Privacy Policy

This Privacy Policy explains how Bellyful.ai ("Bellyful.ai," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our mobile application, our website at bellyful.ai, and related services (collectively, the "Services").

Bellyful.ai is a potluck planning application that helps hosts invite guests, generate balanced menus with AI, and coordinate food assignments. Guests can RSVP through any web browser without installing the app.

We do not sell your personal information. We do not share your data with advertisers. We do not send marketing SMS.

Who We Are

Bellyful.ai is a consumer app operated in the United States. To reach us, use our contact form.

Privacy contact: privacy@bellyful.ai

Who This Policy Applies To

This policy applies to:

• Hosts who create an account in the Bellyful.ai mobile app
• Guests who RSVP to a Bellyful.ai event via a web browser (without creating an account)
• Visitors to bellyful.ai and anyone who joins our pre-launch waitlist
• Family or household members added by a host inside the app

Information We Collect

Information you provide to us

• Email address. Collected when you join our waitlist, create an app account, or RSVP to an event.
• Phone number. Collected in two cases: (1) when a guest enters their own phone number on an RSVP page to receive a one-time password (OTP), or (2) when a host provides a guest's phone number so Bellyful.ai can deliver an SMS invitation to that guest.
• Name. Provided by hosts during signup and by guests during RSVP.
• Dietary restrictions and preferences. Including allergies, religious or cultural needs (for example Halal, Kosher), and cuisine preferences. Guests may enter this information when RSVPing to a specific event.
• Household or family members. Hosts may add family members to their account to plan events more easily. This includes names and dietary information for those family members.
• Event details. Date, time, location, guest list, RSVP responses, items each guest will bring, and any notes the host adds.
• Feedback and support messages. Anything you send us when you contact support or submit feedback.

Information collected automatically

• Authentication data. Session tokens, login timestamps, and security events (for example failed OTP attempts).
• Device and technical data. Device type, operating system version, app version, IP address, crash logs, and similar diagnostic information.
• Product analytics. Anonymized or pseudonymized event data (which screens you visit, which buttons you tap) through Mixpanel, and session replay data through UXCam. Both are configured to mask sensitive input fields.
• Cookies (website only). Our mobile app does not use cookies. Our marketing website uses essential cookies for basic site function and a small number of first-party analytics cookies. See the Cookies section below.

Information from third parties

• Sign in with Google or Sign in with Apple. If you choose these options during signup, we receive your name and email address from the provider. We do not receive your password.

How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Let hosts plan events, invite guests, and coordinate who brings what
• Let guests RSVP, view event details, and enter dietary preferences
• Generate balanced AI menus tailored to the dietary profile of attendees
• Send transactional communications (OTP codes, RSVP confirmations, event reminders, cancellation notifications)
• Detect and prevent fraud, abuse, and security incidents
• Diagnose bugs, measure product performance, and improve the Services
• Communicate with you about support, account issues, and important service changes
• Comply with legal obligations

We do not use your information for cross-context behavioral advertising. We do not sell your information. We do not use AI-generated menus or your event data to train third-party models.

How We Share Information

We share information only in these situations.

With other users at your direction

• Hosts see RSVP responses, dietary information, and assignment choices for guests they invite.
• Guests see event details, the host's name, and (optionally) what other guests are bringing.

With service providers (processors)

We use a small number of vendors to run the Services. They act as service providers under CCPA and are contractually limited to using data only to provide services to us.

• Amazon Web Services (AWS). Cloud hosting, database storage, and SMS delivery via Amazon SNS, in the United States.
• Mixpanel. Product analytics.
• UXCam. Session replay analytics, with sensitive input fields masked.
• Email delivery provider. We use AWS SES (or an equivalent provider) to send transactional email.
• Sign in with Google and Sign in with Apple. For optional federated sign-in.

For legal reasons

We may share information if we believe in good faith that it is necessary to comply with a legal obligation, protect our rights or the safety of others, or respond to lawful legal process.

Business transfers

If Bellyful.ai is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

SMS Program Details

This section describes the SMS practices of Bellyful.ai. It is written to satisfy the AWS toll-free SMS registration requirements (toll-free number: +18665799396) and TCPA consent rules.

SMS use cases

We use SMS only for the following transactional purposes:

1. One-time passwords (OTP). When you enter your phone number in the app or on a guest RSVP page to verify your identity, we send a short numeric code by SMS. This is initiated by you.
2. Event invitations. When a host chooses to invite a guest by SMS and provides that guest's phone number, we send an invitation SMS. The first SMS includes clear identification of Bellyful.ai, the host's name, a link to RSVP, and opt-in language (for example "Reply YES to receive event updates from Bellyful.ai, STOP to opt out"). We do not send further event-related SMS to that number unless the recipient has opted in.
3. Transactional event notifications. After opt-in, we may send event-specific messages such as RSVP reminders, schedule changes, or event cancellations. These are limited to events the recipient has been invited to.

Consent

• For OTP: consent is given when you enter your phone number in the app or RSVP page and tap to request a code.
• For event invitations: the first SMS is sent based on the host's provision of your number and includes clear opt-in language. Further messages require your affirmative opt-in (for example replying YES). Host-provided phone numbers do not themselves satisfy TCPA prior express written consent for ongoing messaging.
• You can opt out at any time by replying STOP to any message. Reply HELP for help.

