Privacy Policy

For purposes of the GDPR and similar laws, the data controller is Ivan Chabanenko, Lutherstrasse 12, 39112 Magdeburg, Germany.

You can contact us at info@jomimeals.com for general support and privacy questions.

JOMI is currently operated by a private individual rather than a separate legal entity. If that changes, this policy will be updated to reflect the new controller details.

This policy applies to personal data collected through the JOMI website, the JOMI mobile application, user support interactions, analytics and operational logs, admin and account-management tools, and any linked services that display or reference this Privacy Policy.

This policy does not apply to third-party services that have their own privacy notices, even if those services integrate with JOMI, such as Apple, Google, payment providers, or app stores.

The categories of personal data we collect depend on how you use JOMI, which features you enable, and the legal basis available in your jurisdiction.

• Account and identity data: name, email address, password hash, verification status, profile nickname, account role, and authentication records.
• Meal-planning and nutrition data: meal plans, grocery-list items, dietary preferences, user-entered nutrition targets, food diary entries, saved products, and related usage history.
• Health and wellness data: body weight entries, activity data, and health-platform imports such as Apple Health or Google Fit information when you choose to connect them.
• Device and technical data: IP address, approximate location inferred from IP, browser type, operating system, app version, device identifiers, language settings, crash data, and security logs.
• Communications data: support requests, business inquiries, verification emails, password-reset requests, and other messages you send to us.
• Administrative and audit data: login attempts, session tokens, admin actions, moderation history, and records needed to protect the service and investigate misuse.

• Directly from you when you create an account, fill in forms, log data, or contact us.
• Automatically from your device or browser when you use the website, app, or admin tools.
• From third-party integrations that you enable, such as Apple Health, Google Fit, authentication providers, hosting vendors, and app distribution platforms.
• From other users or administrators where they manage shared workflows, support cases, or business administration related to the service.

We use personal data only where we have a lawful basis and a specific operational purpose.

• To provide and maintain the app, accounts, meal planning, grocery-list generation, syncing, security, and core product functionality.
• To authenticate users, verify email ownership, prevent fraud, investigate abuse, and protect the integrity of the service.
• To improve reliability, debug issues, analyze usage patterns, and develop new product features.
• To communicate with you about your account, support requests, policy changes, and service-related notices.
• To comply with legal obligations, respond to lawful requests, enforce our terms, and preserve evidence where needed.
• To send marketing or product updates only where permitted by law and, where required, with your consent or with an available opt-out.

If you are in the European Union, European Economic Area, or Germany, we rely on one or more legal bases under Article 6 GDPR and, where relevant, Article 9 GDPR for special-category data.

• Performance of a contract: to create your account, deliver requested app features, and provide support related to the service you asked us to provide.
• Legitimate interests: to secure the service, prevent abuse, maintain logs, improve functionality, and operate the business, provided those interests are not overridden by your rights.
• Consent: for health-data integrations, non-essential analytics or marketing technologies, and any processing that requires consent under applicable law.
• Legal obligation: where we must retain records, respond to regulators, meet tax or accounting obligations, or satisfy mandatory compliance duties.
• Explicit consent for health or wellness data where required if the data qualifies as special-category personal data under Article 9 GDPR.

JOMI may use cookies, local storage, SDKs, and similar technologies to keep you signed in, remember preferences, secure the service, measure performance, and understand usage.

If you are in the EU or Germany, we will ask for consent before using non-essential technologies on your device where consent is required by ePrivacy rules and Germany's device-access consent rules. Strictly necessary technologies may be used without consent where legally permitted.

You can control cookies through your browser settings or any cookie controls we make available. Disabling some technologies may reduce functionality.

JOMI may process information related to nutrition, weight management, activity, or wellness. This information can be sensitive in some jurisdictions.

We use this information only to provide the features you request, such as meal planning, food logging, progress tracking, or syncing from third-party health platforms. We do not use health-related data for advertising based on sensitive characteristics.

At this time, JOMI uses Apple Health and Google Fit integrations because you choose to connect them. You can disconnect an integration from the relevant platform or app settings where available.

