This document is a draft subject to legal review. It does not constitute final legal advice.
1. Who we are
AfriDish is a personalised nutrition and meal planning platform operated by Vital Rise Health LLC, a company incorporated in the United States. Our registered address and primary contact for privacy matters is: privacy@afridish.co.
AfriDish is designed specifically for the African community worldwide — both on the African continent and in the diaspora. We take the protection of your personal and health data extremely seriously.
2. What data we collect
We collect the following categories of personal data when you use AfriDish:
•Account data: your email address and name, provided when you register.
•Health profile data: health conditions (e.g. Type 2 Diabetes, Hypertension), medications, dietary restrictions, allergies, and cuisine preferences. This is special category health data under GDPR.
•Location data: your country of residence, used to tailor dish availability and localise content. We do not collect GPS coordinates.
•Subscription and payment data: your subscription tier and billing status, processed by Stripe. AfriDish never stores your full payment card details.
•Usage data: which features you use, meal plans you generate, and API activity logs for rate limiting and abuse prevention.
•Lab results (if uploaded): blood test images you voluntarily upload for AI analysis. These are processed immediately and not stored permanently.
•Family member profiles (Family Vault subscribers only): names, ages, health conditions, and dietary data for up to 4 additional profiles you add.
•AfriDish check-in data: mood and meal adherence responses you submit voluntarily.
3. Why we collect your data (legal basis)
We process your data on the following legal bases:
•Contract performance: to provide the AfriDish service you have subscribed to, including generating personalised meal plans.
•Legitimate interests: to improve the app, prevent abuse, and ensure security of the platform.
•Consent: for special category health data (your health conditions and medications), we rely on your explicit consent given during onboarding. You may withdraw this consent at any time by deleting your account.
•Legal obligation: to comply with applicable laws in jurisdictions where we operate.
4. How we use your data
Your data is used solely to provide and improve the AfriDish service. Specifically:
•To generate personalised AI meal plans using OpenAI's GPT-4o models. Your health profile is sent to OpenAI as part of the prompt. OpenAI's data processing agreement governs this transfer.
•To display condition-appropriate safety indicators on dishes.
•To generate health and doctor reports in PDF format.
•To process subscription payments via Stripe.
•To send account-related emails (verification, subscription confirmations). We do not send unsolicited marketing emails without your consent.
•To enforce usage limits and prevent abuse of the platform.
•We do NOT sell your personal data. We do NOT use your data for advertising. We do NOT share your health data with insurers, employers, or governments.
5. Who we share your data with
We share your data only with the following trusted service providers, all bound by data processing agreements:
•Supabase (database and authentication) — EU servers (Ireland region).
•OpenAI (AI meal plan generation and lab result analysis) — USA. Transfers to the USA are covered by OpenAI's standard contractual clauses.
•Stripe (payment processing) — USA, operating under PCI-DSS Level 1 certification.
•Vercel (hosting and deployment) — USA.
•We do not share data with any other third parties. We do not sell data to data brokers.
6. Data retention
We retain your account and health profile data for as long as your account is active. If you delete your account, we permanently delete all your personal data within 30 days, except where we are required to retain records by law.
API usage logs (for rate limiting) are retained for 90 days then automatically deleted.
Lab result images are not stored — they are processed in memory and discarded after the AI analysis is returned to you.
7. Your rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
•Right of access: request a copy of all personal data we hold about you.
•Right of rectification: correct inaccurate data.
•Right of erasure ("right to be forgotten"): request deletion of your data. You can exercise this by deleting your account in the app.
•Right to data portability: receive your data in a structured, machine-readable format.
•Right to withdraw consent: withdraw consent for processing health data at any time.
•Right to object: object to processing based on legitimate interests.
•CCPA (California) rights: California residents have the right to know, delete, and opt out of sale of personal information. We do not sell personal information.
•To exercise any of these rights, email: privacy@afridish.co. We will respond within 30 days.
8. Security
We take security seriously. All data is encrypted in transit (TLS 1.3) and at rest. Our database is hosted on Supabase with Row Level Security (RLS) enforced on every table — meaning no query can access another user's data, ever.
Payment data is handled entirely by Stripe and never touches our servers.
We conduct regular security reviews of our API routes and database access patterns.
9. Children's privacy
AfriDish is designed for users aged 18 and over. Family Vault subscribers may add child profiles for meal planning purposes, but the account holder must be an adult who has accepted these terms on behalf of the family.
We do not knowingly collect data from children under 13 directly. If you believe we have inadvertently collected such data, contact us at privacy@afridish.co and we will delete it immediately.
10. Cookies
AfriDish uses only essential session cookies required for authentication and to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a notice in the app at least 30 days before changes take effect. Continued use of AfriDish after changes take effect constitutes your acceptance of the updated policy.
12. Contact
For any privacy-related questions, requests, or complaints, contact us at: privacy@afridish.co