Dish To CartPrivacy Policy
Privacy Policy (GDPR)
Dish To Cart Last updated: March 22, 2026
MobilyFlow ("Company", "we", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Dish To Cart mobile application ("App"), in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
1. Data Controller
MobilyFlow Email: dish-to-cart@mobilyflow.com
2. Data We Collect
2.1 Data collected automatically
| Data | Purpose | Legal basis |
|---|---|---|
| Device identifier (UUID) | Authenticate your device and associate your data | Legitimate interest |
| Last sync timestamp | Synchronize data across devices (premium only) | Contract performance |
2.2 Data you provide
| Data | Purpose | Legal basis |
|---|---|---|
| Shopping lists | Core app functionality | Contract performance |
| Recipes | Core app functionality | Contract performance |
| Categories and items | Core app functionality | Contract performance |
2.3 Data we do NOT collect
- We do not collect your name, email address, phone number, or physical address.
- We do not collect location data.
- We do not use analytics or advertising trackers.
- We do not share or sell your data to third parties.
3. How Your Data Is Stored
- Locally: All your data is stored on your device. The App is designed as offline-first — your device is the primary source of truth.
- Server-side (premium users only): If you subscribe to the premium plan, your data is synchronized to our servers to enable multi-device sync. Data is transmitted over HTTPS.
4. Data Retention
- Local data: Remains on your device until you delete the App or clear its data.
- Server data (premium users): Retained as long as your premium subscription is active. Soft-deleted data (lists, recipes, items) is marked as deleted but retained for sync consistency. You may request permanent deletion at any time (see Section 7).
- After subscription ends: Server-side data is retained for 90 days after your premium subscription expires, then permanently deleted.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Authentication tokens (JWT) are stored securely (iOS Keychain / Android Keystore).
- All server communications use HTTPS/TLS encryption.
- Server-side data is stored in a secured database with access controls.
6. Data Transfers
Your data may be processed on servers located within the European Union. We do not transfer personal data outside the EU/EEA without appropriate safeguards as required by the GDPR.
7. Your Rights
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of all personal data we hold about you |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Data portability | Receive your data in a structured, machine-readable format |
| Restriction | Request restriction of processing of your data |
| Objection | Object to processing based on legitimate interest |
| Withdraw consent | Withdraw consent at any time where processing is based on consent |
To exercise any of these rights, contact us at dish-to-cart@mobilyflow.com. We will respond within 30 days.
8. Children's Privacy
The App is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, contact us immediately.
9. Third-Party Services
The App integrates with:
- Apple App Store / Google Play Store: For premium subscription billing. Their respective privacy policies apply.
- MobilyFlow SDK: For in-app purchase management. No additional personal data is collected beyond what is described in this policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted within the App or on our website. We encourage you to review this policy periodically.
11. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
CNIL (Commission Nationale de l'Informatique et des Libertés) 3 Place de Fontenoy, TSA 80715 75334 Paris Cedex 07, France Website: www.cnil.fr
12. Contact
For any questions or requests regarding your personal data:
MobilyFlow Email: dish-to-cart@mobilyflow.com