Recipy LogoRecipy

Privacy Policy

Effective: 12 July 2026 · Applies to the Recipy app and this website

1. Data Controller

Tim Schoen
Speckenbarg 11
22848 Norderstedt, Germany
E-mail: recipy.support@gmail.com

2. Summary

3. Data we process on our server

3.1 Account

When you register we store: your self-chosen username, display name, password (exclusively as a salted cryptographic hash — we cannot read your password), creation date, and session tokens (hashed, valid for 30 days, at most 5 active sessions). An e-mail address is not required to register.

3.2 “Sign in with Google” (optional)

If you sign in with Google, we receive your Google account ID, your verified e-mail address and your name from Google. We use this data solely for sign-in and account recovery. Legal basis: Art. 6(1)(b) GDPR.

3.3 Device identifier and usage counters

The app sends a randomly generated device ID (not an advertising identifier) as abuse protection. Per account we store the number of AI imports used and the premium status. Legal basis: Art. 6(1)(b) and (f) GDPR.

3.4 AI import content

When you start an import, the app transmits the respective content to our server: photos/screenshots (e.g. recipe cards, grocery receipts), typed text, voice recordings, or the content of a link you paste. Our server forwards this content to AI services for analysis (section 5). Content is processed to answer your request; results of link imports are kept in a volatile server cache for up to 24 hours to speed up repeat requests. Legal basis: your consent (Art. 6(1)(a) GDPR), which you grant in the app before your first import.

4. Data that never leaves your device

Recipes, favorites, fridge contents, meal plans, shopping lists, cooking streak/badges and app settings are stored locally on your device and are not transmitted to us. Your sign-in token is kept in your device’s protected storage (iOS Keychain / Android Keystore).

5. Recipients and third-party services

Transfers to US providers may occur (Art. 44 ff. GDPR); they rely on the EU Standard Contractual Clauses or the EU-US Data Privacy Framework where the provider is certified.

6. App permissions

7. Children’s privacy

Recipy’s content is suitable for ages 6 and up. Creating an account and using the AI features requires consent under data-protection law; if you are under 16, you may only use these features with the consent of a parent or legal guardian (Art. 8 GDPR). We do not knowingly collect personal data from children without such consent — if you believe a child has provided us data without it, contact us and we will delete it.

8. Website waitlist

If you join the waitlist on this website, we process your e-mail address to notify you once about the app launch. Legal basis: Art. 6(1)(a) GDPR. You can request deletion at any time via recipy.support@gmail.com.

9. Retention

10. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR), and the right to withdraw any consent at any time with effect for the future. You may also lodge a complaint with a data-protection supervisory authority. Delete your account: directly in the app under Settings → “Delete account” — this permanently removes your account, import history and premium assignment from our server.

11. Changes

We update this policy when the app or the legal situation changes. The version published here applies.