Skip to content

Privacy Policy

Effective: April 11, 2026

Summary

We collect only what we need to run Recipe Manager: your email and password for login, the recipes and meal plans you create, and basic usage analytics. We do not sell your data. You can export or delete everything at any time from Settings.

1. Who We Are

Recipe Manager is operated by the Recipe Manager team ("we", "us", "our"). For privacy inquiries, contact privacy@recipe-manager.app.

2. What We Collect

Account data: Email, hashed password, display name, preferred language. Stored in Supabase (managed PostgreSQL, EU/US region depending on configuration).

Content: Recipes you import or create, including ingredients, instructions, photos, notes, and dietary tags. Stored in Supabase and image files in Cloudinary.

Usage data: IP address, browser, device type, pages viewed, timestamps. Used for security (rate limiting, abuse detection) and anonymized analytics.

Error reports: Stack traces and anonymized user IDs sent to Sentry when errors occur, to help us fix bugs.

3. How We Use It

  • To provide and operate the Service
  • To authenticate you and secure your account
  • To improve features and fix bugs (aggregated analytics)
  • To send transactional emails (password reset, receipts)
  • To comply with legal obligations

We do not use your content to train AI models. We do not sell or rent your data to third parties.

4. Third-Party Sub-Processors

To operate Recipe Manager we use the following service providers. Each has its own privacy policy and applicable data processing agreement:

  • Supabase — database, authentication, storage
  • Cloudinary — image hosting and transformation
  • Vercel — frontend hosting and edge CDN
  • Anthropic (Claude), OpenAI (GPT-4o), Google (Gemini) — AI recipe extraction. Content you submit for extraction is sent to one of these providers. We do not send your account email or identifiers; only the text/image being processed.
  • Sentry — error tracking and session replay
  • Stripe (when subscriptions are enabled) — payment processing
  • Google Analytics — anonymized usage statistics

5. Cookies and Local Storage

We use:

  • Essential cookies: authentication session, CSRF token, language preference. Required to use the Service.
  • Analytics cookies: Google Analytics (anonymized). Disabled until you accept the cookie banner.
  • Local storage:your meal plan draft, theme choice, and onboarding progress are stored in your browser's local storage (not sent to our servers).

6. Global Privacy Control

We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of your personal information, as required by applicable state privacy laws including CCPA/CPRA, Connecticut Data Privacy Act, and Rhode Island Data Transparency and Privacy Protection Act.

7. Your Rights (GDPR / CCPA)

You have the right to:

  • Access your data — download all your recipes, meal plans, and notes as JSON from Settings > Export Data
  • Correct inaccurate data — edit it directly in the app
  • Delete your account and all associated data from Settings > Danger Zone
  • Object to processing, restrict processing, or withdraw consent for analytics cookies
  • Data portability — your export is in standard JSON format
  • Lodge a complaint with your local data protection authority

8. Data Retention

We keep your account data as long as your account is active. If you delete your account, all your personal data is permanently deleted within 30 days, except where we are legally required to retain it (e.g. tax records for paid subscriptions).

Backups are retained for up to 30 days after deletion, after which they are rotated out.

9. Data Security

We protect your data with encryption in transit (TLS 1.2+), encryption at rest, row-level security policies, rate limiting, and regular security audits. No system is perfectly secure; report security issues to security@recipe-manager.app.

10. International Transfers

Your data may be processed in countries other than your own. When transferring personal data outside the European Economic Area, we rely on Standard Contractual Clauses or an adequacy decision.

11. EU/EEA Contact

Recipe Manager does not currently have a designated representative in the European Union under Article 27 of the GDPR. If you are located in the EU/EEA, you may direct privacy inquiries to privacy@recipe-manager.app. If we determine that a formal EU representative is required as our user base grows, we will update this section accordingly.

12. Children

Recipe Manager is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have, contact us and we will delete it.

13. Changes to This Policy

We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

Terms of ServiceBack to home