Privacy Policy
Your privacy is important to us. This Privacy Policy explains how The Recipe Society (operated by Novelty Technologies, LLC) collects, uses, and protects your personal information when you use our mobile application and services.
Last updated: July 14, 2026
This Privacy Policy for Novelty Technologies, LLC, doing business as The Recipe Society ("we," "us," or "our"), describes how and why we collect, store, use, and share your personal information when you use our services (the "Services"), including when you:
- Use our mobile application, The Recipe Society, on iOS or Android;
- Visit our website at https://therecipesociety.com or any of our websites that link to this Privacy Policy; or
- Engage with us in other related ways, including support and privacy requests.
Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. Questions or concerns: support@therecipesociety.com.
SUMMARY OF KEY POINTS
- What we collect. Account information, profile and health-related characteristics you choose to provide, the content you create, and limited technical information described below.
- Sensitive information. With your consent and as described in this policy, we process health-related information you provide (such as age, height, weight, dietary preferences, and food allergies).
- No advertising. The Services do not display third-party advertisements, and we do not share your personal information with advertising networks.
- No sale of personal information. We do not sell your personal information.
- AI features. Optional AI features send the content needed for your request to our third-party AI provider under a data processing agreement, as described in the section titled "AI-Powered Features."
- Your rights. Depending on where you live, you have rights to access, correct, delete, and export your personal information. See the section titled "What Are Your Privacy Rights?"
- How to exercise rights. Use the in-app controls in Settings, visit therecipesociety.com/privacy-request, or email support@therecipesociety.com.
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
We collect personal information that you voluntarily provide when you register, use the Services, or contact us, which may include:
- Names, email addresses, usernames, and passwords (we do not store passwords in plain text);
- Profile information, including profile photos and an optional bio;
- User-generated content, including recipes, photos, posts, comments, messages, and reviews;
- Food, meal, and nutrition data you log;
- Characteristics you choose to provide, such as age, gender, height, weight, activity level, fitness goals, dietary preferences, and food allergies.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes.
Sensitive information
With your consent, we process health-related information you provide (the characteristics listed above). See the sections titled "Health Data Handling," "Fitness Data Collection," and "AI-Powered Features" for how this information is stored, protected, and shared.
Payment data
Purchases are made through the Apple App Store or the Google Play Store. We do not collect or store your full payment card details; payment is handled by the applicable app store. We use a third-party subscription-management service to administer subscription entitlements. Subscription transaction records we retain are described in the section titled "How Long Do We Keep Your Information?"
Application permissions
If you use the app, we may request access to certain device features, each of which you can enable or disable in your device settings:
- Camera and photos โ for recipe, profile, post, and message images; food photo analysis; pantry and receipt scanning; and barcode scanning. Photos you upload may contain metadata (such as location information) added by your device, which you can disable in your device's camera settings;
- Microphone and speech recognition โ voice input, when used, is transcribed to text by your device's operating system or browser speech service (which may process the audio under that vendor's policies); the app does not record or store the audio;
- Health platform (Apple Health on iOS; Health Connect on Android) โ optional, described in the section titled "Fitness Data Collection"; on Android this uses the device's Health Connect permissions;
- Bluetooth โ optional pairing with compatible kitchen devices (such as a smart kitchen scale); used to discover and communicate with compatible devices you choose to connect;
- Push notifications โ optional reminders and updates, which you can disable in Settings or at the device level.
Information automatically collected
We automatically collect limited technical information when you use the Services: IP address (used to derive approximate location and for security), device and browser characteristics, operating system, and usage information (such as screen views and feature interactions). We do not collect precise GPS location. This information is needed to maintain the security and operation of our Services and for internal analytics.
2. HOW DO WE PROCESS YOUR INFORMATION?
We process your personal information to:
- Create and manage your account and deliver the Services, including cross-device sync;
- Calculate personalized nutrition information (such as calorie and macronutrient targets) from the characteristics you provide;
- Provide optional AI features, as described in the section titled "AI-Powered Features";
- Enable social and community features, including recipe sharing, posts, groups, and messaging;
- Provide optional integrations you enable (fitness platforms, grocery retailer links);
- Send reminders and notifications you have enabled;
- Respond to support and privacy requests;
- Protect the Services, including fraud prevention, abuse prevention, content moderation, and security monitoring;
- Comply with legal obligations and enforce our terms;
- Produce anonymized, aggregated statistics that do not reasonably identify individuals.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
If you are located in the EU, EEA, UK, or Switzerland, we process your personal information only when we have a valid legal basis:
- Performance of contract โ account creation, core Services, subscriptions, cross-device sync, social and messaging features, and basic AI features you invoke;
- Consent โ health-platform integration, Personalized AI (inclusion of your profile context in AI prompts), food photo analysis, reminders and push notifications, and marketing communications. You may withdraw consent at any time, and withdrawal is as easy as giving consent;
- Legitimate interests โ security event logging, fraud and abuse prevention, and service analytics;
- Legal obligation / legal claims โ records we are required to keep, such as tax records and records needed to establish, exercise, or defend legal claims;
- Vital interests โ the narrow safety carve-out described under "AI Safety Logging" in the section titled "AI-Powered Features."
