How planning data is processed

This Data Processing page summarizes how DietWings processes data to operate the public website, user accounts, meal-planning workflows, AI-assisted features, shopping lists, pantry and inventory tools, feedback, notifications, billing, security, support, analytics, and administrative systems.

This page is provided for transparency. It is not, by itself, a data processing agreement, business associate agreement, service-level agreement, security certification, legal opinion, medical agreement, or data residency commitment.

This page should be read together with our Privacy Policy, Cookie Policy, Terms of Service, and any written agreement that expressly applies to your use of DietWings. If a separate signed data processing agreement or enterprise agreement applies, that agreement controls for the processing activities it covers.

DietWings is operated by Isentró Kft, registered at 1082 Budapest, Corvin sétány 6, 8th floor, unit 4, Hungary.

For individual accounts and direct consumer use, DietWings generally acts as an independent controller of personal data because DietWings determines the purposes and means of processing needed to provide, secure, bill, improve, and administer the service.

Where an organization, enterprise customer, or other controller uses DietWings under a written agreement that expressly appoints DietWings as a processor, service provider, or contractor, DietWings processes the covered personal data only for the purposes described in that agreement and according to documented instructions, unless applicable law requires otherwise.

A public website user, account owner, shared user, household organizer, organization, or administrator remains responsible for the information they choose to submit, the accuracy of that information, the authority to submit information about other people, and any notices, consents, permissions, or legal bases required for their own use of DietWings.

DietWings may refuse, suspend, or limit processing instructions that appear unlawful, unsafe, technically infeasible, abusive, harmful to the service, inconsistent with DietWings policies, or outside the scope of the applicable agreement.

DietWings processes data to provide and improve personalized meal planning, AI-assisted plan generation, recipe adaptation, grocery list generation, pantry and leftovers organization, nutrition estimates, adherence tracking, cooking and workout tracking, account access, authentication, customer support, product notifications, billing, security, abuse prevention, analytics, diagnostics, and administrative operations.

DietWings also processes data to maintain subscriptions, token balances, token usage records, invoices, promo codes, payment states, plan access, account settings, shared access permissions, connected accounts, notification preferences, audit logs, compliance controls, and support or feedback history.

DietWings is not a doctor, dietitian, nutrition clinic, emergency service, medical device, electronic health record, or clinical decision-support system. DietWings processing is intended to support informational meal-planning and productivity features, not diagnosis, treatment, prevention, cure, or professional medical advice.

• Collecting, receiving, recording, organizing, storing, hosting, backing up, retrieving, displaying, transmitting, securing, and deleting data.
• Analyzing user-provided inputs to generate meal plans, recipes, ingredient lists, grocery lists, cautions, revisions, summaries, PDF exports, and AI chat responses.
• Converting, formatting, parsing, extracting, or summarizing information from text prompts, uploaded files, screenshots, plan drafts, shopping lists, pantry entries, and feedback submissions.
• Logging, monitoring, rate-limiting, filtering, and reviewing activity for security, abuse prevention, debugging, diagnostics, billing integrity, and service reliability.
• Aggregating, de-identifying, anonymizing, or statistically analyzing data where permitted for product improvement, business reporting, cost monitoring, model-output evaluation, and operational analytics.

• Website visitors, prospective users, registered users, trial users, paying subscribers, token-package purchasers, and account owners.
• Household participants, temporary guests, shared users, and other people whose information is entered by a user or account owner.
• Administrators, support contacts, feedback submitters, bug reporters, feature-request submitters, and people communicating with DietWings.
• Users who connect third-party accounts, use Google login, connect Telegram, receive notifications, or interact with payment providers.
• Enterprise or organization users, where DietWings is used under a separate written agreement.

Meal-planning data may be sensitive depending on what users provide. Allergies, medical flags, body measurements, nutrition goals, adherence history, AI chat content, household profiles, and uploaded files may reveal private information about a user or another person.

