LeanBowl
Privacy Policy for LeanBowl
App-specific privacy information for LeanBowl, its website pages, and related services.
LeanBowl
App-specific privacy information for LeanBowl, its website pages, and related services.
Last updated: 11 June 2026
This Privacy Policy explains how Gladiolus Limited, using LeanBowl as an app brand/trading name ("LeanBowl", "we", "us", or "our"), collects, uses, stores, and shares personal data when you use the LeanBowl app, website pages, and related services (together, the "Service").
LeanBowl is not a separate legal entity. For UK GDPR and Data Protection Act 2018 purposes, Gladiolus Limited is the data controller for the personal data described in this Policy, except where a third party acts as an independent controller for its own services, such as Apple, Google, or app stores.
LeanBowl helps users generate and organise high-protein recipes, edit recipes, save recipes, add meals to a planner, and build grocery lists. LeanBowl uses AI to help generate recipe content from user-selected inputs and optional text context.
Depending on how you use the Service, we may collect or process the following categories of personal data:
LeanBowl may also process user-submitted recipe content or recipe-related inputs when a user asks the app to generate or edit a recipe.
LeanBowl is intended to operate as a meal-planning and recipe organisation product, not as a medical or dietetic service. We do not intentionally ask for medical conditions, diagnoses, treatment history, body weight, BMI, allergy status, health goals, weight-loss goals, or calorie targets.
Please do not include health, medical, allergy, pregnancy, medication, body, or other sensitive personal information in free-text recipe fields.
We use personal data for the following purposes:
LeanBowl does not use personal data for third-party advertising or cross-app advertising tracking.
We do not send standalone marketing communications for LeanBowl. If we start sending direct marketing, we will ask for a clear opt-in where required by law.
You can withdraw marketing consent at any time by using the unsubscribe link in the message or contacting us at leanbowl-privacy@gladiolus.dev. Withdrawal of consent does not affect processing carried out before withdrawal.
We will still send non-marketing service messages when necessary, for example account, billing, security, or important legal updates.
We do not currently:
If any of these practices change, we will update this Policy and provide any required notices, consents, or opt-out mechanisms under applicable law.
When you ask LeanBowl to generate a high-protein recipe, selected inputs and optional user text may be sent to backend services and AI model providers to produce a result. LeanBowl may use DeepSeek, OpenAI, or both for AI recipe generation and related processing.
AI providers may process prompts, inputs, generated outputs, and technical metadata under their own terms and privacy practices. DeepSeek's privacy policy states that information such as text inputs, prompts, uploaded files, feedback, and chat history may be used to improve and train its technology, and that personal information may be stored in the People's Republic of China. You can read DeepSeek's privacy policy at cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html.
AI outputs may be inaccurate, incomplete, or unsuitable for your needs.
Do not enter medical conditions, allergy details, pregnancy or breastfeeding information, diagnoses, treatment information, or other sensitive health information into AI prompts or free-text fields.
You must review ingredients, allergens, cooking safety, and nutrition estimates yourself before cooking or eating a recipe.
LeanBowl is not a medical, dietetic, allergy, or exact nutrition service. Nutrition values are estimates only. LeanBowl does not guarantee exact nutrition accuracy or allergen safety.
We may share personal data with service providers that process data on our behalf, and with professional advisers, regulators, law enforcement, or authorities where legally required.
We do not sell your personal data and do not use your personal data for cross-app advertising tracking.
This table gives more specific transparency about material providers that LeanBowl may use for account access, subscriptions, analytics, diagnostics, AI processing, storage, and app-store services. Providers may change as the Service develops, but we aim to keep this table current where a provider is material to how personal data is processed.
