Skip to main content
FitPrepster Back to home
Legal

Legal

Legal information about provider details, privacy, terms, and withdrawal.

Privacy Policy

1) Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Malte Schimmer
c/o Adressgeber #2039
An der Alten Ziegelei 38
48157 Muenster
Germany
Email: support@fitprepster.app

2) General information on data processing

We process personal data only to the extent necessary to operate FitPrepster, provide app functions, communicate with users, protect the application, or where processing is based on consent.

The legal bases include Art. 6(1)(b) GDPR where processing is necessary to provide the app and a user account, Art. 6(1)(f) GDPR for legitimate interests such as security, stability, and abuse prevention, and Art. 6(1)(a) GDPR where consent has been given.

3) Website provision and server log files

When our website and app are accessed, technically necessary data is processed so that pages can be delivered, errors can be analyzed, and security can be ensured. This may include IP address, date and time of access, requested URL, referrer URL, browser type, operating system, transferred data volume, and HTTP status code.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and stable operation of FitPrepster.

4) Hosting and content delivery network

4.1 Vercel

We host FitPrepster with Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel processes technical access data, server logs, and other data required to deliver the application on our behalf.

Processing takes place to provide and secure the website and app. The legal basis is Art. 6(1)(f) GDPR. Where data is transferred to third countries, this takes place on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR.

4.2 Supabase

We also use Supabase, provided by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992, Singapore, to process, store, and provide app data on our behalf.

All data collected in our app and stored in Supabase is processed on Supabase servers located within the European Union.

We have concluded a data processing agreement with Supabase. Further information is available at https://supabase.com/privacy.

5) Consent management with Usercentrics

We use Usercentrics Consent Management Platform, a service of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, to obtain, manage, and document consent.

Processed data may include consent status, date and time of consent or rejection, device information, browser information, and information about the page accessed. Processing serves statutory documentation obligations and is based on Art. 6(1)(c) GDPR.

You can reopen and adjust cookie and consent settings at any time through the "Cookie settings" link on the home page.

6) Cookies and local storage

FitPrepster uses technically necessary cookies and local storage technologies to provide basic functions. These include login functions, session management, security functions, and temporary browser drafts such as prepared guest conversions.

Where cookies or similar technologies are not technically necessary, they are used only with your consent. Legal bases are Art. 6(1)(b) GDPR for required app functions, Art. 6(1)(f) GDPR for security and stability, and Art. 6(1)(a) GDPR for consent-based services.

7) Registration and login with Hanko

You can register in our app by providing personal data. The personal data processed for registration is shown in the relevant input form. For registration and login, we use Hanko Cloud, a service of Hanko GmbH, Germany. Hanko provides passwordless login and processes in particular your email address, authentication data, session information, and technical security data.

Registration uses a confirmation email process. Registration is completed only after you confirm your login by means of a confirmation email, for example by link or code. If confirmation is not completed within 24 hours, the registration entry is automatically deleted from the registration database.

FitPrepster may use Brevo, a service of Sendinblue GmbH, Koepenicker Strasse 126, 10179 Berlin, Germany, to send login, account, and contract-related emails. In this context, email address, recipient address, subject, message content, sending time, and technical delivery information may be processed to deliver requested login, account, or contract messages and to track delivery errors.

8) User account, profile, and app data

When you use FitPrepster, we store the data required for your account and the app functions. This may include:

  • user ID and technical account data,
  • selected cooking device or cooking mode,
  • recipe texts, recipe URLs, converted recipes, cooking steps, and recipe images,
  • servings, calories, and nutrition values,
  • nutrition and meal logs,
  • weight entries and target values,
  • voluntary body data, activity level, and nutrition goal, where provided,
  • planning data for the weekly planner.

Processing takes place to provide the requested app functions on the basis of Art. 6(1)(b) GDPR. Where you voluntarily provide health-related or goal-related information, processing is based on your consent under Art. 6(1)(a) GDPR and, where special categories of personal data may be involved, Art. 9(2)(a) GDPR.

Calories, nutrition values, and target values are estimates and serve general orientation. FitPrepster is not a medical device and does not replace medical, therapeutic, or nutritional medical advice.

9) App data and database operation with Supabase

We store app data in a Supabase database. Supabase provides the technical database infrastructure and processes data on our behalf. Stored data includes account, profile, recipe, planning, and tracking data as well as privately saved food or barcode products with package values where required for using FitPrepster.

The legal basis is Art. 6(1)(b) GDPR for providing app functions and Art. 6(1)(f) GDPR for security, maintenance, and error analysis. Voluntary health-related or goal-related information is processed on the basis of consent under Art. 6(1)(a) GDPR and, where applicable, Art. 9(2)(a) GDPR.

For internal operations and product prioritization, we also collect data-saving technical page view and funnel clusters such as home page, login, public pages, logged-in app areas, clicked upgrade or login prompts, started or completed recipe tests, broad recipe-claim and onboarding steps, and started checkout flows. We do not store user ID, IP address, referrer, query strings, or content from recipes, meals, barcodes, health data, or profile data for this purpose.

