Privacy Policy

Last updated: 31 January 2026

1. Introduction

This Privacy Policy explains how Lilara ("we", "us", or "our") collects, uses, and protects your personal data when you use our mobile application and website (together, the "Service"). We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Lilara, you agree to the collection and use of information in accordance with this policy.

2. Who We Are

Lilara is operated as a sole trader under the trading name "Lilara", based in the United Kingdom. We are the data controller responsible for your personal data.

Contact: support@lilara.co.uk

3. What Data We Collect

We collect and process the following categories of personal data:

Account & Identity Data

• Email address
• Display name
• Profile photo (if provided)
• Authentication provider information (Google or Apple sign-in)
• Unique user identifier

User Content

• Meals and meal plans you create
• Recipes you add
• Group membership information
• Profile names for family members (user-generated labels)

Technical Data

• Device information for push notifications
• App usage analytics (via PostHog)
• Crash reports and performance data (via Sentry)
• Subscription status (via RevenueCat)

Local Storage

• Your display name may be stored locally on your device using AsyncStorage

Data We Do NOT Collect

• Shopping lists
• Dietary preferences or restrictions
• Health or medical data
• Payment card details (handled by Apple/Google)
• Advertising identifiers
• Date of birth or age

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Service: To create and manage your account, enable meal planning features, and facilitate group sharing
• Notifications: To send transactional notifications such as meal reminders and updates about meal plans (you can opt out)
• Subscriptions: To manage your subscription status and provide access to premium features
• Analytics: To understand how the app is used and improve our Service
• Error monitoring: To identify and fix bugs and performance issues
• Security: To protect against fraud and abuse
• Legal compliance: To comply with applicable laws and regulations

5. Legal Bases for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: Processing necessary to provide the Service you have requested
• Legitimate interests: Processing necessary for our legitimate interests (such as improving the Service, ensuring security, and preventing fraud), where these are not overridden by your rights
• Consent: Where you have given consent (such as for optional analytics), which you may withdraw at any time
• Legal obligation: Processing necessary to comply with legal requirements

6. Third-Party Processors

We use the following third-party services to help operate Lilara:

• Amazon Web Services (AWS): Cloud hosting and data storage (Ireland region, eu-west-1)
• Apple / Google: Authentication services and app distribution
• RevenueCat: Subscription and in-app purchase management
• PostHog: Product analytics
• Sentry: Crash reporting and performance monitoring (EU data connector)

These processors are contractually bound to protect your data and only process it on our behalf in accordance with our instructions.

We do not sell your personal data or share it for advertising purposes.

7. International Data Transfers

Your data is primarily stored in Ireland (EU) on AWS infrastructure. Some third-party processors may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy, unless a longer retention period is required by law.

• Account data is retained while your account is active
• You may delete your account at any time through the app, which will remove your personal data
• Logs are anonymised or deleted after a reasonable period
• We may delete inactive accounts after an extended period of inactivity

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data at rest
• HTTPS encryption for all data in transit
• Access controls limiting data access to authorised personnel only
• Regular security reviews

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request your data in a portable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at support@lilara.co.uk. We will respond within one month as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Children's Privacy

Lilara is not directed at children under 13 years of age. You must be at least 13 years old to create an account and use the Service.

We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at support@lilara.co.uk and we will delete such information.

Users may create profiles for family members within the app. These profiles are user-generated labels and may contain only a first name. No age, photographs, or sensitive data is collected for these profiles.

12. Cookies

Our website may use cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device.

Essential cookies: Required for the website to function properly.

Analytics cookies: We may use analytics cookies in the future to understand how visitors interact with our website. You will be asked for consent before any non-essential cookies are placed.

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: support@lilara.co.uk