What we do not do

• We do not send marketing or promotional SMS.
• We do not share your phone number with advertisers or affiliates.
• We do not sell phone numbers.

Message frequency and rates

SMS frequency varies. Messages are transactional and user-initiated. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

How SMS is delivered

SMS messages are delivered through Amazon Web Services (Amazon SNS). Phone numbers are shared with AWS solely for the purpose of delivering messages you have requested or consented to receive. AWS is bound by its own contractual and legal obligations as our processor.

Retention

Phone numbers provided only for OTP verification by non-app users are retained for the duration of the associated event plus 30 days, then deleted. Phone numbers associated with an app account are retained while the account is active and for 30 days after account deletion.

Data Retention

We retain personal information only as long as needed for the purposes described in this policy.

• Non-app user data (dietary preferences, phone, email, name provided by a guest to RSVP): retained for the duration of the event plus 30 days, then deleted.
• App-account data: retained while your account is active and for 30 days after you delete your account, after which it is deleted or anonymized. The one exception is the limited activity-timeline records described in the next bullet, which are neither deleted nor anonymized but kept permanently in masked form. Short-term backups may persist beyond that window but are not used operationally.
• Activity-timeline records. To coordinate an event, Bellyful keeps an append-only activity history of what happened (who RSVP'd, who declined, who was assigned which item, menu changes, and similar events). To keep that history accurate and tamper-evident, a masked form of a participant's display name (their first name plus last initial, for example "Jordan S.") is stored as part of these records and is kept on a permanent basis, including after that participant deletes their account. We do not keep the participant's full name, email address, or phone number in these records. This masked name is personal information; it is not aggregate, deidentified, or anonymized data, and we describe it plainly so you know exactly what is retained. We keep it because an accurate, tamper-evident record of how each event was coordinated is necessary to provide the Service, and retroactively removing names from past events would corrupt that shared history for the host and the other guests. You can ask us for a copy of the timeline records that reference you by contacting privacy@bellyful.ai. Because these records are an integrity-protected, append-only history shared with other participants, we generally cannot remove a name from past events; if a legal exception requires us to act differently in your case, we will do so.
• Analytics data. Mixpanel and UXCam retain event and session data under their provider defaults. We review these settings regularly.
• Server and application logs. Retained for 90 days for security and debugging, then deleted.
• Backups. Encrypted database backups may be retained for up to 35 days per our disaster recovery policy.
• Legal hold. If we are legally required to retain information longer (for example tax, audit, or litigation), we keep only what is required and only for the required period.

Your Rights

If you are outside the United States: your rights may vary under your local law. Bellyful.ai's services are intended for users in the United States and Canada, and data is processed in the United States. To exercise any rights under your local privacy laws, contact us via the contact form.

Rights under CCPA and CPRA (California residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, or share (Civ. Code §1798.100, §1798.110, §1798.115)
• Delete personal information we have collected (§1798.105). This right is subject to the exceptions permitted by law, including our retention of the limited, masked activity-timeline records described under Data Retention above, which we keep to maintain the integrity of event-coordination history.
• Correct inaccurate personal information (§1798.106)
• Opt out of the sale or sharing of your personal information (§1798.120). Bellyful.ai does not sell or share personal information as those terms are defined under CCPA/CPRA, but you have the right to make this request.
• Limit the use and disclosure of sensitive personal information (§1798.121). We collect health-adjacent information (allergies) and religious inference (Halal, Kosher). We use this information only to deliver the Service you requested and do not use it for inferences about you beyond that purpose.
• Non-discrimination for exercising your rights (§1798.125)

How to exercise your rights

Email privacy@bellyful.ai with the subject line "Privacy Rights Request" and describe what you are asking for. You can also submit requests in-app under Settings > Privacy. We may ask you to verify your identity before we act on your request, typically by confirming control of the email or phone number on your account.

You may designate an authorized agent to act on your behalf. We will ask for reasonable proof of authorization.

Do Not Sell or Share (CCPA Notice)

Bellyful.ai does not sell your personal information. Bellyful.ai does not share your personal information for cross-context behavioral advertising.

This statement applies to all Bellyful.ai users, including California residents. We have not sold personal information in the preceding 12 months and we have no plans to do so.

Children's Privacy (COPPA)

Bellyful.ai is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact privacy@bellyful.ai and we will delete it.

Our minimum age is 13.

Cookies and Similar Technologies

• Mobile app. Our iOS and Android apps do not use browser cookies. They use standard platform storage (secure keychain, encrypted storage) to hold session tokens and preferences.
• Marketing website (bellyful.ai). We use minimal first-party cookies for security and basic site function, and a small set of first-party analytics cookies to understand aggregate usage. We do not use third-party advertising cookies.

Security

We use technical and organizational safeguards to protect your information, including:

• Encryption in transit (TLS 1.2 or higher) for all network traffic
• Encryption at rest for databases and backups
• Database authentication with least-privilege access
• Session replay and analytics configured to mask sensitive fields
• Rate limiting and bot protection on authentication endpoints
• Security logging and monitoring

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you and the applicable regulators as required by law.

Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email (for app users) or by a notice on bellyful.ai, and we will update the effective date above. Your continued use of the Services after the effective date of the updated policy means you accept the changes.

Contact Us

General privacy questions: privacy@bellyful.ai
California privacy rights requests: privacy@bellyful.ai, subject "California Privacy Rights Request"