Where we process special-category (health-related) data, we rely on your explicit consent, except for the narrow safety-logging bases described in the section titled "AI-Powered Features."
If you are located in Canada, we process your information with your express or implied consent, or as otherwise permitted by applicable law.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
We share personal information only in the following situations, and we do not sell it:
- Service providers. Vendors that perform services for us under contract, limited to what is needed to perform those services: our cloud infrastructure provider; our third-party AI provider (for AI features you use); our third-party content-moderation service; our third-party analytics provider; our error-monitoring and crash-reporting provider; our subscription-management service; our CDN provider; our email service providers; a breached-credential-checking service (which receives only a truncated cryptographic hash prefix when a password is checked โ the password itself is not sent); an IP-address lookup service (used to capture the network address recorded in consent and acceptance records); and third-party bot-detection services that protect our public website forms and our sign-up and sign-in flows.
- Public reference databases. Barcode and nutrition lookups query third-party databases (Open Food Facts, USDA FoodData Central); only the decoded barcode value or search text is sent โ see the section titled "Barcode Scanning and Food Database."
- Grocery retailers. If you choose to send a shopping list to a retailer (for example, Instacart, Walmart, or Kroger), the list items you select are shared with that retailer at your direction, under that retailer's own terms and privacy policy. Delivery addresses are not collected by us โ retailer checkout happens in the retailer's own app or website. We may earn a commission on qualifying purchases you make through these retailer links; this does not change that the items are shared only at your direction and does not constitute a sale of your personal information.
- Other users. Content you choose to make public (recipes, posts, comments, profile information) is visible to other users. Messages are visible to thread participants. Other users may copy or retain content outside our Services, and we do not control what they do with it.
- Connected professionals and household members. As described in the section titled "Multi-Profile and Professional Features."
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Privacy Policy.
- Legal requirements. As described in the section titled "Government and Law-Enforcement Requests" of our Terms of Service and in this policy.
5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
The Services may contain links to third-party websites and services (including retailer links and creator-recommended product links) that are not affiliated with us. We are not responsible for the content, safety, or privacy practices of third parties. Data collected by third parties is governed by their own policies. You should review the privacy policy of any third-party site you visit.
6. COOKIES, ANALYTICS, AND TRACKING
Where our Services run in a web browser, cookies and similar technologies are used for security, functionality, and analytics, as described in our Cookie Policy. The native mobile apps do not use browser cookies for tracking; embedded web pages inside the app (such as sign-in or subscription-management pages) may use cookies as described by their providers and our Cookie Policy. Usage events (screen views, feature interactions) are collected for product improvement โ on some surfaces through a third-party analytics provider, and on others in our own systems.
We do not use cookies, identifiers, or analytics for third-party advertising, and we do not engage in cross-context behavioral advertising as that term is defined under applicable state privacy laws.
Global Privacy Control. We treat Global Privacy Control (GPC) signals as an opt-out of sale or sharing where applicable law requires; because we do not sell or share personal information, these signals do not change our current processing. Apart from GPC, no uniform standard for "Do Not Track" signals has been adopted, and we do not currently respond to other DNT mechanisms; if a standard is adopted that we must follow, we will update this policy.
7. AI-POWERED FEATURES
Our Services use third-party artificial intelligence services to provide AI-powered features.
Categories of AI features. AI processing is used in our Services for a number of purposes, including (without limitation):
- AI nutrition chat and conversational nutrition guidance, where your typed messages and the relevant context described below are sent to our third-party AI provider to generate a response.
- Food photo analysis, where a photo you choose to submit is sent to our third-party AI provider for inference about its contents.
- Ingredient and recipe text parsing, where free-form text you enter or import (for example, a recipe ingredient list or a meal description) โ or a receipt or label image you submit, which is sent to the provider so the text can be extracted โ is processed by our third-party AI provider to estimate nutrition information, structure ingredient data, or build a shopping list.
- Recipe and meal-plan generation and improvement, where the request you submit and the relevant context described below are sent to our third-party AI provider to produce a suggested recipe or plan.
In each case, the content sent to the AI provider is the content needed to perform the specific request you initiated, plus the bounded context window described under "Data processing" below. Photos you submit to a non-AI feature (for example, a profile photo or a recipe cover image) are not sent to the AI provider.
Data sent to AI. When you use AI features, information relevant to your request may be sent to the AI provider, including the question or request you submit, relevant profile preferences (such as dietary preferences and goals), and your activity history within the AI feature.
AI limitations and disclaimers.
- AI responses are generated automatically and may be inaccurate.
- AI suggestions are for informational purposes only, NOT medical or professional nutrition advice.