Users must not submit information about another person unless they have the legal right, permission, or authority to do so. This includes household members, guests, children, relatives, shared users, clients, employees, or any other third party.

Users are responsible for reviewing AI-generated outputs, ingredient lists, nutrition estimates, recipes, warnings, shopping lists, pantry updates, and plan changes before relying on them. DietWings cannot guarantee that generated plans are medically appropriate, allergen-free, nutritionally complete, error-free, affordable, locally available, or suitable for every person.

DietWings does not sell user-provided meal plans, allergy notes, medical flags, AI chat content, uploaded files, body measurements, payment credentials, or private household profiles to data brokers.

DietWings is not intended for use by children who cannot lawfully consent to online services in their location. A parent, guardian, household organizer, or authorized adult must be responsible for any information entered about a child.

Users should not create accounts for children, invite children as shared users, or submit detailed child-related health information unless they have the required authority and the information is necessary for meal-planning use.

Where an organization, coach, caregiver, or other third party enters information about another person, that party is responsible for providing required notices, obtaining required permissions, and ensuring the information is lawful, accurate, and appropriate.

DietWings may use AI systems and AI service providers to generate meal plans, recipes, shopping lists, pantry suggestions, cautions, revisions, summaries, diffs, chat responses, and other product outputs.

To provide AI-assisted features, DietWings may send prompts, plan settings, household inputs, uploaded-file extracts, recipe data, shopping-list data, pantry context, user edits, AI chat messages, and relevant metadata to AI systems or providers.

AI outputs may be incomplete, inaccurate, unsafe for a particular person, inconsistent with local product availability, or unsuitable for a medical condition, allergy, pregnancy, eating disorder, medication, religious practice, athletic goal, or dietary requirement. Users must review outputs before use and consult qualified professionals where appropriate.

DietWings may monitor AI usage, token consumption, latency, errors, cost, abuse patterns, safety signals, and output quality to operate, secure, troubleshoot, and improve the service.

• Hosting, database storage, object storage, backups, logging, monitoring, diagnostics, and infrastructure operations.
• AI-assisted meal-plan generation, recipe generation, recipe adaptation, grocery-list generation, nutrition-estimate calculations, plan revisions, AI chat, and output formatting.
• Authentication, email verification, password reset, OTP/2FA, connected-account flows, Google login, Telegram connection, notification delivery, and account security.
• Payment checkout, subscription status, trial activation, token-package purchases, promo-code handling, invoices, refunds, billing history, tax or accounting metadata, and payment-provider reconciliation.
• Analytics, feature measurement, error monitoring, performance monitoring, abuse detection, fraud prevention, rate limiting, cost monitoring, and product improvement.
• Customer support, feedback handling, bug-report processing, screenshot handling, feature-request processing, administrative review, account-status actions, and audit logging.

DietWings may use third-party providers and sub-processors for cloud infrastructure, hosting, databases, storage, backups, authentication, AI functionality, file processing, PDF generation, payments, invoicing, tax support, analytics, error monitoring, email delivery, Telegram notifications, customer support, security, fraud prevention, and product operations.

Sub-processors are expected to process data only as needed to provide their services to DietWings, under confidentiality and security obligations appropriate to the nature of their services.

Where a written agreement gives a customer notice or objection rights for sub-processor changes, DietWings will handle sub-processor changes according to that agreement. Otherwise, DietWings may add, replace, or remove providers as needed to operate, secure, improve, or support the service.

Third-party websites, payment pages, authentication providers, Google, Telegram, Stripe, Cryptomus, AI providers, browser extensions, app stores, and external services may process data under their own terms and privacy documents when users interact with them directly or through integrations.

DietWings, its infrastructure, and its providers may process data in countries other than the country where a user lives. Data may be accessed, stored, transferred, or supported from multiple locations depending on hosting, security, billing, AI, support, and operational needs.

Unless a written enterprise agreement expressly provides a data-residency commitment, DietWings does not guarantee that all data will remain in a specific country, region, or jurisdiction.

