Privacy Policy

Last updated: April 2025

We keep this policy simple and in plain English. If you have any questions, email us at info@myrecipeapp.co.uk.

1. Who we are

My Recipe App is operated by Saffer Stretch Ltd, a company registered in England and Wales. References to "we", "us" or "our" in this policy mean My Recipe App and its operator.

Registered address: Greetwell Place, Lincoln, LN2 4US, United Kingdom.

For the purposes of UK GDPR, Saffer Stretch Ltd is the data controller. You can contact us at info@myrecipeapp.co.uk.

2. What personal data we collect

We collect only the minimum data needed to run the service:

Account information — your first name, last name, and email address when you register.
Password — stored as a one-way bcrypt hash; we never store your plain-text password.
Recipes you add — recipe titles, ingredients, instructions, and any photos you upload. Recipes you add are private to your account and are not visible to other users.
App preferences — your temperature scale (Celsius/Fahrenheit), measurement system (metric/imperial), pantry items, and meal plan settings.
Usage data — basic server logs (IP address, request path, timestamp) are retained by our infrastructure providers (Railway and Vercel) for up to 7 days in accordance with their standard log retention policies. We do not store additional server logs ourselves.

We do not collect payment information, location data, or device identifiers.

3. Why we collect it and our legal basis

Under UK GDPR we rely on the following legal bases:

Contract performance — to create and manage your account, send you weekly meal plan emails, and operate the core features of the app.
Legitimate interests — to keep the service secure, diagnose bugs, and improve the app. We have balanced these interests against your rights and concluded they do not override them.
Compliance with legal obligations — where we are required to retain certain data by law.

4. Cookies and tracking

We use a single, strictly necessary cookie to keep you logged in:

rwapp_session — an HTTP-only, secure session cookie set when you log in to the web app. It contains an encrypted token that identifies your account. It expires when you log out or close your browser. No personal data is stored in the cookie itself.

We do not use analytics cookies, advertising trackers, third-party tracking pixels, or any other non-essential cookies. We do not use Google Analytics or similar services. Because our cookie is strictly necessary for the service to function, we rely on the "strictly necessary" exemption under the Privacy and Electronic Communications Regulations (PECR) and do not require separate cookie consent.

The mobile app does not use cookies. It uses a secure token stored in your device's encrypted keychain (iOS Keychain or Android Keystore).

5. Who we share your data with

We use a small number of trusted third-party services to operate the app. Each has their own privacy policy and terms of service which govern how they handle data:

Railway (railway.app) — cloud infrastructure provider that hosts the application server. Based in the USA.
Neon (neon.tech) — serverless PostgreSQL database provider. Based in the USA.
Cloudinary (cloudinary.com) — image storage and delivery. Based in the USA.
Resend (resend.com) — transactional email service used to send meal plan emails and account notifications. Based in the USA.
Vercel (vercel.com) — web frontend hosting. Based in the USA.

We do not sell, rent, or trade your personal data to any third party.

6. International data transfers

Your personal data is transferred to and stored in the United States by our infrastructure providers listed above. These transfers are protected by appropriate safeguards, including the UK International Data Transfer Agreement (UK IDTA) and/or Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, which ensure your data receives an equivalent level of protection to that provided under UK law.

7. How long we keep your data

Account and recipe data — kept for as long as your account is active.
Deleted accounts — when you delete your account (via the app's Profile screen), all your personal data, recipes, and uploaded images are permanently deleted from our systems and Cloudinary within minutes. Any remaining server logs held by our infrastructure providers are purged within 7 days.
Server logs — retained by our infrastructure providers for up to 7 days then automatically deleted.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.
Right to rectification — you can correct inaccurate data via the Profile screen in the app at any time.
Right to erasure ("right to be forgotten") — you can permanently delete your account and all associated data directly within the app (Profile → Delete Account), or by emailing us.
Right to restrict processing — you can ask us to pause processing of your data in certain circumstances.
Right to data portability — you can request your data in a machine-readable format.
Right to object — you can object to processing based on legitimate interests.
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time by deleting your account. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent. Please note that deleting your account means you will no longer be able to use the service.

To exercise any of these rights, email us at info@myrecipeapp.co.uk. We will respond within one calendar month.

9. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Our meal plan generator uses simple randomisation to suggest recipes; it does not profile you or make decisions that affect your rights.

10. Security

We take reasonable technical and organisational steps to protect your data, including: encrypted HTTPS connections for all data in transit, bcrypt password hashing, HTTP-only session cookies on the web, and encrypted keychain storage on mobile devices. No method of transmission over the internet is 100% secure, but we take data security seriously and regularly review our practices.

11. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly by email without undue delay.

12. Children

My Recipe App is not directed at children under 16. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

13. Third-party links

Our app may display recipes sourced from third-party websites and may include links to those sites. We are not responsible for the privacy practices or content of any third-party websites. We encourage you to read the privacy policy of any external site you visit.

14. Mobile app

The My Recipe App mobile application uses secure token-based authentication (JWT) rather than cookies. Authentication tokens are stored in your device's encrypted keychain (iOS Keychain or Android Keystore) and are transmitted via HTTPS only. The mobile app does not collect location data, device identifiers, advertising identifiers, or push notification tokens.

15. Changes to this policy

We may update this policy from time to time. If the changes are significant, we will notify you by email at the address registered to your account. The date at the top of this page will always reflect when the policy was last revised.

16. Right to complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

We would appreciate the chance to address any concerns before you contact the ICO, so please reach out to us first.

17. Contact

For any privacy-related questions or to exercise your rights, contact us at:
info@myrecipeapp.co.uk