Legal document
Privacy Policy
This policy explains what personal data we collect on creators.mr-mealprep.com, why we collect it, who we share it with, and what your rights are. It is written in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
Note: this policy covers only the creator recruitment page. The main app and end-user website are subject to a separate, more comprehensive policy.
1. Who is the data controller
Mr. Mealprep S.R.L., a company registered in Romania, headquartered in Drobeta-Turnu Severin, Mehedinți. Contact for data protection requests: [email protected].
2. What data we collect
The only data we collect on this page is what you voluntarily provide through the application form:
| Data | Required | Purpose |
|---|---|---|
| Full name | Yes | To identify and address you properly |
| Email address | Yes | To send you our response to your application |
| Instagram handle | Yes | To review your public content |
| Audience size (bracket) | Yes | To assess fit with the program |
| Marketing consent | No | Only if you tick it: we'll send occasional updates |
We do not collect sensitive data (health, religion, political views, etc.). We do not collect data via cookies or other tracking technologies — see Cookie Policy.
3. Legal basis
- The 4 required fields — legal basis: art. 6(1)(b) GDPR — pre-contractual measures taken at your request. The data is necessary to respond to you and discuss a possible collaboration.
- Marketing checkbox — legal basis: art. 6(1)(a) GDPR — consent. You can withdraw your consent at any time (see section 7).
4. Who we share data with
We use two service providers who process your data on our behalf, under GDPR-compliant data processing agreements (art. 28):
- Cloudflare, Inc. (USA) — hosts the page and processes the form. Data transferred to EU and US, under the EU-US Data Privacy Framework.
- Resend (Resend, Inc., USA) — sends the notification email to our team. Data is processed in the EU region (Ireland). The mr-mealprep.com email domain is verified with Resend, and the API key is kept secret in Cloudflare.
We do not sell your data. We do not share it with advertising networks or data brokers. Direct access to applications is granted to the two co-founders of Mr. Mealprep S.R.L. — Camil Popescu and Călin Teleanu.
5. How long we keep your data
- Applications we accept — kept for the duration of the collaboration + 3 years after termination, for accounting and tax obligations.
- Applications we decline — kept for a maximum of 12 months, then deleted, so we can return with an offer if circumstances change.
- Marketing-consent addresses — kept until consent is withdrawn.
6. Security
Data is transmitted over HTTPS (TLS 1.3 encryption). The notification email is delivered via Resend, with DKIM/SPF/DMARC authentication for our domain. The Resend API key is stored as an encrypted secret in Cloudflare — never in public code.
7. Your rights
Under GDPR, you have the following rights:
- Access — to find out what data we hold about you
- Rectification — to correct inaccurate data
- Erasure ("right to be forgotten")
- Restriction — to halt processing under certain conditions
- Portability — to receive your data in a structured format
- Objection — to processing based on legitimate interest
- Withdraw consent — for marketing, at any time
- Complaint to a supervisory authority — the Romanian National Authority for the Supervision of Personal Data Processing (ANSPDCP), dataprotection.ro
To exercise any of these rights, write to us at [email protected]. We respond within a maximum of 30 days.
8. Changes
We may update this policy. The current version is published at the URL above, with the date of the last update shown in the header. Substantive changes will be notified by email to those who have left an address.
9. Contact
For any question regarding data protection: [email protected].