Privacy Policy

Effective Date: April 21, 2026

FlexMeal, operated by Ngo, provides the FlexMeal mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information when you use the App.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, phone number (optional), and profile photo (optional). See Section 2 for details on camera and photo library access.

Authentication Data: We support sign-in via email/password, Apple Sign-In, and Google Sign-In. When you use social sign-in, we receive your name and email from the provider. We do not receive or store your social account passwords.

Payment Information: Payments are processed by Stripe. We do not store your full credit card numbers. Stripe collects and manages your payment details under their own privacy policy. For chefs, Stripe Connect collects banking and identity information for payouts.

Order Information: We store order details including items purchased, amounts, order status, and pickup locations.

Messages: If you use in-app messaging, we store message content to facilitate communication between customers and chefs.

Device Information: We collect device identifiers and push notification tokens to send you notifications about orders and messages.

Usage Data: We use Mixpanel to collect anonymized usage analytics such as screens viewed, features used, and app events. We use Sentry to collect crash reports and error logs to improve app stability.

2. Camera and Photo Access

FlexMeal requests access to your device's camera and photo library to enable core features of the App:

For Chefs:

• Capturing photos of meals you list for sale
• Setting or updating your profile photo
• Documenting order fulfillment (optional)

For Customers:

• Setting or updating your profile photo
• Attaching photos to reviews or support requests (if applicable)

How Camera Access Works:

• The App only accesses the camera when you actively choose to take a photo within the App (e.g., tapping "Add Meal Photo" or "Update Profile Picture").
• The App does not record video or capture images in the background.
• The App does not access your camera or photo library without your explicit action.

How Photo Library Access Works:

• You may choose to upload an existing photo from your device's photo library instead of taking a new one.
• The App only accesses the specific photo you select — it does not scan, index, or upload your entire photo library.

How Your Photos Are Stored:

• Photos you upload (meal photos, profile photos) are stored securely in our Supabase storage service with restricted access controls.
• Meal photos are visible to other users browsing the FlexMeal marketplace (this is the purpose of listing a meal).
• Profile photos are visible to other users in contexts where your profile appears (e.g., chef page, order details).

Your Control:

• You may revoke camera or photo library permissions at any time through your device's system settings (Settings → Apps → FlexMeal → Permissions).
• Revoking permission will disable photo-related features but will not affect other App functionality.
• You may delete uploaded photos through the App at any time.

3. How We Use Your Information

• To create and manage your account
• To process orders and payments
• To send push notifications about orders, messages, and updates
• To facilitate communication between customers and chefs
• To improve the App through analytics and crash reporting
• To prevent fraud and ensure security

4. Third-Party Services

We use the following third-party services that may collect data:

• Supabase — Database, authentication, and file storage
• Stripe — Payment processing and chef payouts
• Expo — Push notification delivery
• Sentry — Crash reporting and error tracking
• Mixpanel — Usage analytics
• Apple / Google — Social sign-in authentication

Each service operates under its own privacy policy. We encourage you to review their policies.

5. Data Sharing

We do not sell your personal information. We share data only as follows:

• With Stripe to process payments
• With other users as necessary for orders (e.g., your name is visible to the chef you order from)
• With service providers listed above to operate the App
• If required by law or to protect our rights

6. Data Retention

We retain your account data for as long as your account is active. Order history is retained for record-keeping and dispute resolution. You may request deletion of your account and associated data at any time.

7. Data Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), Row Level Security on our database, JWT authentication, and secure credential storage on your device. However, no method of transmission or storage is 100% secure.

8. Your Rights

You may:

• Access and update your personal information through the Edit Profile screen
• Delete your account by contacting us
• Opt out of push notifications through your device settings

9. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect information from children under 13. If we learn that we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to request data deletion, contact us at:

netngo23@gmail.com