Privacy Policy
Last updated: 2026-07-07
TL;DR: We collect the minimum data needed to run Grelife (email, name, password). We don't show ads and we don't sell your data. Optional analytics cookies (off by default) help us improve the app only if you allow them. AI suggestions are optional and require your consent. Your data is hosted in the European Union (Germany), with encrypted backups kept in Switzerland. You can export or delete everything on request.
1. Who is responsible
Loïc Gremaud Email: contact@grelife.ch
2. What we collect and why
| Data | Why we need it | Legal basis |
|---|---|---|
| Email address | So you can log in | Contract |
| Display name | So your family sees your name | Contract |
| Password | Authentication (we only store an irreversible hash) | Contract |
| IP address | Protect against attacks, rate limiting | Legitimate interest |
| User-agent | Session security | Legitimate interest |
| Language preference | Show the app in your language | Contract |
We also store what you create: recipes, meal plans, shopping lists, ingredients, tags, and family invitations. This data belongs to your family and is isolated from other families at the database level.
We may analyze aggregated or anonymized usage patterns to improve the service (for example, better meal suggestions or faster performance). This never exposes one family's data to another.
3. How we treat your data today
- No data selling. Your data is not a product.
- No third-party tracking. No tracking pixels, no fingerprinting, no advertising profiles.
- Optional analytics only. Any analytics are self-hosted and stay off until you choose to allow them (see section 5).
- No ads. Grelife is ad-free.
- No sharing except with OpenAI for AI suggestions (and only with your consent).
If this changes, we will update this policy, notify you, and give you a choice (see Terms of Service, section 6).
4. AI meal suggestions (optional)
This feature requires your family's explicit consent. When enabled, we send the following to OpenAI (based in the United States):
- Recipe names, ingredient names, and tag names
- Meal history (last 8 weeks: dates and meal names)
- Your language preference
- Custom meal instructions (if provided)
We never send your email, password, or personal identifiers to OpenAI.
You can withdraw consent and disable this feature at any time. The data transfer to the US is covered by Standard Contractual Clauses (SCCs) in our Data Processing Agreement with OpenAI.
5. Cookies and analytics
Strictly necessary (always on, no consent needed):
| Cookie | Why | Duration |
|---|---|---|
session_id |
Keeps you logged in | 7 days |
pending_2fa |
Holds your login between the password step and the two-factor code | A few minutes (until you finish signing in) |
PARAGLIDE_LOCALE |
Remembers your language | 400 days |
Optional analytics (off by default, only if you allow them):
| Cookie / storage | Why | Duration |
|---|---|---|
grelife:analytics-consent |
Remembers your cookie choice (browser storage, not a cookie) | Until you change it |
_oo_s |
Ties analytics events to one browsing session (set by our self-hosted monitoring only after you allow analytics) | Session (expires after 15 minutes of inactivity, 4 hours maximum) |
We ask for your choice with a cookie banner. Analytics stay off unless you select Allow analytics, and you can change your mind anytime via Cookie settings in the footer.
If you allow analytics, we collect anonymous, aggregated data about how the app performs in your browser: page-load and Web Vitals timings, resource timing, JavaScript errors, and a session identifier. This helps us find and fix slow or broken pages. It is:
- Off by default. We collect nothing until you click Allow analytics.
- Self-hosted. The data goes to our own monitoring system on our EU servers, never to a third-party analytics provider.
- Minimal. We do not build advertising profiles, we do not sell or share it, and we keep your IP address minimal (not used for location profiling).
- Withdrawable. Reject or change your choice anytime. Your choice is remembered for 6 months, then we ask again (or sooner if this policy changes).
- Not personal data. Because it is anonymous, it is not part of your data export or account deletion, which cover your personal data (profile, recipes, meal plans, shopping lists).
6. Third parties
| Who | Why | Where | Safeguard |
|---|---|---|---|
| Hetzner Online GmbH | Server hosting (infrastructure) | Germany (EU) | Within the EU/EEA; no access to your data |
| OpenAI | AI meal suggestions (optional) | United States | DPA with SCCs |
No third-party analytics providers, no ad networks. Optional analytics and error monitoring are self-hosted on our own EU servers (see section 5).
7. Where your data lives
Your data is hosted in the European Union (Germany) on servers we manage at Hetzner Cloud. We run the application stack ourselves (the PostgreSQL database and Valkey cache); Hetzner provides the underlying infrastructure and does not access your data. Encrypted backups are kept in Switzerland. The EU and Switzerland recognise each other as providing an equivalent level of data protection, so this transfer is lawful.
If this changes, we will update this policy.
8. How long we keep your data
| Data | How long |
|---|---|
| Your account | Until you delete it |
| Recipes, meal plans, shopping lists | Until you delete them or your account |
| Sessions | 7 days (auto-deleted) |
| AI suggestion cache | 24 hours (auto-deleted) |
| Meal history for AI | Rolling 8-week window |
| Backups | Up to 30 days (auto-deleted) |
| Cold storage snapshots | Up to 90 days (auto-deleted) |
We don't keep data longer than necessary. When you delete something, it is removed from the live database immediately. Automated backups and cold storage snapshots kept for disaster recovery may still contain deleted data for up to 90 days, after which they are permanently deleted. We never restore individual data from backups to reverse a deletion you requested. If we ever perform a full database restore, we make reasonable efforts to re-apply deletion requests that occurred after the backup date.
9. Your rights
You can always:
- See your data: request a copy of everything we have about you.
- Fix your data: correct anything that's wrong.
- Delete your data: request full deletion of your account and data.
- Export your data: get your data in a machine-readable format.
- Restrict processing: ask us to limit how we use your data.
- Object: object to processing based on legitimate interest.
- Withdraw consent: turn off AI suggestions or analytics at any time.
Contact us at contact@grelife.ch. We respond within 30 days.
10. Access to your data
We only look at your data when:
- You ask us for help (support request)
- We need to fix a technical issue affecting your account
- We are legally required to (court order, legal obligation)
We never browse your data out of curiosity.
11. Children
Children can use Grelife only through a parent or guardian's invitation. We don't allow direct registration for minors. The inviting parent is responsible for their children's access.
12. How we protect your data
- Passwords are hashed with Argon2id (industry best practice)
- Sessions use cryptographically random identifiers
- Authentication cookies are HttpOnly and Secure
- CSRF protection via custom headers and SameSite cookies
- Rate limiting on login and registration
- Database-level row security isolates each family's data
13. If something goes wrong
If we discover a data breach that puts your rights at risk:
- We notify the Swiss data protection authority (FDPIC) as quickly as possible
- We notify the relevant EU authority within 72 hours (if GDPR applies)
- We inform you directly if the breach poses a high risk to you
14. Where to complain
You can lodge a complaint with:
- Switzerland: FDPIC, https://www.edoeb.admin.ch
- EU: The data protection authority in your country
15. Changes to this policy
When we update this policy, we change the date at the top. For significant changes, we notify you by email or in the app.