| Provider | Purpose | Data categories | Country or region |
|---|---|---|---|
| Supabase | Backend hosting, database, authentication, email OTP sign-in, and storage services. | Account identifiers, email address, authentication/session metadata, profile settings, saved recipes, planner entries, grocery items, and related app data. | May include the UK, EEA, United States, and other locations depending on project region, support access, infrastructure, and subprocessors. |
| RevenueCat | Subscription entitlement management, purchase restoration, trial status, renewal status, and subscription support. | App user ID or customer ID, product ID, entitlement ID, purchase state, trial status, renewal/expiry/cancellation metadata, app-store environment, and related subscription events. | May include the United States, EEA, and other locations where RevenueCat and its subprocessors operate. |
| Sentry | Diagnostics, crash/error reporting, reliability monitoring, and troubleshooting where enabled. | Error logs, crash data, device/platform information, app version, technical metadata, and related event identifiers. We do not intentionally send recipe content or sensitive health information to diagnostics tools. | May include the United States, EEA, and other locations where Sentry and its subprocessors operate. |
| Mixpanel | Product analytics, feature usage measurement, subscription-funnel analysis, and product improvement where enabled. | Product interaction events, device/session identifiers, user or anonymous IDs, onboarding and feature events, subscription-related events, and technical metadata. | May include the United States, EEA, and other locations where Mixpanel and its subprocessors operate. |
| OpenAI | AI recipe generation and related AI processing where configured. | Selected recipe inputs, optional free-text recipe context, generated prompt/request content, response content, and technical metadata needed to provide the AI result. We do not intentionally send payment details or sensitive medical information. | May include the United States and other locations where OpenAI and its subprocessors operate. |
| DeepSeek | AI recipe generation and related AI processing where configured. | Selected recipe inputs, optional free-text recipe context, generated prompt/request content, response content, and technical metadata needed to provide the AI result. We do not intentionally send payment details or sensitive medical information. | May include the People's Republic of China and other locations depending on DeepSeek infrastructure and subprocessors. |
| Apple | Sign in with Apple, App Store distribution, in-app purchases, subscriptions, billing, refunds, and subscription management. | Apple account-linked identifiers, private relay email or email address where provided, purchase/subscription metadata, refund status, device/app-store metadata, and related account or transaction records. | Apple operates globally and may process data in multiple countries depending on the relevant Apple service. |
| Google sign-in, Google Play distribution, in-app purchases, subscriptions, billing, refunds, and subscription management. | Google account identifiers, email address and profile information where provided by sign-in, purchase/subscription metadata, device/app-store metadata, and related account or transaction records. | Google operates globally and may process data in multiple countries depending on the relevant Google service. |
Where a provider acts as our processor, we aim to use provider data processing terms, data processing agreements, or equivalent contractual terms that address processing instructions, confidentiality, security, subprocessors, assistance with user rights, retention, deletion, and breach support. Some providers, such as Apple or Google for app-store billing and account services, may also act as independent controllers for their own services.
If Gladiolus Limited or LeanBowl is involved in a merger, acquisition, financing, reorganisation, insolvency process, sale of assets, assignment, change of control, or similar transaction, personal data may be transferred to the acquiring or successor entity as part of that transaction.
The successor entity will continue to process personal data in accordance with this Policy, applicable law, and any required notices, consents, and opt-out rights. If personal data is used, shared, sold, licensed, or processed in a materially different way after a transfer, we or the successor entity will provide notice and obtain consent or apply any required mechanism under applicable law.
We are based in the United Kingdom. Some providers we use may process personal data outside your country of residence, including in the United Kingdom, European Economic Area, United States, People's Republic of China, or other countries where their systems, support teams, or subprocessors operate. The provider table above identifies material providers that may involve overseas processing.
Where recipe inputs or optional user text are sent to an AI model provider, that provider may process the data in countries outside the UK depending on its infrastructure and subprocessors. DeepSeek's privacy policy states that personal information may be stored in the People's Republic of China. We aim to send only the recipe data needed to generate or improve the requested recipe output.
Where UK GDPR, Australian, New Zealand, or other applicable privacy laws require safeguards for international transfers, we use appropriate measures such as adequacy decisions, approved contractual terms, data processing agreements, provider data processing terms, or other lawful transfer mechanisms.
