  • Opt-out of SMS — Reply STOP to any message at any time
  • Portability — Request your data in a portable format

To exercise these rights, contact us via the account management page or by replying to any Eat Magic SMS.

7. SMS & Marketing

We use your phone number solely to deliver the Service (weekly grocery lists and transactional messages like OTP codes and billing alerts). We do not send promotional or marketing SMS without your explicit consent. You may opt out of all SMS at any time by replying STOP.

8. Security

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), hashed/tokenized credentials, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

10. Cookies & Tracking

Our website uses session cookies to manage your login state and signup flow. We do not use third-party advertising trackers or analytics cookies. You can configure your browser to block cookies, but doing so may break signup or account functionality.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via SMS or by updating the date at the top of this page. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, data requests, or to request account deletion, please use the account management page or reply to any Eat Magic SMS message.