RecipeLab Logo
RecipeLab
Get Started

Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) explains how RecipeLab LLC (“RecipeLab LLC”, “RecipeLab,” “we,” “our,” or “us”) collects, uses, shares, and safeguards personal information of individuals (“you” or “users”) who use our websites, mobile apps, and related services (collectively, the “Service”).

This Policy covers personal information we process as a controller (e.g., your account, billing, and usage data) and, for Organization workspaces, certain data we process as a processor on behalf of an Organization (defined below).

2. Key Definitions & Roles

  • Organization: a workspace created by or for a group (e.g., a business, team, or restaurant). Organization owners/admins control membership and sharing settings.
  • Organization Content: recipes, ingredients, images, notes, comments, and related materials submitted to an Organization workspace. For Organization Content, we act as a processor and the Organization acts as the controller.
  • Service Data: account/profile info, device/usage data, support communications, and similar info we need to run the Service. We act as a controller for Service Data.

3. Information We Collect

  • Account & Profile: name, email, password hashes, organization affiliation, role, and preferences.
  • Organization Content: recipes and related materials you or your Organization upload. Visibility is limited to your Organization unless you explicitly share or publish (if/when such features are enabled).
  • Device & Usage: IP address, device identifiers, app version, crash logs, pages/screens viewed, timestamps, language, and similar diagnostics may be collected.
  • Cookies/Local Storage/SDKs: used for authentication, preferences, analytics, and performance.
  • Support & Comms: messages you send us (including attachments), feedback, and survey responses.
  • Payment Metadata (if applicable): subscription plan, status, and limited transaction metadata. Platform providers (e.g., Apple) process payments and do not share full card details with us.

4. Sources of Personal Information

  • Directly from you (account creation, content uploads, support).
  • Automatically from your device and use of the Service.
  • From your Organization admins (when they invite/manage users).
  • From integrated third-party services you choose to connect.

5. How We Use Information

  • Provide, operate, maintain, and improve the Service.
  • Personalize features, remember preferences, and enhance usability.
  • Provide customer support and communicate about updates, security, and policy changes.
  • Monitor, prevent, and detect fraud, abuse, and security incidents.
  • Analyze aggregate usage to improve performance, reliability, and features.
  • Comply with legal obligations and enforce our Terms.

For Organization Content, we process it only to provide the Service according to the Organization’s settings.

6. Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data based on: (a) contract (to provide the Service), (b) legitimate interests (e.g., security, product improvement, communications about similar features), (c) consent (e.g., certain marketing or optional analytics), and (d) legal obligations.

7. Sharing Your Information

  • Vendors/Processors (e.g., cloud hosting, error tracking, analytics) that help us provide the Service under contracts that limit their use of personal information.
  • Within your Organization: admins and members can access Organization Content per workspace settings.
  • Legal/Compliance: to comply with law, enforce agreements, or protect safety, rights, and property.
  • Business Transfers: in connection with a merger, acquisition, or asset sale.

We do not sell personal information. If we engage in “sharing” for cross-context behavioral advertising in the future, we will provide required disclosures and opt-out controls.

8. Organization Workspaces & Admin Responsibilities

  • Visibility: Organization Content is visible to Organization members according to the Organization’s settings. We don’t surface Organization Content publicly unless an Organization enables sharing/publishing features.
  • Admin Capabilities: Organization owners/admins can invite/remove users, adjust roles and permissions, access Organization Content, export data, and configure integrations.
  • Controller Responsibilities: Organization owners represent and warrant they have a lawful basis to process members’ data, will honor member requests (access, deletion, etc.), and will configure the workspace in a privacy-compliant way.

9. Data Retention & Security

We retain personal information for as long as needed to provide the Service and for legitimate business or legal purposes (e.g., security, fraud prevention, accounting). Organization Content may remain in system backups for a limited period after deletion. We use reasonable administrative, technical, and physical safeguards appropriate to the nature of the data and our business. No method of transmission or storage is 100% secure.

To request deletion, use our support form or, if you are part of an Organization, contact your admin (who may need to approve or action your request).

10. Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, or port your data; to object to or restrict certain processing; and to withdraw consent. We will verify your request and respond as required by applicable law.

  • California/Colorado/Virginia: you may have rights to know/access, correct, delete, opt-out of certain sharing/targeted advertising, and limit use of sensitive data. You may submit requests via our Support form. We honor Global Privacy Control (GPC) where applicable.
  • EEA/UK: contact us to exercise GDPR rights or lodge a complaint with your local supervisory authority.

For Organization Content, we may direct you to your Organization admin, as they control that data.

11. Cookies & Similar Technologies

We use cookies, local storage, and SDKs for essential functions (login, security), preferences, and analytics. You can adjust browser or device settings to manage cookies; some features may not function properly without them. Where required, we’ll present consent controls.

12. International Data Transfers

We may transfer, store, and process information in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (and UK addenda) for cross-border transfers.

13. Children’s Privacy

The Service is not intended for children under 13 (or the minimum age of digital consent in your region). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can remove it.

14. AI/ML & De-identified Data

We may use de-identified or aggregated data to improve features and performance. We do not use Organization Content to publicly disclose your information. If we introduce new AI features that process your content beyond providing the Service, we will provide clear controls and obtain consent where required.

15. Third-Party Links & Services

The Service may link to or integrate with third-party websites and services. Their privacy practices are governed by their policies; we are not responsible for their content or practices. Review their policies before providing personal information.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page (and, where required, we will notify you). Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

17. Contact Us

Questions or privacy requests? Reach us at support@recipelab.com. You can also submit requests via our Support Request form.

If you are part of an Organization, you may need to contact your Organization admin to exercise certain rights related to Organization Content.

Last upated August 17, 2025