Where applicable privacy laws require transfer safeguards for international transfers, DietWings aims to use appropriate transfer mechanisms, contractual terms, provider commitments, and operational measures suitable for the relevant processing activity.

Authorized DietWings personnel, contractors, or administrators may access account, plan, billing, technical, security, and support data where reasonably necessary to operate the service, provide support, investigate bugs, prevent abuse, secure accounts, resolve billing issues, enforce policies, comply with law, or perform authorized administrative actions.

Administrative tools may include user search, user detail views, role management, account blocking, subscription adjustments, token adjustments, login-history review, token-usage review, payment-provider administration, content and changelog management, alert management, feedback management, audit logs, analytics dashboards, LLM usage monitoring, cost monitoring, and compliance-policy controls.

Where a protected support or administrative feature allows authorized personnel to access or act as a user, DietWings aims to limit such access to legitimate support, security, compliance, troubleshooting, or administrative purposes and to record relevant activity in audit logs where appropriate.

Users and account owners are responsible for managing shared access, removing users who should no longer have access, protecting credentials, using 2FA where available, and promptly reporting unauthorized activity.

• TLS or similar protections for data in transit where supported.
• Authentication controls, password protections, email verification, OTP/2FA features, trusted-device controls, backup-code handling, session management, and logout controls.
• Role-based access controls, least-privilege practices where appropriate, administrative permissions, audit logging, monitoring, and internal access review processes.
• Operational logging, diagnostics, error monitoring, abuse detection, rate limiting, fraud-prevention checks, and security-event review.
• Backups, recovery procedures, infrastructure monitoring, provider security controls, and reasonable measures designed to support availability and resilience.
• Administrative, technical, and organizational measures designed to protect data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

No online service can guarantee absolute security, uninterrupted availability, perfect backups, error-free AI output, or complete protection against every attack, device compromise, browser extension, user mistake, credential theft, provider failure, or network issue.

Users are responsible for maintaining the security of their devices, browsers, email accounts, passwords, backup codes, connected accounts, Telegram accounts, payment accounts, and shared-access permissions.

DietWings may suspend, restrict, or block accounts, requests, integrations, payment flows, AI generation, shared access, or administrative actions where reasonably necessary to protect users, DietWings, providers, payment systems, or the service.

DietWings retains personal data for as long as reasonably necessary to provide the service, maintain accounts, generate and store meal plans, support shopping lists and pantry features, manage subscriptions and token balances, provide support, maintain security, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and operate legitimate business records.

Some data may be retained for different periods depending on the feature, account status, subscription status, legal requirements, tax or accounting obligations, security needs, audit requirements, backup schedules, dispute handling, and whether the data has been anonymized or aggregated.

Deleted data may remain for a limited time in backups, logs, audit records, security records, billing records, or archival systems before being deleted, overwritten, anonymized, or isolated according to applicable retention practices.

Users may be able to export certain account data, meal plans, shopping lists, or other information through available product features. Export functionality may not include every log, backup, derived record, security event, internal note, provider record, or administrative record.

When an account is deleted or a valid deletion request is completed, DietWings deletes, anonymizes, disables, or isolates personal data according to applicable law, product functionality, backup cycles, provider limitations, and retention needs.

DietWings may retain information where reasonably necessary for legal, tax, accounting, billing, security, fraud-prevention, abuse-prevention, dispute-resolution, chargeback, audit, compliance, or enforcement purposes.

For processor relationships under a written agreement, return or deletion of customer personal data will be handled according to that agreement. Unless a written agreement provides otherwise, DietWings is not required to provide custom data-return formats, custom migration services, on-site deletion verification, or bespoke backup purging.

Where DietWings acts as controller, users may contact DietWings to request access, correction, deletion, export, restriction, objection, withdrawal of consent, or other privacy choices available under applicable law and product settings.

Where DietWings acts as processor for a customer, DietWings may redirect requests from data subjects to the relevant customer or assist the customer according to the applicable written agreement and the information available to DietWings.

