Skip to main content
Cenaplan
HomeFeaturesSubscription LevelsAbout Us

Privacy policy

Your data, your control.

Overview

This Privacy Policy explains how Cenaplan collects, uses, stores, and shares personal data when you use our public website, authenticated app, APIs, email journeys, and related services.

It is written for users in the UK and other similar privacy-law jurisdictions. It is intended to support compliance with UK GDPR, the Data Protection Act 2018, and PECR where relevant.

For the purposes of this policy, Cenaplan is operated by Arceau Solutions Ltd.

Arceau Solutions Ltd is registered in England and Wales under company number 09558949. Its registered office is Charlton House, Dour Street, Dover, Kent, England, CT16 1BL.

Who This Policy Covers

This policy covers personal data we handle about:

  • website visitors;
  • account holders and invited household members;
  • people who contact us;
  • people who sign up for product updates, waitlists, or marketing emails; and
  • people who interact with assistant, import, upload, or payment flows.

If you use Cenaplan through a business or organisation, that organisation may also have its own privacy obligations.

The Data We Collect

Depending on how you use Cenaplan, we may collect:

  • Identity and account data: name, email address, account identifiers, invitation status, household membership, and sign-in records.
  • Recipe and planning data: recipes, tags, favourites, meal plans, shopping lists, notes, and other content you create or store.
  • Uploads and imports: images, screenshots, files, URLs, and extracted recipe or ingredient content from those materials.
  • Assistant and feature data: prompts, clarifications, conversational content, AI-generated outputs, nutrition requests, and related feature interactions.
  • Payment and subscription data: customer IDs, subscription level, invoices, billing status, renewal and cancellation state, and limited transaction metadata. Payment card details are typically handled by our payment processor rather than stored by us in full.
  • Marketing and preference data: subscription status, consent records, source labels, unsubscribe or suppression status, and token-based preference activity.
  • Technical and usage data: device, browser, IP-related logs, diagnostics, request metadata, security events, and similar telemetry used to operate and protect the service.
  • Support and communications: emails, messages, enquiries, and attachments you send us.

How We Collect Data

We collect personal data:

  • directly from you when you sign up, log in, save recipes, upload files, contact us, buy a plan, or join a household;
  • from your use of the service, including cookies, app state, logs, and operational telemetry;
  • from payment, identity, anti-abuse, and infrastructure providers that support the service; and
  • from invitations or shared-account actions initiated by another authorised user.

How We Use Personal Data

We use personal data to:

  • create and manage accounts, sign-in, invitations, and household access;
  • store recipes, organise content, build meal plans, and generate shopping lists;
  • run assistant-style, voice, import, image, and nutrition features;
  • process subscriptions, invoices, upgrades, renewals, cancellations, and payment support;
  • send service messages such as verification codes, invitations, security notices, billing notices, and feature updates;
  • send marketing communications where you have asked for them or where otherwise permitted by law;
  • maintain security, prevent fraud, verify reCAPTCHA challenges, enforce our terms, and investigate abuse;
  • improve performance, reliability, and product quality; and
  • comply with legal, regulatory, tax, accounting, and audit obligations.

Our Main UK GDPR Lawful Bases

We usually rely on one or more of the following lawful bases:

  • Contract: where we need to provide the Cenaplan service you requested.
  • Legitimate interests: for product improvement, service administration, fraud prevention, account security, and business operations, where those interests are not overridden by your rights.
  • Consent: for certain marketing communications and other processing that legally requires consent.
  • Legal obligation: where we must retain or disclose data to comply with law, regulation, taxation, or law-enforcement requirements.

If you choose to include allergy, dietary, or other health-related information in recipes, notes, or planning content, you are responsible for that choice. Please avoid uploading sensitive personal data unless it is necessary for how you want to use the service.

AI, Nutrition, And Imported Content

Some Cenaplan features use AI models or automated processing to interpret uploaded content, generate suggestions, organise recipes, or estimate nutrition.

That means:

  • prompts, uploaded files, recipe text, and related instructions may be processed through those tools to generate results;
  • outputs may be inaccurate, incomplete, or misleading;
  • nutrition and ingredient interpretation can involve inferences rather than verified facts; and
  • you remain responsible for checking allergens, quantities, substitutions, food safety, and suitability for your circumstances.

Sharing And Third Parties

We do not sell your personal data.

We may share personal data with service providers and processors that help us operate Cenaplan, such as providers of:

  • cloud hosting, storage, and database infrastructure;
  • authentication and identity services;
  • payment and billing tools;
  • AI and content-processing services;
  • email and communications services;
  • anti-bot and anti-abuse tools, including Google reCAPTCHA on public forms; and
  • security, logging, and operational support tools.

Based on the current product architecture, these providers may include Microsoft Azure services, Microsoft identity tooling, Stripe, OpenAI, and Google reCAPTCHA, along with similar providers we may use from time to time.

We may also share data:

  • within a shared household or account structure where another authorised user has access;
  • where you ask us to do so;
  • in connection with a business transfer, merger, restructuring, or sale; or
  • where disclosure is required to comply with law or protect rights, safety, or the service.

Cookies, Local Storage, And Similar Technologies

We use cookies and similar technologies for core service functions, including:

  • sign-in and session continuity;
  • storing app preferences or state;
  • security and abuse prevention;
  • loading and validating Google reCAPTCHA on public forms; and
  • measuring technical performance and reliability.

Some Cenaplan experiences also use local storage or cookie-based state to preserve theme, locale, or app settings.

You can usually control cookies through your browser settings. Blocking essential cookies or storage may stop parts of the service from working correctly.

Marketing And PECR

If you sign up for product news, waitlists, or register-interest updates, we may send marketing emails and manage your preferences using token-based confirmation, unsubscribe, and suppression tools.

Where UK law requires it, we rely on consent for electronic marketing. You can unsubscribe at any time using the link in the email or by contacting us.

We retain limited suppression data where necessary to make sure we respect an opt-out request.

International Transfers

Your data may be processed in the UK, EEA, United States, or other countries where our providers operate.

Where personal data is transferred outside the UK and an adequacy decision does not apply, we aim to use appropriate safeguards such as the UK International Data Transfer Addendum, standard contractual clauses, or other lawful transfer mechanisms.

Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to provide the service, maintain security, resolve disputes, and comply with legal obligations.

In practice, that usually means:

  • account and content data is kept while your account remains active and for a reasonable period afterwards;
  • billing, invoice, and financial records are kept for longer where required by tax, accounting, or legal rules;
  • marketing preference and suppression records may be kept to honour unsubscribe choices; and
  • logs and telemetry are generally kept for shorter operational and security periods unless needed for investigation.

Your Rights

Depending on where you live, you may have rights to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate data;
  • ask us to erase data in some circumstances;
  • restrict or object to certain processing;
  • ask for portability of data you provided to us;
  • withdraw consent where processing depends on consent; and
  • complain to a supervisory authority.

If you are in the UK, you can complain to the Information Commissioner’s Office at ico.org.uk.

Security

We use technical and organisational measures designed to protect personal data, including access controls, encryption in transit, managed cloud infrastructure, and service monitoring.

No online service can guarantee absolute security. If you believe your account or personal data has been compromised, contact us promptly at security@cenaplan.com.

Children

Cenaplan is not designed for young children. If we learn that we have collected personal data from a child in a way that breaches applicable law, we will take reasonable steps to delete it.

Contact

Privacy questions or rights requests: privacy@cenaplan.com.

General support: support@cenaplan.com.

Updates

We may update this policy from time to time to reflect product, legal, or operational changes. If changes are material, we will take reasonable steps to notify users.

Updated: March 6, 2026.