Privacy Policy

Spoonify is a place to find, save, and share recipes. To make that work, we collect a small amount of information about you — the minimum we need to run the app, keep your account safe, and pay creators when you buy their work.

• We do not sell your personal information, and we never have.
• We do not show third-party advertising, so we are not tracking you around the web for ads.
• You can see, export, or delete most of your data from the Spoonify app at any time.

This Privacy Policy explains the details. It is part of our Terms of Service.

This policy is published by Spoonify, Inc. (“Spoonify,” “we,” “us”) and applies to information we collect about you when you:

• Visit spoonify.app or any of our subdomains;
• Use the Spoonify mobile applications for iOS or Android;
• Communicate with us (for example, through customer support or social media); or
• Interact with Spoonify content on third-party platforms.

It does not apply to third-party websites or apps that we link to, which have their own privacy practices.

Information you give us

• Account information. Name, username, email, password (hashed, never stored in plain text), profile photo, and optional bio.
• Content. Recipes, photos, videos, comments, reviews, cookbooks, follows, and saves.
• Communications. Messages you send us, including support requests, bug reports, and feedback.
• Creator information. If you become a Creator, we collect identity verification data and tax information via our payment processor, Stripe. We receive a status and partial details from Stripe but do not store full bank or government ID numbers.
• Payment information. When you buy a subscription or a paid recipe, payment details (card number, billing address) are collected directly by Apple, Google, or Stripe. We receive a token and the last four digits — we do not see your full card number.

Information we collect automatically

• Device and log data. IP address, device type and model, operating system, app version, browser, language, time zone, referring page, and timestamps. We use this to operate the Service, diagnose issues, and detect abuse.
• Usage data. Pages and screens you view, recipes you save or open, searches you run, and how you navigate the app.
• Cookies and similar technologies. See Cookies and similar technologies below.
• Approximate location. We derive a coarse location (city or region) from your IP address. We only collect precise location if you explicitly grant permission, for example to find nearby grocery stores.

Information from third parties

• Sign-in providers. If you sign in with Apple or Google, we receive a unique identifier and the information you choose to share (typically your name and email).
• Payment processors. Stripe, Apple, and Google share transaction outcomes and limited billing details with us so we can give you access to what you bought and pay creators.
• Other users. Other people may give us information about you when they mention you, tag you, or include you in a shared cookbook.

We use the information described above to:

• Provide, maintain, and improve the Service;
• Create and manage your account, authenticate you, and keep it secure;
• Personalize what you see — for example, recipes from people you follow, recommendations based on what you save, and search results;
• Process payments, pay creators, and prevent fraud and abuse;
• Communicate with you, including service announcements, security alerts, and (only with your consent where required) marketing emails;
• Measure and analyze how the Service is used so we can make it better;
• Comply with legal obligations, enforce our Terms, and protect the rights, property, or safety of Spoonify, our users, and the public.

We do not use your private Content (drafts, private cookbooks, private messages) to train machine-learning or generative AI models. We may use aggregated and de-identified data, and we may use public Content to power features like recommendations and search.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

• Performance of a contract — to provide the Service you have asked for, including paid features.
• Legitimate interests — to operate and improve the Service, keep it secure, prevent fraud, and understand how it is used, in ways that are not overridden by your interests or rights.
• Consent — for non-essential cookies, precise location, and marketing communications where required by law. You can withdraw consent at any time.
• Compliance with legal obligations — for tax, accounting, and responding to lawful requests.

We share personal information only as described below.

With other Spoonify users

Your profile, public recipes, comments, follows, and certain activity (like reviews) are visible to other users by design. You control most of this from your privacy settings.

With service providers

We share information with vendors who help us run the Service, under contracts that restrict how they may use it. Key providers include:

• Supabase — database hosting and authentication.
• Stripe — payment processing and creator payouts.
• Apple and Google — in-app purchases on iOS and Android.
• Cloud infrastructure providers — hosting, content-delivery, and image storage.
• Analytics and error monitoring — to understand usage and fix bugs (configured to minimize personal data).
• Email and customer support tools — to send transactional messages and answer your questions.

For legal reasons

We may disclose information if we believe in good faith that it is required by law, such as to respond to a subpoena, court order, or other lawful request; to enforce our Terms; or to protect the rights, property, or safety of Spoonify, our users, or the public.

Business transfers

If Spoonify is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or a notice in the Service) before your information becomes subject to a different privacy policy.

With your consent

We share information for other purposes with your consent or at your direction.

We and our service providers use cookies and similar technologies (such as local storage and SDKs in our mobile apps) for the following purposes:

• Strictly necessary — to sign you in, keep your session active, remember your preferences, and protect against cross-site request forgery.
• Performance and analytics — to count visits and understand how features are used, in an aggregated way.
• Functional — to remember choices you make, like language and display preferences.

We do not use third-party advertising cookies. Where required by law, we ask for your consent before setting non-essential cookies and you can change your choices at any time from the cookie banner or your browser settings. Disabling strictly necessary cookies will break parts of the Service, like staying signed in.

For the full list of cookies and SDKs we use, see our Cookie Policy.

We keep your information for as long as your account is active and for a reasonable period afterward in case you reactivate it or we need it for the purposes described in this policy. We may keep information longer when required by law (for example, tax records), to resolve disputes, or to enforce our agreements.

When you delete content or your account, we remove it from the active Service within a reasonable period and from our backups within our standard backup-rotation window. Aggregated and de-identified data, which cannot reasonably be linked back to you, may be retained indefinitely.

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, and regular security reviews. No system is perfectly secure, however, and we cannot guarantee the security of information you transmit to us.

If we become aware of a security incident affecting your personal information, we will notify you and the appropriate authorities as required by law.

Wherever you live, you can:

• Access and update most of your profile and content from the Spoonify app;
• Download a copy of your data from Settings → Privacy → Download my data;
• Delete your account from Settings → Account → Delete account; and
• Opt out of marketing emails from the unsubscribe link in every email, or in your notification settings.

If you are in the EEA, UK, or Switzerland

You have the right to access, correct, delete, restrict, or object to the processing of your personal information, and to data portability. You may withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local data-protection authority.

If you are in California

California residents have the right under the CCPA/CPRA to know what personal information we collect, use, disclose, and (if applicable) sell or share; to request deletion or correction; to opt out of “sales” and “sharing” of personal information (we do not sell or share personal information as those terms are defined under California law); to limit the use of sensitive personal information; and not to be discriminated against for exercising these rights.

To exercise any of these rights, email privacy@spoonify.app. We may need to verify your identity before responding, and an authorized agent may make a request on your behalf with proof of authority.

Spoonify is based in the United States and our service providers may process your information in countries other than the one you live in. Where required, we rely on transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and the EU−U.S. Data Privacy Framework (where applicable) to protect your information when it is transferred internationally.

Spoonify is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@spoonify.app and we will take appropriate steps to delete it.

Some browsers send a “Do Not Track” signal. There is no consistent industry standard for how to respond to this signal, and we do not currently respond to it. Where required by law, we treat opt-out preference signals such as Global Privacy Control as a valid opt-out of sales or sharing of personal information.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the Service or by email before the changes take effect. The “Effective” date at the top of this page shows when the policy was last updated.