Mealmate
Sign inGet started

Legal

Privacy Policy

Last updated · May 29, 2026

This is a plain-language summary provided for transparency. It is not legal advice and is being finalized. If anything here is unclear, reach out before relying on it.

This Privacy Policy explains what Mealmate Inc. (“Mealmate,” “we”) collects, how we use it, and the choices you have. It applies to diners and restaurant users of the Mealmate platform.

What we collect

  • Account information — your name, email, and (for restaurants) business details you provide.
  • Card & transaction data— when you link a card through Plaid, we receive a secure access token and the transaction details needed to recognize qualifying visits (merchant name, amount, date, and the card's last four). We do not receive or store your full card number or your bank login credentials.
  • Payout information — the destination you set up to receive cash back, handled through our partner Dwolla.
  • Restaurant payout/verification data — collected directly by Stripe during Connect onboarding.
  • Usage & device data — basic logs and technical information generated when you use the service.

How we use it

  • To operate the platform — recognize qualifying visits, calculate and send cash back, and settle with restaurants.
  • To verify identity and prevent fraud and abuse.
  • To communicate with you about your account, visits, and payouts.
  • To comply with legal and payment-network obligations.

We do not sell your personal information.

Who we share it with

We share data with service providers strictly to run Mealmate, including:

  • Plaid — card linking and transaction data.
  • Dwolla — diner cash-back payouts.
  • Stripe — restaurant onboarding and weekly settlement.
  • Supabase — our database and authentication.
  • Resend — transactional email.
  • Vercel — hosting.

We may also disclose information if required by law or to protect the rights and safety of users and the public.

How we protect it

Sensitive tokens (such as your Plaid access token) are encrypted at rest. Access to data is restricted and enforced at the database level. No system is perfectly secure, but we take reasonable measures to safeguard your information.

Retention

We keep your information for as long as your account is active and as needed for the purposes above, including legal, accounting, and fraud-prevention obligations.

Your choices & rights

  • You can unlink a card at any time, which stops us from receiving further transaction data for it.
  • You can request access to, correction of, or deletion of your personal data by emailing us. We'll honor applicable requests; some data may be retained where required by law.

Changes

We may update this policy; material changes will be posted here with a new “last updated” date.

Contact

Privacy questions or data requests: support@mealmatedining.com or via the contact form.