This Privacy Policy describes how RecipeBox AI ("we," "us," or "our") collects, uses, and protects your information when you use our mobile application and related services (the "Service").
Your Privacy Matters
We are committed to protecting your privacy and being transparent about our data practices. This policy explains what information we collect, how we use it, and your rights regarding your personal information.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, and authentication credentials
- Profile Data: Profile picture, preferences, and settings
- User Content: Recipes, photos, cookbooks, and other content you create or upload
- Communications: Messages you send to our support team
1.2 Information Collected Automatically
- Device Information: Device model, operating system, app version
- Usage Data: App interactions, features used, session duration
- Performance Data: Crash reports, error logs (anonymized)
- Authentication Data: Sign-in timestamps, IP addresses for security
1.3 Information from Third Parties
- OAuth Providers: Basic profile information from Google, Apple, or other sign-in services
- Recipe Sources: Publicly available recipe data from websites you import from
- AI Services: Processed data returned from AI providers (OpenAI, etc.)
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process AI requests (image generation, recipe analysis) | Contract performance |
| Sync data across your devices | Contract performance |
| Customer support and communication | Contract performance |
| Security and fraud prevention | Legitimate interest |
| App improvements and analytics | Legitimate interest |
| Legal compliance | Legal obligation |
AI Processing
When you use AI features (image generation, recipe analysis, nutrition estimation), we may send your inputs to third-party AI providers. We use providers like OpenAI and others who have their own privacy policies. We do not store your AI inputs longer than necessary to provide the service.
3. Information Sharing
We do not sell your personal information. We may share information in these limited circumstances:
3.1 Service Providers
- Cloud Infrastructure: Supabase, CloudKit for data storage and sync
- AI Services: OpenAI and other AI providers for processing requests
- Analytics: Anonymized usage data for app improvement
- Customer Support: Communication platforms for support
3.2 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
4. Data Storage and Security
4.1 Where We Store Data
- Primary Storage: Supabase (PostgreSQL) - United States
- Device Sync: CloudKit (Apple) - Your region
- File Storage: Supabase Storage - United States
4.2 Security Measures
- Encryption in transit (HTTPS, TLS)
- Encryption at rest for sensitive data
- Row-level security policies
- Regular security audits and updates
- Limited access controls
5. Data Retention
- Account Data: Retained while your account is active
- User Content: Retained until you delete it or close your account
- Usage Logs: 90 days for performance monitoring
- Support Communications: 2 years for quality assurance
- Legal Hold: Longer retention if required by law
6. Your Privacy Rights
You Have Control
Depending on your location, you may have certain rights regarding your personal information:
6.1 General Rights
- Access: Request a copy of your personal information
- Correction: Update or correct your information
- Deletion: Request deletion of your account and data
- Portability: Export your data in a structured format
- Objection: Object to certain processing activities
6.2 GDPR Rights (EEA/UK)
If you're in the European Economic Area or UK, you have additional rights under GDPR, including the right to restriction of processing and the right to lodge a complaint with your supervisory authority.
6.3 CCPA Rights (California)
California residents have the right to know what personal information is collected, delete personal information, and opt-out of the sale of personal information (which we don't engage in).
7. Children's Privacy
Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by relevant authorities
- Provider certifications (Privacy Shield successors, SOC 2, etc.)
9. Third-Party Services
9.1 Authentication Providers
- Google Sign-In: Google Privacy Policy
- Apple Sign-In: Apple Privacy Policy
9.2 AI Providers
- OpenAI: OpenAI Privacy Policy
- Other AI services as disclosed in-app
9.3 Infrastructure Providers
- Supabase: Supabase Privacy Policy
- Apple CloudKit: Apple Privacy Policy
10. Cookies and Tracking
Our mobile app does not use traditional web cookies. However, we may use:
- Local Storage: For app functionality and offline access
- Analytics SDKs: For anonymized usage analytics (opt-out available)
- Session Tokens: For authentication (essential for service)
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
- In-app notifications
- Email notifications (if we have your email)
- Updating the "Last updated" date above
Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
12. How to Exercise Your Rights
To exercise your privacy rights or for questions about this policy:
Contact Information
Email: hello@recipeboxai.app
Subject Line: "Privacy Request" or "Data Request"
Response Time: We'll respond within 30 days (or as required by local law)
13. Additional Information
13.1 Data Controller
RecipeBox AI is the data controller for your personal information collected through the Service.
13.2 DPO Contact
For GDPR-related inquiries, you can contact our Data Protection Officer at hello@recipeboxai.app with "DPO" in the subject line.
13.3 Supervisory Authority
If you're in the EEA/UK and have concerns about our data practices, you can file a complaint with your local supervisory authority.
Questions?
If you have questions about this Privacy Policy or our data practices, please don't hesitate to contact us at hello@recipeboxai.app. We're here to help and ensure your privacy is protected.