Privacy Policy
Last updated June 2, 2026
Mynu ("we," "our," or "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices when you use the Mynu mobile app.
1. Scope
This Privacy Policy applies to the Mynu iOS app and related services.
2. Information We Collect
We collect the following categories of information:
Account and sign-in information
- If you sign in with Apple, we collect authentication identifiers and basic account profile information (such as display name and UID).
- Authentication is provided through Firebase Authentication. Your authentication credentials (passwords, OAuth tokens) are handled by the respective identity providers and Firebase, not stored on our infrastructure.
App content you create
- Menu data, dishes, activity entries, labels, schedule-related details, and other content you enter in the app.
- Profile data such as display name and avatar URL.
Photos and media
- If you are signed in: dish images and avatar images are uploaded to your Apple iCloud account as CloudKit assets in your private CloudKit database. We do not host or process these images on our own servers.
- If you are a guest (not signed in): dish and avatar images are stored locally on your device only.
- The app may temporarily process local image files on-device (for example cropping/editing and asset preparation) for both guest and signed-in flows.
- If you sign in after using guest mode, your guest dish/activity data — including the underlying image files — is migrated into your iCloud account on a one-way, additive basis. After successful migration, the guest workspace is marked as claimed and is not surfaced again on this device.
Device and usage data
- Product analytics events. We use Firebase Analytics (a Google service) to understand how the app is used in aggregate — for example app opens, sign-ins, whether a user continues as a guest or signs in, menus and dishes created, menu sharing, and completed purchases. These events are associated with a randomly generated app-instance identifier and your pseudonymous Firebase user ID. They do not include your name, email, dish photos, or menu contents. Firebase Analytics also automatically collects standard mobile measurement data such as app version, device model, operating system version, and approximate region derived from IP address (the IP address itself is not retained for analytics).
- Crash and stability diagnostics. We use Firebase Crashlytics (a Google service) to collect crash reports and non-fatal error reports — including stack traces, device model, OS version, and app state at the time of the issue — so we can diagnose and fix problems.
- Additional detailed diagnostic/logging events (for example data backend initialization, subscription health, migration progress, and performance traces) are written to the local device console only and are not transmitted off the device.
- Push notification token(s), if you enable notifications. Tokens are stored alongside your data in your iCloud private database and used to deliver notifications via Expo and Apple Push Notification service. The app uses iOS background delivery so notifications can be received and processed when the app is not in the foreground.
Cloud and local storage data
- Signed-in app data is stored using SwiftData, replicated to your Apple iCloud account via CloudKit. Reads and writes go through your private CloudKit database; we do not have access to it.
- Guest app data is stored locally on your device using on-device key-value storage; nothing is transmitted to a remote server while you remain in guest mode.
- Some content may be cached on your device for performance and offline use.
3. How We Use Information
We use your information to:
Provide and operate the app
- Create and manage menus, dishes, activity history, labels, and collaboration features.
Authenticate users
- Support Apple sign-in via Firebase Authentication.
Enable syncing and sharing
- Sync your menu and activity across devices signed into the same Apple ID, and enable family/household collaboration via CloudKit sharing (
CKShare).
Enable optional notifications
- Deliver push notifications and respect your notification preferences.
Maintain reliability and safety
- Diagnose app errors and improve stability.
Understand usage and improve the app
- Measure aggregate engagement, growth, and retention through Firebase Analytics, and monitor crashes through Firebase Crashlytics, to guide product improvements. We do not use this data for advertising or to build cross-app behavioral profiles.
4. Legal Bases (Where Applicable)
Depending on your location, we process data based on one or more of the following:
- Performance of a contract (providing app features you request).
- Legitimate interests (security, reliability, and service improvement).
- Consent (where required, such as notifications or specific platform permissions).
- Legal obligations.
5. Sharing of Information
We do not sell your personal information.
We rely on the following third-party services solely to operate the app:
Apple CloudKit / iCloud
- Stores and syncs your menu, dishes, activity entries, image assets, and push token data in your private iCloud database. Powers cross-device sync and CloudKit sharing for invited collaborators.
Firebase Authentication
- Provides Apple authentication services.
Firebase Analytics & Firebase Crashlytics (Google LLC)
- Process aggregate app-usage events and crash/diagnostic reports to help us measure engagement, growth, and retention and to fix bugs. Data is associated with a pseudonymous identifier, not your name or email. Google processes this data as described in its own privacy policy. We do not enable Google advertising features or share this data with advertising networks.
Expo / Apple Push Notification service
- Delivers push notifications (if enabled), including background delivery.
Apple StoreKit / App Store
- Processes in-app purchases of Mynu Plus subscriptions and the lifetime SKU. We receive a Mynu-tier flag (free vs paid) and the purchase product identifier; we do not receive payment card or billing-address details. Subscription entitlement state is mirrored from StoreKit into your iCloud private database so it persists across your devices. Apple's privacy policy governs how Apple handles your purchase data.
We may also disclose information if required by law, legal process, or to protect rights/safety.
6. Data Retention
We retain information for as long as needed to provide the app and legitimate business purposes, unless a longer retention period is required by law.
- Cloud-backed data is stored in your iCloud account and persists until you delete it from within the app, until you delete your Mynu account, or until you remove the data through Apple's iCloud controls.
- Local cached data may remain on device until removed by app actions or device uninstall.
- Account deletion (via the in-app "Delete account" flow) removes your menu, dishes, activity, and push token records from your iCloud private database, then signs you out.
7. Your Choices and Rights
Depending on your location, you may have rights to access, correct, delete, or export your information.
You can also:
- Update profile information in-app.
- Delete your account and associated CloudKit data via the in-app "Delete account" flow.
- Reset all test data on this device via the "Reset test data" action in profile.
- Disable notifications in app settings or iOS settings.
- Revoke app permissions (camera, photos, notifications) in iOS Settings at any time.
For privacy requests, contact us using the details below.
8. Do Not Track and Advertising
Mynu uses Firebase Analytics and Firebase Crashlytics to measure how the app itself is used and to fix bugs, as described above. We do not use advertising networks, we do not enable Google advertising/"Google signals" features, and we do not use the device advertising identifier (IDFA) or sell your personal information. We do not track you across other companies' websites or apps to build advertising profiles. Because the app does not perform that kind of cross-app advertising tracking, it does not respond to browser-based "Do Not Track" (DNT) signals — there is no such activity to suppress. We treat all users consistently with the practices described in this policy.
9. Children's Privacy
Mynu is not intended for children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children.
10. International Data Transfers
Your information may be processed in countries other than your own, depending on Apple and Firebase infrastructure providers. We take reasonable steps to protect data during transfer and processing.
11. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. App data stored in CloudKit benefits from Apple's iCloud security model. No method of transmission or storage is completely secure.
12. Third-Party Services
The app relies on third-party services with their own privacy terms, including:
- Apple CloudKit / iCloud
- Firebase Authentication (Google LLC)
- Firebase Analytics & Firebase Crashlytics (Google LLC)
- Expo Notifications / Apple Push Notification service
- Apple StoreKit / App Store (in-app purchases)
Please review those providers' policies for additional details.
13. Camera and Photo Library Access
Mynu requests camera and photo library access only when needed for image-related features, such as:
- Taking a new dish or avatar photo with your camera.
- Selecting an existing photo from your photo library.
- Editing/cropping selected images before saving.
If you deny camera or photo access, these image features may not work, but the rest of the app can still be used. You can change permission settings at any time in iOS Settings.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date when changes are made.
15. Contact Us
If you have questions or requests about this Privacy Policy, contact:
- Email:
support@getmynu.app