KettleOps ("we", "us", "our") operates the Recipeel mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Account Information
When you create an account, we collect your email address, display name, and authentication credentials. If you sign in via Apple or Google, we receive the profile information you authorize.
Recipe and User Content
We store the recipes you create, import, or save, including titles, ingredients, instructions, photos, notes, tags, and any modifications you make. We also store your cookbooks, meal plans, grocery lists, and cook logs.
Preferences
We store your dietary preferences, cuisine preferences, cooking skill level, household size, and notification settings to personalize your experience.
Usage Data
We automatically collect information about how you interact with the Service, including features used, screens viewed, search queries, import sources, and timestamps of activity.
Camera and Microphone
With your permission, we access your device camera for barcode scanning (pantry items), fridge scanning (ingredient recognition), and recipe photo capture. We access your microphone for Voice Cook Mode (speech-to-text during cooking). Camera and microphone data is processed in real time and is not recorded or stored on our servers unless you explicitly save a photo to a recipe.
Device Information
We collect device type, operating system version, app version, language settings, and a unique device identifier for crash reporting and analytics.
2. How We Use Your Information
- Provide the Service: Store and sync your recipes, generate meal plans, create grocery lists, and enable cook mode.
- Personalization: Tailor recipe suggestions, search results, and the AI Chef experience to your preferences and cooking history.
- AI Features: Process your queries and recipe content through AI services to power recipe import, the AI Chef, recipe suggestions, and smart grocery lists.
- Analytics: Understand usage patterns to improve the Service, fix bugs, and develop new features.
- Communication: Send you account-related notifications, feature updates, and important policy changes.
- Security: Detect and prevent fraud, abuse, or unauthorized access.
3. Third-Party Services
We use the following third-party services to operate Recipeel:
- Serverpod: Our backend framework for server-side logic, authentication, and database management.
- Amazon Web Services (AWS) S3: Cloud storage for recipe images and media files. Data is stored in the EU (eu-west-1 region).
- OpenAI API: Powers the AI Chef conversational feature and assists with recipe parsing and suggestions. Recipe content and queries may be sent to OpenAI for processing. OpenAI does not use this data to train its models.
- Google Gemini API: Used as an alternative AI provider for recipe parsing, image recognition, and natural language understanding.
- Bright Data: Used for web data retrieval when importing recipes from URLs or videos to extract recipe content.
- Sentry: Error tracking and performance monitoring to identify and fix bugs. May receive anonymized device and error information.
Each third-party service has its own privacy policy governing its use of your data. We encourage you to review their policies.
4. Data Storage and Security
Your data is stored on servers located in the European Union (AWS eu-west-1, Ireland). We implement industry-standard security measures including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Secure authentication with hashed and salted passwords
- Regular security audits and dependency updates
- Access controls limiting employee access to user data
- Automated backups with encrypted storage
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal data for as long as your account is active. When you delete your account:
- Your profile, recipes, cookbooks, meal plans, grocery lists, cook logs, and preferences are permanently deleted within 30 days.
- Recipe images stored in AWS S3 are deleted within 30 days.
- Anonymized, aggregated analytics data may be retained indefinitely as it cannot be linked back to you.
- Data required for legal obligations (e.g., billing records) may be retained as required by law.
6. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights:
- Right of Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Data Portability: Request your data in a machine-readable format (JSON export available in-app under Settings).
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Object: Object to processing of your data for certain purposes.
- Right to Withdraw Consent: Withdraw previously given consent at any time.
To exercise any of these rights, contact us at support@kettleops.space. We will respond within 30 days.
7. Children's Privacy
Recipeel is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@kettleops.space and we will promptly delete it.
8. Cookies and Tracking
The Recipeel website uses only essential cookies required for session management and authentication. We do not use advertising cookies, tracking pixels, or third-party marketing cookies.
The mobile app does not use cookies. Device identifiers are used solely for crash reporting via Sentry and are not shared with advertisers.
9. International Data Transfers
Your data is primarily processed and stored in the EU (Ireland, eu-west-1). When data is processed by third-party AI services (OpenAI, Google), it may be transferred to servers in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate data protection.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through:
- An in-app notification
- An email to your registered email address
- An updated "Last updated" date at the top of this page
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us at: