Privacy Policy
Version 1.0 · Effective July 12, 2026 · Last updated July 12, 2026
1. Who we are
Kaiserauer Solutions LLC, a Michigan limited liability company ("we", "us"), located at Available upon written request to the contact email below., operates this website and application (the "Service"). This policy explains what personal information we collect, why, and the choices and rights you have.
2. Information we collect
Account data: name, email address, and password (stored as a salted hash, never in plain text) — or, if you sign in with Google/Apple, the profile information those providers share with us.
Billing data: if you subscribe to a paid plan, our payment processor Stripe collects and stores your payment method; we receive your subscription status and Stripe customer ID, not your full card number.
Content you provide: anything you submit through the Service, including input to any AI feature (see AI Disclosure).
Health-related data: the dietary preferences and allergies you set, the foods and cravings you submit to the meal-swap feature, the suggestions you save, and any optional profile details you enter (such as a due date or care-team-given blood-sugar targets). We treat this as sensitive information and collect only what a suggestion needs.
Technical data: IP address, browser/device information, session tokens, and log data, collected automatically to operate and secure the Service.
Cookies: see our Cookie Policy.
3. How we use information
- To provide, maintain, and secure the Service (e.g. authentication, fraud prevention).
- To process payments and manage subscriptions.
- To send account, security, and (where applicable) billing emails.
- To operate any AI feature you use, including sending your input to the AI provider(s) named in the AI Disclosure.
- To comply with legal obligations and enforce our Terms and Acceptable Use Policy.
We do not currently use analytics, advertising, or marketing trackers that rely on non-essential cookies. If that changes, we will update this policy and our Cookie Policy before those tools are enabled.
4. Health data, and how we treat it
GestPlate is a consumer wellness product, not a healthcare provider. We are not a HIPAA-covered entity or business associate, and we do not provide medical care. We do, however, handle health-related data, so we treat it as sensitive and hold ourselves to the following commitments:
- We do not sell your data, and we do not share it with advertising or analytics trackers. We run no third-party ad trackers on pages where you enter or view health-related content.
- We are subject to the FTC Health Breach Notification Rule and applicable state privacy laws (such as Washington's My Health My Data Act and the California CPRA). If an unauthorized disclosure of your health-related data ever occurs, we will notify affected users and regulators as those rules require.
- We practice data minimization — we collect only what a suggestion needs — and we make it easy to export or delete your data (see "Your rights" below). Deleting your account cascades to your preferences, craving history, saved swaps, and any logs.
- Our AI provider processes the food/craving text you submit to generate suggestions; we work to ensure by contract that your inputs are not used to train their models. See the AI Disclosure.
5. Legal basis (EU/UK visitors)
If you're in the EEA, UK, or Switzerland, the GDPR/UK GDPR requires a lawful basis for each use above: performance of a contract (providing the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (where we ask for it, e.g. optional cookies), and legal obligation (tax, compliance). You can withdraw consent-based processing at any time without affecting past processing.
6. Who we share information with
We don't sell your personal information. We share it only with:
- Service providers who process data on our behalf (e.g. hosting/infrastructure, Stripe for billing, our email provider for transactional email).
- AI providers, when you use an AI feature — currently: Anthropic (Claude API) (see AI Disclosure for what's sent and why).
- Law enforcement or other parties when required by law, or to protect the rights, safety, or property of us or others.
- A successor entity in the event of a merger, acquisition, or asset sale, with notice to you.
7. Data retention
We retain account data for as long as your account is active, and for a reasonable period afterward to comply with legal, tax, and security obligations. You can request deletion at any time (Section 9); some data may be retained where law requires it (e.g. billing records).
8. International transfers
We're based in the United States, and information we collect is processed there and by service providers in other countries. Where GDPR applies, we rely on appropriate safeguards for transfers out of the EEA/UK (e.g. Standard Contractual Clauses) with our providers.
9. Your rights
California residents (CCPA/CPRA): you have the right to know what personal information we collect and how we use/disclose it, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information — we don't sell or share personal information as those terms are defined by the CCPA/CPRA. You won't be discriminated against for exercising these rights.
Other U.S. states (e.g. Virginia, Colorado, Connecticut, Utah, and others with comprehensive privacy laws) provide similar rights to access, correct, delete, and obtain a copy of your data, and to opt out of targeted advertising, sale, or certain profiling — to the extent those laws apply to us.
EEA/UK/Switzerland residents (GDPR/UK GDPR): you have the right to access, correct, delete, restrict or object to processing, and receive a portable copy of your data, and to lodge a complaint with your local data protection authority.
To exercise any of these rights, email ajkaiserauer@gmail.com. We may need to verify your identity before fulfilling a request.
Where applicable law requires additional notices, representation, or consent controls for EU/UK visitors, we will provide and maintain those controls in product and in our Cookie Policy.
10. Children's privacy
The Service isn't directed to children under 13 (or under 16 where required by applicable law), and we don't knowingly collect personal information from them. If you believe a child has provided us personal information, contact ajkaiserauer@gmail.com and we'll delete it.
11. Security
We use technical and organizational measures appropriate to the sensitivity of the data we hold (encryption in transit, hashed passwords, access controls) — see docs/security.md in this project for the current baseline. No method of transmission or storage is 100% secure.
12. Changes to this policy
We may update this policy from time to time. Material changes will update the "Version" and "Last updated" date above, and where required by law we'll provide additional notice.
13. Contact
Questions or rights requests: ajkaiserauer@gmail.com — Available upon written request to the contact email below..