We keep personal data only for as long as reasonably necessary to provide the Service, support legitimate operations, comply with legal obligations, resolve disputes, and enforce agreements.
| Data category | Typical retention | Notes |
|---|---|---|
| Account and subscription data | Active account plus up to 24 months | Longer where needed for legal, fraud-prevention, support, tax, accounting, or dispute reasons. |
| Saved recipes, cookbooks, planner entries, and grocery data | Until deleted, account deletion, or no longer needed | User-controlled app content used to provide the Service. |
| Account deletion requests | Deleted or anonymised within 30 days after verification | Limited records may be kept where legally, technically, or security-required. |
| Support records | Up to 6 years | Used for business records, disputes, and legal claims. |
| Diagnostics and security logs | Usually up to 90 days | Longer if needed to investigate abuse, security incidents, reliability issues, or provider configuration. |
| Product interaction and analytics data | Up to 12 months where controlled by us | Applies where analytics are enabled and retention settings are under our control. |
We maintain this retention schedule and review it as the Service, provider settings, and legal requirements change.
Subject to applicable law, you may have the right to:
You can request account deletion or exercise privacy rights by contacting leanbowl-privacy@gladiolus.dev. You can also read our LeanBowl Data Deletion page for the deletion request process.
We may verify your identity before processing a request and may ask for clarification if a request is broad or unclear. We will respond to verified requests within the time required by applicable law.
You also have the right to complain to the UK Information Commissioner's Office if you believe your data protection rights have been infringed.
This Policy is intended to apply globally. The sections above explain the main facts about LeanBowl's collection, use, sharing, AI processing, retention, security, and international transfers. The regional notes below explain additional rights or complaint routes that may apply depending on where you live or which privacy law applies.
If UK data protection law applies, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent where processing relies on consent, and request portability of certain personal data. You may complain to the UK Information Commissioner's Office.
If Australian privacy law applies, you may request access to or correction of your personal information and contact us with privacy complaints. We explain how LeanBowl collects, uses, discloses, stores, secures, and sends personal information overseas in the sections above, including the Sharing of Personal Data, International Transfers, Retention, Security, and Contact sections.
If New Zealand privacy law applies, you may request access to or correction of your personal information and contact us with privacy complaints. We explain how LeanBowl collects, uses, discloses, stores, secures, and sends personal information overseas in the sections above, including the Sharing of Personal Data, International Transfers, Retention, Security, and Contact sections.
LeanBowl is intended for users aged 18 and over and is not directed at children. If you are under 18, you should not use LeanBowl unless a parent or legal guardian has reviewed these terms and is responsible for your use of the Service.
We do not knowingly use children's personal data for marketing, advertising profiling, or cross-app tracking. If we learn that we have collected personal data from a child in a manner that requires parental consent and did not obtain it, we will take appropriate steps to delete the data or obtain appropriate consent.
We use reasonable technical and organisational measures intended to protect personal data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We maintain an incident response process for security events involving personal data. If we become aware of a personal data breach, we will assess the likely risk to users, keep an internal record, work with relevant providers where needed, and notify the Information Commissioner's Office and affected users where required by applicable data protection law.
Our App Store and Play Store privacy disclosures describe the data we collect and how we use it and should be read together with this Policy.
Our app store privacy disclosures may identify data types such as name, email address, user ID, device ID, purchase history, product interaction, and other user content where applicable. These data types are linked to the user's identity where they are associated with an account, subscription customer, or device/session identifier.
Our website pages may use essential cookies and similar technologies for security, session management, authentication, and basic analytics. We do not use cookies for cross-site behavioural advertising.
You can control cookies through your browser settings. If we add additional cookie or tracking technologies requiring consent, we will update this Policy and provide required consent mechanisms. See our Cookies Policy for more detail.
We may update this Privacy Policy from time to time. We will post the updated version on our website and update the "Last updated" date above. Where required by law, we will take additional steps to notify you.
If you have privacy questions or want to exercise your rights, contact us using the details below.
Gladiolus Limited
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, England
ICO registration reference: ZC112773
Privacy: leanbowl-privacy@gladiolus.dev
Support: leanbowl-support@gladiolus.dev