You can disconnect an integration or delete entries from your account, subject to backup and legal retention limits described in this policy.

We do not sell personal data for money. We disclose personal data only as described below or with your direction.

• Service providers and processors that host infrastructure, provide customer support tools, deliver email, secure accounts, process analytics, or help us maintain the service.
• Integration partners that act on your request, such as Apple, Google, app stores, or authentication providers.
• Professional advisers, auditors, insurers, and legal counsel where needed for legitimate business purposes and confidentiality obligations.
• Law enforcement, courts, regulators, or other third parties when required by law or reasonably necessary to protect rights, safety, and security.
• A buyer, investor, or successor entity in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.

JOMI does not sell personal data for monetary consideration. If we ever engage in cross-context behavioral advertising, targeted advertising, or other activities treated as a sale or sharing under United States state privacy laws, we will provide the required notice and opt-out mechanisms before doing so.

If applicable, California residents and residents of certain other U.S. states may use any future 'Do Not Sell or Share' or targeted-advertising controls we provide to exercise those rights.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including account administration, service delivery, security monitoring, legal compliance, dispute resolution, and enforcement of agreements.

• Account and profile data are generally retained until you delete your account or the account is inactive for a prolonged period and no retention obligation applies.
• Security, fraud-prevention, and audit logs may be retained for a longer period when needed to protect the service and investigate incidents.
• Backups may persist for a limited period after deletion until they are overwritten in the ordinary course.
• Where law requires retention, we will keep the relevant records for the required period and then delete or anonymize them.

JOMI may process personal data in countries other than the one where you live, including the United States and other locations where our providers operate.

When personal data from the EU or Germany is transferred to a country that does not provide an adequate level of protection under EU law, we use a lawful transfer mechanism such as Standard Contractual Clauses, the EU-U.S. Data Privacy Framework where applicable, or another valid safeguard.

Depending on where you live, you may have rights regarding your personal data.

• Access: request confirmation of whether we process your personal data and obtain a copy.
• Correction: ask us to correct inaccurate or incomplete personal data.
• Deletion: request deletion of personal data, subject to lawful exceptions.
• Portability: request a portable copy of certain data you provided to us.
• Restriction or objection: object to certain processing or ask us to limit processing in some situations.
• Withdraw consent: where we rely on consent, you can withdraw it at any time without affecting prior lawful processing.
• Appeal: if we deny a privacy request where appeal rights apply under state law, you may appeal by emailing info@jomimeals.com with the subject line 'Privacy Appeal'.
• Contact: you can exercise privacy rights by emailing info@jomimeals.com.

• You have the right to object to processing based on legitimate interests in situations related to your particular circumstances.
• You may lodge a complaint with your local supervisory authority, including a data protection authority in an EU member state or Germany.
• If direct marketing is used, you have the right to object at any time to processing for that purpose.
• German and EU mandatory consumer and privacy rights remain unaffected by any contractual terms that conflict with applicable law.

If you are a California resident, or live in another U.S. state with a comprehensive privacy law, you may have rights to know, delete, correct, and access specific categories of information we have collected, disclosed for business purposes, or used for targeted advertising.

In the preceding 12 months, we may have collected the categories described in Section 3 and disclosed them to the recipients described in Section 9 for business purposes. We do not knowingly sell personal data of minors and do not use sensitive personal information to infer characteristics for advertising.

JOMI is not directed to children under 16. We do not knowingly collect personal data from children under 16 without legally required authorization. If you believe a child provided personal data unlawfully, contact us and we will take appropriate steps to review and delete it if required.

We use administrative, technical, and physical safeguards designed to protect personal data, including access controls, authentication safeguards, encryption where appropriate, and monitoring for suspicious activity.

No service can guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for notifying us promptly if you suspect unauthorized account access.

JOMI may use rules or algorithms to generate meal plans, grocery lists, progress indicators, or product suggestions. These features are designed to assist with organization and planning and are not intended to produce legal, medical, employment, insurance, or similarly significant decisions.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version, update the effective date, and provide additional notice where required by law.