Mascot
Back to home

[Your App Name]

Privacy Policy

Last updated: April 2026

This policy explains what personal data [Your Company Name Ltd] collects when you use [Your App Name], why we collect it, how we use it, and what rights you have over it. We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

01

Who We Are

The data controller for [Your App Name] is [Your Company Name Ltd], a company registered in England and Wales. We are responsible for deciding how and why personal data is processed in connection with the Service.

You can contact us about any data protection matter at [email protected].

02

What Data We Collect

We collect the minimum data necessary to provide the Service. Here is a summary of what we collect and why.

Account data

  • Email address — used to create your account and send you service-related communications.
  • Password — stored in hashed form; we never see or store your plain-text password.
  • Account creation date and last login — used for security and account management.

Recipe data

  • Extracted recipe content (title, ingredients, method, notes) — the structured output generated from your uploaded images.
  • Optional illustrative image — if you choose to upload a photo to display alongside a recipe, this is stored as part of your recipe record.
  • Recipe metadata (creation date, tags, edits) — used to organise and display your recipes.

Payment data

  • Transaction records (amount, date, credit balance) — retained for accounting and dispute resolution purposes.
  • We do not store card numbers or full payment details. All payment processing is handled by our third-party payment provider, which is responsible for the security of your card data.

Technical data

  • IP address — collected when you make requests to our servers, used for security monitoring and abuse prevention.
  • Device and browser type — collected in server logs for debugging and security purposes.
  • Session data — used to keep you logged in.

What we do not collect

  • We do not use any third-party analytics tools. We do not track your behaviour across other websites.
  • We do not collect your name unless you choose to provide it.
  • We do not collect special category data (health, biometric, financial, or similar sensitive data).
03

How We Use Your Data

PurposeDetails
Provide the ServiceCreate and manage your account, process recipe images, store your recipes, manage your credit balance.
Process paymentsHandle credit purchases, issue receipts, maintain transaction records.
Transactional emailSend account-related emails such as password resets, credit purchase confirmations, and important service notices.
SecurityDetect and prevent fraud, abuse, or unauthorised access.
Legal obligationsRetain financial records as required by HMRC and applicable law.
Service improvementDiagnose technical issues using server logs and error data.

We do not currently send marketing emails. If we introduce this in the future, we will only do so with your explicit opt-in consent, and you will always be able to unsubscribe.

04

Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for each type of processing. We rely on the following:

  • Contract — processing necessary to provide the Service you have signed up for (account management, recipe storage, credit management).
  • Legal obligation — retaining financial and transaction records as required by law.
  • Legitimate interests — server logging and security monitoring to protect the Service and its users. We have assessed that these interests do not override your data protection rights.
  • Consent — if we introduce optional features such as marketing emails in the future, we will obtain your explicit consent before processing data for those purposes.
05

Image Processing & AI

When you upload an image to extract a recipe, that image is transmitted to our servers and processed by an AI model to extract structured recipe data. We want to be transparent about how this works:

  • The image is processed in memory and is not written to permanent storage.
  • The image is discarded immediately after the recipe data has been extracted.
  • We do not use your uploaded images to train AI models.
  • AI extraction is performed using a third-party AI provider. Your image is transmitted to that provider solely for the purpose of extraction and is subject to a data processing agreement that restricts its use.

If you upload an optional illustrative image to display alongside a saved recipe, that image is stored in our cloud storage. You can delete it at any time from within the app.

06

Who We Share Data With

We do not sell your data. We do not share it with advertisers. We share data with third parties only where necessary to provide the Service, and only under written data processing agreements that restrict how they may use it.

Our sub-processors

  • Payment provider (e.g. Stripe) — processes payment transactions on our behalf.
  • Cloud infrastructure provider — hosts the application and stores recipe data and optional images.
  • AI provider — processes uploaded images to extract recipe data. Images are not retained by the provider after processing.
  • Transactional email provider — delivers account and service emails.

We may also disclose data where required by law, court order, or to protect the rights and safety of our users or the public.

International transfers

Some of our sub-processors may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place — typically the UK International Data Transfer Agreement (IDTA) or adequacy decisions — to protect your data to the same standard as required under UK GDPR.

07

How Long We Keep Data

Data typeRetention period
Recipe extraction imagesDiscarded immediately after extraction
Illustrative imagesUntil you delete them, or 30 days after account closure
Recipe dataUntil you delete the recipe, or 30 days after account closure
Account data30 days after account closure
Transaction records7 years (HMRC requirement)
Server logs90 days
08

Your Rights

Under UK GDPR you have the following rights in relation to your personal data. You can exercise most of these directly from within the app, or by contacting us at [email protected].

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can ask us to delete your data. Note that we may need to retain some data for legal reasons (e.g. transaction records).
  • Right to restriction — you can ask us to pause processing of your data in certain circumstances.
  • Right to data portability — you can request your recipe data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests.
  • Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you.

We will respond to all rights requests within one month. There is no charge for making a request. We may ask you to verify your identity before processing a request.

09

Cookies

We use only essential cookies necessary to operate the Service — specifically, session cookies that keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.

Because we only use essential cookies, we do not require a cookie consent banner under PECR. If we introduce non-essential cookies in the future, we will update this policy and obtain your consent before setting them.

10

Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include:

  • Passwords are hashed using a modern, secure algorithm.
  • Data is transmitted over encrypted connections (HTTPS/TLS).
  • Access to production systems is restricted to authorised personnel only.
  • Payment data is handled entirely by our PCI-DSS compliant payment provider.

No system is completely secure. In the event of a data breach that is likely to affect your rights and freedoms, we will notify the ICO within 72 hours and inform affected users without undue delay.

11

Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data without appropriate consent, please contact us at [email protected] and we will delete it promptly.

12

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice in the app before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

13

Contact & Complaints

If you have any questions about this policy or how we handle your data, please contact our data protection contact at [email protected].

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

We would always appreciate the opportunity to resolve your concern directly before you contact the ICO.

[Your Company Name Ltd] · [email protected]