Privacy policy

Last updated: 2026-03-16

This Privacy Policy explains how we handle personal data across the WeekPlate website and meal planning service.

Summary (Plain English)

  • We only collect the information we need to generate meal plans and manage your account.
  • We do not sell your data.
  • We do not use your data for targeted advertising.
  • We do not share your data with third parties for their own marketing.
  • You can delete your account or ask us to delete your data at any time.

Who we are

Asambl Technologies Ltd, trading as WeekPlate, is the data controller for personal data processed through this website and service. The registered address is:

71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom

Company number: 17066085

ICO registration number: ZC102886

For privacy questions or data requests, contact: support@asambl.app

What we collect

Planning inputs

When you create a meal plan, we collect the constraints you enter (household size, dietary needs, week shape, effort level, budget). These are sent to our server to generate meal plans and are stored to improve plan quality.

Saved plans and feedback

We store your saved meal plans and thumbs up/down ratings to personalise and improve the service.

Account data

If you sign in to save plans, we collect your email address. We use magic links, so we never store a password.

Waitlist

If you join the waitlist, we collect your email address and any optional preferences you provide.

Cookies and analytics

We use a session cookie (HTTP-only) to keep you signed in. This is essential and does not require consent.

With your consent, we use PostHog for analytics — tracking anonymous usage events like page views, plan completions, and button clicks. PostHog cookies are only set after you click “Accept” on the consent banner. You can change your preference at any time by clearing your browser data or contacting us.

We do not use third-party advertising cookies or trackers.

Why we process your data

We process personal data to:

  • generate personalised meal plans
  • send magic link authentication emails
  • manage the waitlist
  • improve plan quality over time
  • understand aggregate usage patterns

Legal basis

Where UK GDPR or EU GDPR applies, our legal basis is consent for waitlist sign-ups and analytics, and legitimate interest for providing and improving the service.

You can withdraw consent at any time by contacting us or unsubscribing from any emails.

AI processing

Your planning inputs are sent to a third-party AI provider (currently OpenAI) to generate meal plans. Only the planning constraints are included — not your email address or personal identity.

How we use email

We may send you emails about:

  • magic link sign-in
  • waitlist updates and access availability
  • product updates and new features

Every email includes an unsubscribe link, and we do not add you to unrelated mailing lists.

Data retention

We keep personal data only for as long as needed.

  • Account data: while your account is active, then deleted within 30 days of account deletion
  • Plan records and saved meal plans: while your account is active, unless you ask for deletion earlier
  • Waitlist data: until launch or conversion of the waitlist, unless you ask for deletion earlier

Sharing and processors

We use service providers to help operate the website and service.

At the time of writing, those include:

  • Cloudflare — website hosting, DNS, CDN, and serverless compute
  • OpenAI — AI-powered meal plan generation
  • Resend — transactional email delivery (magic links)
  • Neon — database hosting
  • PostHog — privacy-friendly analytics (consent-gated)

These providers process data only to provide their services to us. They are not authorised to sell your data or use it for their own marketing purposes.

We will update this policy if our processors change.

International transfers

Some of our providers may process data outside the UK or EU.

Where this happens, we rely on appropriate safeguards, such as standard contractual clauses or the UK International Data Transfer Agreement, where required.

Your rights

If UK GDPR or EU GDPR applies to you, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • ask us to delete your data
  • withdraw consent at any time
  • object to certain kinds of processing
  • request a copy of your data in a structured format
  • complain to the Information Commissioner's Office (ICO)

To exercise these rights, email: support@asambl.app

We aim to respond within one calendar month. If a request is complex and we need more time, we will let you know within that first month.

Security

We take reasonable steps to protect personal data, including access controls, least-privilege access, secure hosting, and encrypted connections.

No system can be guaranteed 100% secure, but we work to reduce risk and protect the information we handle.

Children

WeekPlate is not intended for children under 16, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy as the product and services evolve.

When we do, we will update the “Last updated” date above. If a change is significant, we will notify existing users by email before it takes effect.

Contact

For privacy and data requests: privacy@asambl.app

For general enquiries: contact@asambl.app