1. Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Rouven Grassberger
Gießener Straße 68
60435 Frankfurt am Main
Germany

Email: support@realrecipe.app

2. Overview

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the RealRecipe mobile application ("App") and related services ("Services"). We are committed to processing your data lawfully, transparently, and in accordance with the GDPR and applicable German data protection legislation.

We collect only the data necessary to provide and improve our Services (data minimization principle, Art. 5(1)(c) GDPR). We do not sell your personal data to third parties.

3. Data We Collect

3.1 Account Data

When you register via Apple Sign-In, Google Sign-In, or email, we collect:

Email address — for account identification and communication
Display name — for personalization (optional, depending on sign-in method)
Authentication identifiers — provided by Apple or Google for secure login

3.2 Recipe Data

Recipes you save, import, or create, including associated images, source URLs, ingredient lists, and instructions.

3.3 Usage Data (Optional)

With your consent, we collect anonymized usage analytics to understand how the App is used and to improve our Services. This includes:

Feature usage patterns (anonymized)
App performance metrics
Error and crash reports

No personally identifiable information is transmitted via analytics. You can disable analytics at any time: Settings → Anonymous Usage Analytics → Off.

3.4 Device Data

Technical information required for the proper functioning of the App, including device type, operating system version, and app version.

3.5 Payment Data

Payment transactions are processed exclusively by Apple through the App Store. We do not receive, store, or process any payment card numbers, bank account information, or other financial data. We only receive confirmation of your subscription status from Apple via RevenueCat.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Art. 6(1)(b) GDPR — Contract performance: Processing is necessary to provide the App's core functions (account management, recipe storage, recipe extraction)
Art. 6(1)(a) GDPR — Consent: For optional analytics data collection, which you can withdraw at any time without affecting the legality of prior processing
Art. 6(1)(f) GDPR — Legitimate interest: For security monitoring, abuse prevention, fraud detection, and service improvement, where our legitimate interest does not override your fundamental rights and freedoms

5. Third-Party Services and Data Processors

We use the following third-party services to operate the App. We have entered into Data Processing Agreements (DPAs) with all providers in accordance with Art. 28 GDPR:

Supabase (EU servers, Frankfurt) — Authentication and data storage. Data is stored on EU-based servers. Privacy Policy
PostHog (EU servers) — Anonymous usage analytics (optional, can be disabled in Settings). Privacy Policy
RevenueCat — Subscription management. Receives anonymized user identifiers and subscription status only. Privacy Policy
Google Gemini API — AI recipe extraction. Only recipe-related content (URLs, images) is sent for processing; no personal user data is transmitted. Privacy Policy
Apple / Google — Authentication services (Sign-In with Apple, Google Sign-In). Only the minimum required information is received.
Vercel — Website hosting. Privacy Policy

6. International Data Transfers

Your primary data is stored on Supabase EU servers located in Frankfurt, Germany. Some third-party processors (RevenueCat, Google) may transfer data to servers outside the European Economic Area (EEA). In such cases, we ensure adequate protection through:

EU Standard Contractual Clauses (SCCs) as per Art. 46(2)(c) GDPR
EU adequacy decisions where applicable (Art. 45 GDPR)
Binding corporate rules or other appropriate safeguards

7. Data Retention

Account data: Retained until you delete your account
Recipe data: Retained until manual deletion or account deletion
Usage data: Retained for 12 months, then automatically anonymized
Server logs: Retained for 30 days for security purposes

Upon account deletion, all personal data will be permanently and irreversibly deleted within 30 days. Anonymized, aggregated data that can no longer be linked to you may be retained for statistical purposes.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at support@realrecipe.app. We will respond within 30 days.

Right of Access (Art. 15 GDPR): Request information about what personal data we store about you and how it is processed
Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete personal data
Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
Right to Restriction of Processing (Art. 18 GDPR): Request restriction of processing under certain circumstances
Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format. You can export your data in the App: Settings → Export My Data
Right to Object (Art. 21 GDPR): Object to processing based on legitimate interest. If you object, we will cease processing unless we demonstrate compelling legitimate grounds
Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent for optional data processing at any time without affecting the lawfulness of prior processing

9. Data Export and Account Deletion

You can export all your data at any time directly within the App:
Settings → Export My Data

To delete your account and all associated data:
Settings → Delete Account

When you delete your account, all your data (profile information, saved recipes, images) will be permanently and irreversibly deleted from our servers within 30 days. This action cannot be undone.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data in accordance with Art. 32 GDPR, including:

Encrypted data transmission using TLS 1.3 / SSL
Secure token storage using the iOS Keychain
Data storage on EU-based servers with industry-standard security certifications
Regular security audits and updates
Access controls limiting data access to authorized processes only
Row-level security (RLS) policies ensuring data isolation between users

11. Cookies and Tracking

The App itself does not use cookies. Our website (realrecipe.app) uses only essential cookies required for the technical operation of the website. We do not use marketing or third-party tracking cookies.

12. Children's Privacy

RealRecipe is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@realrecipe.app. We will promptly delete any such data.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent supervisory authority for our registered office is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
https://datenschutz.hessen.de

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via the App or email. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised. Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Rouven Grassberger
Gießener Straße 68
60435 Frankfurt am Main, Germany

Email: support@realrecipe.app