Privacy Policy
Last updated: 20 September 2025

MAKAN APP LTD (“we”, “us”, “our”) operates the Makan mobile application (the “App”). This Privacy Policy explains how we collect, use, store, and protect personal data when you use the App.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data controller: MAKAN APP LTD

Registered address:
86–90 Paul Street
London, EC2A 4NE
United Kingdom

Contact email: support@makanofficial.com

MAKAN APP LTD is responsible for determining how and why personal data is processed under this Privacy Policy.

2. Personal Data We Collect

2.1 Account data
• Name (if provided)
• Email address
• Unique user identifier
• Account status
• Account creation and activity timestamps

2.2 Meal content and social data

Depending on how you use the App, we process:
• Meal photos you upload
• Captions or notes added to meals
• Tags applied to meals
• Audience settings selected for each post (just me, friends-only, or public)
• Following and mutual friend relationships

Where features are enabled, this may also include:
• Likes or reactions
• Comments

2.3 Technical and security data
• App and device information required to operate the service, such as app version and device type
• Security, abuse-prevention, and diagnostic logs used to protect users and the App

We do not intentionally collect special category personal data. However, user-generated content may reveal sensitive information. Users should avoid uploading personal data they do not wish to be processed.

3. How We Use Personal Data

We use personal data to:
• Create and manage user accounts
• Provide core App functionality, including saving meals and displaying feeds based on selected audience settings
• Synchronise content across devices
• Maintain security, prevent abuse, and protect the integrity of the App
• Respond to support enquiries
• Maintain and improve reliability and performance

We do not sell personal data and we do not use personal data for third-party advertising.

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases.

4.1 Contract

Processing is necessary to provide the App and its core features once you create an account.

4.2 Legitimate interests

Processing is necessary for internal operations such as security, abuse prevention, and improving the reliability of the App. These interests are balanced against your rights and expectations.

We do not rely on consent for core account functionality. If optional features are introduced that require consent, this will be requested at the relevant time.

5. Sharing and Visibility Controls

The App supports different visibility settings. What other users can see depends on the choices you make.
• Public posts are visible to other users and may appear in discovery features within the App
• Friends-only posts are visible only to mutual friends
• Private posts are visible only to you within your personal meal tracker

If you change the audience of a post or delete it, the change is applied within the App. Copies may remain temporarily in device caches or system backups for limited periods, as described in the retention section.

6. Storage, Processors, and Security

6.1 Storage and processors

We use Apple CloudKit to store and synchronise data. Apple processes personal data on our behalf to provide this infrastructure.

For the MVP, we do not use third-party advertising SDKs or cross-app tracking technologies. If additional processors such as analytics, crash reporting, or customer support tools are introduced, this Privacy Policy will be updated before those changes take effect.

6.2 Security

We apply technical and organisational measures designed to protect personal data, including encryption in transit and access controls.

No system is completely secure, but we take reasonable steps to protect data against unauthorised access, loss, or misuse.

7. International Data Transfers

Apple and other service providers may process personal data outside the United Kingdom.

Where international transfers occur, appropriate safeguards are used, such as recognised transfer mechanisms and contractual protections, to ensure an adequate level of data protection.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

8.1 Active accounts

Account data and meal content are retained while an account remains active.

8.2 Deleted accounts

When an account is deleted, personal data is deleted or anonymised within 30 days, unless a longer retention period is required by law or necessary for security purposes such as preventing abuse.

8.3 Backups and security logs
• Backups may retain data for up to 35 days as part of system resilience and recovery processes
• Security and abuse-prevention logs may be retained for up to 180 days

9. Your Rights

Under UK GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request deletion of personal data
• Request restriction of processing in certain circumstances
• Request data portability where applicable
• Object to processing in certain circumstances

To exercise your rights, contact us at support@makanofficial.com. We may request information to verify your identity. Requests are handled within the time limits required by law.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

10. Children

The App is not intended for children under the age of 13. If we become aware that personal data has been collected from a child under 13, we will take steps to delete that data.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

The updated version will be published with a revised “Last updated” date. Where appropriate, we will notify users within the App.