Privacy
Privacy policy for the ReciGit beta.
Last updated: July 1, 2026. ReciGit is a small beta product for saving, improving, and testing recipes. This policy explains what personal data is processed, why it is processed, and how you can ask for access, correction, or deletion.
This page is written in English because the ReciGit interface is English. If ReciGit is offered to users in Germany, a German privacy policy reviewed by a qualified professional would be legally safer. This page is not legal advice; please have it reviewed before public launch.
Controller and contact
Controller: [Your name]
Contact email: [contact@…]
Use this contact for privacy questions, account deletion, content deletion, or data-access requests. You can also start a request from the feedback page.
Data ReciGit processes
- Account and profile data, such as your email address, display name, handle, avatar, sign-in events, and authentication identifiers.
- Recipe content you create or edit, including titles, descriptions, ingredients, steps, timings, servings, tags, dietary labels, saved versions, variants, and suggestions.
- Uploaded or linked images, including recipe images and cook-report evidence photos, plus captions or related metadata.
- Cook reports, ratings, notes, comments, collections, feedback messages, deletion requests, and moderation or curation notes connected to content quality and safety.
- Technical data needed to run the service, such as IP-derived request data, device/browser information, logs, security events, performance measurements, and basic usage events.
Purposes and legal bases under Article 6 GDPR
Provide the ReciGit service
Art. 6(1)(b) GDPR, because this processing is needed to create accounts, sign you in, save recipes, show collections, and run the beta features you request.
Keep public and private content working as expected
Art. 6(1)(b) GDPR for account features and Art. 6(1)(f) GDPR for the legitimate interest of operating a reliable public recipe library.
Moderate recipe quality, duplicates, evidence photos, abuse, and security issues
Art. 6(1)(f) GDPR, based on ReciGit's legitimate interest in keeping dish pages useful, trustworthy, and safe for cooks.
Send sign-in emails and important transactional messages
Art. 6(1)(b) GDPR when the message is needed for your account, and Art. 6(1)(f) GDPR for service-security messages.
Answer feedback, privacy questions, and deletion requests
Art. 6(1)(c) GDPR where a legal obligation applies, and Art. 6(1)(f) GDPR where ReciGit needs to respond and improve the beta.
Understand reliability and performance with privacy-conscious analytics
Art. 6(1)(f) GDPR, based on the legitimate interest of making the app faster, more stable, and easier to use.
Public content, private content, and images
Public recipes, public recipe pages, public cook reports, public evidence photos, and public collections can be viewed by anyone. Private recipes and private collections are intended to be visible only to their owner and to the systems needed to operate ReciGit.
Recipe text, comments, suggestions, cook reports, and uploaded images are user-generated content. Please do not include sensitive personal information in recipe notes, public comments, captions, or uploaded photos.
Processors and hosting
- Supabase stores the application database, authentication records, and uploaded files. The current ReciGit Supabase project is hosted in eu-central-1, Frankfurt, Germany.
- Vercel hosts the Next.js application, deployment infrastructure, server logs, Vercel Web Analytics, and Speed Insights.
- Resend is used to send transactional sign-in email for ReciGit.
- These providers may process data in countries outside the European Economic Area where their infrastructure, support, or subprocessors require it. Where that happens, appropriate transfer safeguards such as standard contractual clauses should be used.
Analytics and performance
ReciGit uses Vercel Web Analytics and Vercel Speed Insights to understand aggregate usage, page performance, and reliability. These tools are intended to be cookieless and are not used for advertising, cross-site tracking, or selling personal data.
Retention
Account data is kept while your account exists. Recipe content, versions, variants, cook reports, comments, collections, and images are kept while they are needed to provide the service, maintain recipe history, and preserve public dish pages.
Feedback and deletion requests are kept as long as needed to answer the request and keep a reasonable record of how it was handled. Security, infrastructure, and server logs are kept only for as long as reasonably needed for security, debugging, abuse prevention, and legal obligations.
Your GDPR rights
- Access the personal data held about you.
- Correct inaccurate or incomplete personal data.
- Request deletion of your account or content where deletion is legally available.
- Request restriction of processing in certain situations.
- Object to processing based on legitimate interests.
- Receive portable data where portability applies.
- Complain to a competent data protection supervisory authority.
Account and data deletion path
To request account deletion, data deletion, or removal of specific recipe content or uploaded images, email [contact@…] or send a deletion request through the feedback page. Please include the email address used for your account and describe the content you want removed.
During beta, deletion requests are reviewed manually. Some public recipe history may need to be anonymized instead of fully removed when keeping the recipe record is necessary for other users and ReciGit has a lawful basis to retain it.
Recipe, nutrition, and medical disclaimer
ReciGit is not a medical, nutrition, allergy, or food-safety advisory service. Recipe nutrition, allergy, dietary, and safety information is user-generated and is not guaranteed.