10) Website analytics with Umami

On FitPrepster's public pages, we may use Umami Cloud at https://cloud.umami.is to better understand use of the home page, guide pages, pricing, login, help, and legal pages as well as broad public funnel events. Umami is not used for analytics in logged-in app areas such as recipe book, converter, tracker, profile, planner, cancellation flow, or admin.

Automatic tracking is disabled. FitPrepster sends only manually approved, cleaned data such as page path without free query strings, page title, optionally allowed UTM parameters, and where applicable a broad referrer domain. FitPrepster does not send user ID, email address, IP address, recipe content, meal content, barcode content, health data, profile data, or payment content to Umami.

11) AI recipe conversion with Anthropic

For converting recipes into guided cooking steps and for improved text recognition from recipe photos or screenshots, we use the Anthropic API. When you convert a recipe or use photo text recognition, the entered recipe text, recipe URLs or extracted recipe content, uploaded recipe photos or screenshots, selected device type, servings, and where applicable voluntary goal information may be transmitted to Anthropic to generate a checkable recipe text, structured cooking steps, and nutrition estimates.

Processing takes place to provide the requested AI function on the basis of Art. 6(1)(b) GDPR. Where voluntary health-related or goal-related information is included in the assessment, processing is based on your consent under Art. 6(1)(a) GDPR and, where applicable, Art. 9(2)(a) GDPR.

Where the use of Anthropic involves transfers to third countries, these take place on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR.

12) Nutrition and product data from Open Food Facts and private package values

For food search and barcode queries, we use Open Food Facts. Search terms or barcodes are transmitted to Open Food Facts to retrieve matching product and nutrition data.

If a barcode is not found, you can voluntarily save product name, brand, package size, serving, and nutrition values per 100 g as a private product in your account. These private product data are used only for your account, are not transmitted to Open Food Facts, and are not published as a public product database.

13) Photo, OCR, and barcode functions

When you use photo or screenshot functions, a checkable draft is first created and shown to you for editing. For recipe photos and screenshots, FitPrepster may use server-side AI text recognition via Anthropic. If this is unavailable, local browser text recognition with Tesseract.js may be used as a fallback. Recipe photos and screenshots are not stored permanently.

Barcode scanning may use browser functions or a local fallback library. The recognized barcode is then sent to our servers to query product data from Open Food Facts or to find a privately saved product in your account.

14) Guest conversions

You can test a recipe without an account. The entered recipe data is processed for conversion. The result may be stored temporarily in your browser so it can be transferred to your account after login. We also record technical event data for guest conversions, including time, device type, servings, token and cost information, and a hashed IP value to monitor costs, abuse, and technical stability.

15) Contact

If you contact us by email, we process the data you provide to handle your request. The legal basis is Art. 6(1)(f) GDPR. If your request relates to a contract or existing user relationship, Art. 6(1)(b) GDPR also applies.

For emails to support@fitprepster.app, we use email forwarding through Cloudflare Email Routing, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Incoming messages are forwarded to a mailbox at Posteo e.K., Methfesselstrasse 38, 10965 Berlin, Germany. Sender address, recipient address, subject, message content, sending time, and technical email headers may be processed.

16) Payments

For paid functions, FitPrepster uses the payment service provider Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. If you purchase a paid subscription, you are redirected to Stripe Checkout. Payment details, invoices, and depending on the Stripe configuration also subscription details can be managed in the Stripe customer portal. Ordinary cancellation can additionally be declared through the FitPrepster cancellation flow in the app.

Stripe processes the data required for payment processing, such as name, email address, billing and payment data, payment status, transaction data, and technical information for fraud prevention and secure payment processing. FitPrepster itself does not store full credit card or payment data, but receives technical identifiers and status information from Stripe.

Further information about Stripe privacy is available at https://stripe.com/de/privacy.

17) Rights of data subjects

Applicable data protection law grants you comprehensive rights regarding the processing of your personal data, including the right of access under Art. 15 GDPR, rectification under Art. 16 GDPR, erasure under Art. 17 GDPR, restriction of processing under Art. 18 GDPR, notification under Art. 19 GDPR, data portability under Art. 20 GDPR, withdrawal of consent under Art. 7(3) GDPR, and complaint to a supervisory authority under Art. 77 GDPR.

You can contact support@fitprepster.app at any time to exercise your rights.

18) Right to object

If we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. If personal data is processed for direct marketing purposes, you have the right to object at any time.

19) Storage duration

The storage duration of personal data depends on the relevant legal basis, the processing purpose, and, where applicable, statutory retention periods such as commercial and tax law retention periods.

Account, profile, recipe, tracker, weight, planning data, and private food or barcode products are generally stored until account deletion or until the purpose of use ceases. Logged-in recipe conversion event data is generally kept for 90 days. Technical guest conversion data is generally kept for 30 days for rate limits, cost control, and abuse prevention. Technical operations logs are generally kept for 90 days; critical billing, data rights, or security events may be kept for up to 12 months. Aggregated non-personal AI cost rollups may be kept for up to 24 months.

Support emails are generally stored for 12 months after completion of the request, longer only for open legal, security, or billing cases. Automatic backups are retained according to the technical and contractual settings of the service providers used.

20) Version

Version: 2026-05-08