DietWings may need to verify identity, account ownership, authorization, jurisdiction, or request scope before fulfilling a request. Some requests may be limited by law, security needs, technical constraints, rights of other people, business records, billing obligations, fraud prevention, dispute handling, or legal claims.

DietWings may create and use aggregated, anonymized, or de-identified information for analytics, product improvement, cost analysis, reliability monitoring, safety evaluation, abuse prevention, business reporting, benchmarking, and development of new or improved features.

DietWings aims not to use aggregated, anonymized, or de-identified information to identify a specific individual, except where necessary to test whether de-identification is effective, investigate misuse, comply with law, or protect the service.

DietWings uses automated processing and AI-assisted systems to generate suggestions, estimates, plan drafts, warnings, cautions, shopping lists, pantry updates, recipe steps, and plan revisions.

DietWings does not intend AI-generated meal plans, nutrition estimates, warnings, cautions, adherence views, recovery suggestions, or chat responses to produce legal effects or similarly significant decisions about a person. Users can review, edit, reject, regenerate, ignore, export, delete, or seek professional review of outputs.

Users should not rely on DietWings for emergency decisions, medical decisions, allergy safety decisions, pregnancy nutrition decisions, eating-disorder treatment, medication interactions, clinical meal prescriptions, or any decision requiring professional judgment.

DietWings maintains processes designed to detect, investigate, respond to, and mitigate security incidents affecting the service.

Where DietWings determines that a data incident requires notice under applicable law or an applicable written agreement, DietWings will provide notice to affected users, customers, regulators, or other required parties according to the applicable requirements and the information available at the time.

Incident notices may be provided in phases as facts are investigated and may be limited where disclosure would create security risks, violate law, compromise an investigation, or affect the rights of others.

• Provide accurate, lawful, necessary, and appropriate information.
• Do not submit data that you are not authorized to provide.
• Do not submit excessive medical records, diagnoses, prescriptions, lab results, government identifiers, financial credentials, private wallet keys, or other unnecessary sensitive information.
• Review all meal plans, recipes, ingredients, nutrition estimates, allergy cautions, AI responses, shopping lists, and plan changes before use.
• Use qualified medical, nutrition, allergy, or dietary professionals where a health condition, allergy, pregnancy, medication, eating disorder, child nutrition issue, or clinical requirement is involved.
• Protect login credentials, backup codes, devices, connected accounts, shared access, and payment accounts.
• Remove household members, guests, shared users, devices, and integrations when they should no longer have access.
• Comply with all laws, notices, consents, and permissions that apply to your own use of DietWings.

Nothing in this page creates additional warranties, service levels, professional duties, medical duties, fiduciary duties, data residency commitments, audit rights, security guarantees, retention guarantees, deletion guarantees, or indemnities beyond those expressly stated in the Terms of Service, Privacy Policy, Cookie Policy, or a signed written agreement.

To the maximum extent permitted by law, DietWings is not responsible for user-provided content, incorrect inputs, unauthorized third-party data submissions, unsafe reliance on AI output, household-member consent issues, user device compromise, user credential compromise, third-party provider outages, payment-provider decisions, browser or extension behavior, or actions taken outside DietWings systems.

Mandatory privacy, consumer, data protection, security, and other statutory rights are not limited by this page where such limitation is prohibited by law.

DietWings may update this Data Processing page from time to time to reflect changes in our product, providers, infrastructure, AI features, payment flows, security practices, legal requirements, or operational processes.

Where changes are material, DietWings may provide notice through the website, product, account notice, email, changelog, or another appropriate method. Continued use of DietWings after an update may be subject to the updated documents that apply to your account and jurisdiction.

The “Last updated” date shows when this page was last revised.

The company responsible for DietWings data processing is Isentró Kft, registered at 1082 Budapest, Corvin sétány 6, 8th floor, unit 4, Hungary.

For questions about data processing, privacy, deletion, export, or security, contact [email protected].