Privacy Policy

Last updated: April 27, 2026 · Version 1

GhostPreppr ("we", "us", "our") operates the GhostPreppr mobile applications and the website at ghostpreppr.com (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Service, you agree to this policy.

1. Information We Collect

1.1 Information you provide

• Account information: name, email address, phone number, and password (stored hashed via AWS Cognito).
• Profile details: dietary preferences, saved addresses, profile photo (optional).
• Order information: items ordered, special instructions, pickup times, payment method.
• Communications: support requests and other messages you send us.

1.2 Information collected automatically

• Device data: device type, OS version, app version, unique device identifiers.
• Usage data: screens viewed, features used, search queries, error logs.
• Location data: with your permission, approximate or precise location to find nearby preppers and meals.
• Push tokens: APNs/FCM tokens used to send order updates and announcements.

1.3 Information from third parties

• Payment processors (Stripe): card brand, last four digits, transaction status. We never see or store full card numbers.
• Identity providers: if you sign in via a third-party provider, we receive the limited profile data they share.

2. How We Use Your Information

• Provide, operate, and maintain the Service.
• Process orders, payments, and refunds.
• Send order confirmations, pickup instructions, and service announcements.
• Personalize meal recommendations based on your preferences and location.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We share information only in these specific cases:

• With preppers who fulfill your order: your name and order details (no payment data).
• With service providers who help us run the Service (cloud hosting on AWS, payments via Stripe, email delivery via Amazon SES, push delivery via Apple/Google). They are bound by contract to use your data only to provide their services to us.
• For legal reasons: if required by law, subpoena, or to protect rights, safety, or property.
• In a business transfer: if GhostPreppr is acquired or merged, your data may be transferred to the successor entity, subject to this Policy.

We do not sell your personal information.

4. Data Retention

We keep your account information for as long as your account is active. Order records are kept for up to 7 years to comply with tax and accounting laws. Anonymized analytics may be kept indefinitely. You can request deletion of your account at any time — see Section 7.

5. Security

We use industry-standard security measures including TLS for all network traffic, AWS Cognito for authentication, encryption at rest for sensitive data, and regular security audits. No system is perfectly secure; we cannot guarantee absolute security but we work continually to protect your data.

6. Children's Privacy

The Service is not directed to children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us at privacy@ghostpreppr.com and we will delete it.

7. Your Rights and Choices

• Access & correction: view and edit your profile in the app's Settings.
• Delete your account: request deletion at /delete-account or in-app under Settings → Privacy & Security.
• Push notifications: disable in your device's Settings or in the app's Notifications section.
• Location: revoke location permission in your device's Settings.
• Marketing emails: use the unsubscribe link in any marketing email.

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, correct inaccurate information, and opt out of sale (we do not sell). Submit requests to privacy@ghostpreppr.com.

EEA / UK residents (GDPR)

You have rights to access, rectify, erase, restrict processing, data portability, and to object to processing. Our legal basis for processing is performance of contract (to provide the Service), legitimate interests (security, fraud prevention), and consent (push notifications, optional location). Contact privacy@ghostpreppr.com to exercise these rights.

8. International Transfers

GhostPreppr is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-app notification or email. The "Last updated" date at the top reflects the most recent revision.

10. Contact