- You should consult qualified healthcare professionals before making significant dietary changes.
- We are not responsible for any health outcomes resulting from following AI suggestions.
- AI may occasionally produce inappropriate or incorrect responses despite our safety measures.
- Some AI responses may include a suggested in-app action (for example, logging a meal you described). Suggested actions are designed to take effect only if you confirm them in the app.
Your controls. From the Settings screen, the Privacy & Data section contains:
- A "Personalized AI" toggle that controls whether your profile context (dietary preferences, goals, history) is included in AI prompts.
- An "AI Features" toggle that disables AI features.
Disabling AI features limits app functionality and stops the AI-powered features described above while disabled; automated content-moderation and safety screening described elsewhere in this policy continue to apply.
Data processing.
- AI requests are processed by our third-party AI provider under a data processing agreement that binds the provider to a controller-processor relationship with us and prohibits the provider from using your prompts or responses to train or improve its own models.
- Under that agreement, the provider may retain request content for a limited time for abuse-monitoring purposes, after which it is required to be deleted.
- We send the content needed to perform your request. Prompts are designed not to include your account name, email, or user identifier, and we authenticate to the provider on a service-to-service basis rather than forwarding your account credentials.
- Conversation history and personalization context (profile preferences, recent activity) sent to the provider are capped to a recent window per request rather than your full history, to bound what leaves the device on any single interaction.
AI chat storage and encryption.
- Your stored AI chat history, including any derived conversation summary the assistant maintains for continuity, is encrypted with keys held on your devices before it is stored on our servers, and we do not retain access to your stored chat history. When you send a message, our systems process it in transit to generate the response and to perform the safety screening described below.
- Because your stored AI chat history is encrypted with keys we do not hold, it is not included in server-side data-export responses. You can export your AI chat history yourself at any time from the in-app message settings. Safety-log records retained about you are handled in accordance with your access rights under applicable law.
AI safety logging.
- Our automated safety systems are designed to screen AI interactions for signals such as crisis language, self-harm indicators, and concerning eating-disorder behaviour, and to write a record of the interaction to our safety log for a limited time so that crisis resources can be surfaced in-app, our community guidelines can be applied, and the safety pipeline can be reviewed. Automated detection is limited, may not identify every situation, and is not monitored by humans in real time. The amount of information retained in a record depends on the nature of the signal and on your "Limit Sensitive Information Use" setting.
- For routine interactions, the record may include your account identifier and the interaction content. If you enable the "Limit Sensitive Information Use" control in Settings, routine records omit your account identifier and the underlying message text, and we retain only derived operational signals (GDPR Art. 6(1)(f) legitimate interest in service safety).
- Where the safety signal indicates a concerning but not imminent health-related pattern and you have enabled the "Limit Sensitive Information Use" control, we retain the derived signal together with a pseudonymous reference to your account so that repeat patterns can be detected; the underlying message text is omitted in that case (GDPR Art. 9(2)(g) substantial public interest in preventive medicine, with pseudonymisation as a safeguard, and Art. 6(1)(f)).
- Where the safety signal indicates an imminent risk of self-harm or a critical eating-disorder behaviour, the record is retained in full, including your account identifier and the message content or an excerpt of it, regardless of the "Limit Sensitive Information Use" setting. This narrow carve-out is required so that safety follow-up and help routing are possible, and it cannot be opted out of (GDPR Art. 9(2)(c) and Art. 6(1)(d) vital interests of the data subject).
- Safety-log records are designed to be purged automatically on a bounded schedule (approximately thirty days).
Automated decisions. You may request human review of automated content-moderation decisions as described in the section titled "Content Moderation and Safety." We do not make legal or similarly significant decisions about you based solely on automated processing; where automated enforcement produces significant effects (such as account restriction), human review is available as described in that section.
8. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
Our Services offer the ability to register and log in using third-party sign-in credentials (such as your Google or Apple account). Where you choose to do this, we receive profile information from the provider, such as your name, email address, and profile picture, depending on the provider and your settings. We use the information we receive for the purposes described in this Privacy Policy. We are not responsible for how the sign-in provider handles your personal information; review that provider's privacy policy for details.
9. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
Our servers are located in the United States. If you access the Services from outside the United States, your information is transferred to, stored, and processed in the United States. For transfers from the EU, EEA, UK, or Switzerland, we rely on appropriate safeguards recognized under applicable cross-border transfer laws, including contractual protections with our service providers. You may contact us for more information about the safeguards applicable to your data.
10. HOW LONG DO WE KEEP YOUR INFORMATION?
We keep your personal information for as long as you have an account with us, and afterwards only as needed for the purposes described below. When you delete your account in the app, your account is deactivated and scheduled for permanent deletion after an approximately 30-day reactivation window: your profile and public recipes are hidden, and signing back in before the window ends lets you cancel the deletion. If you do not sign back in, deletion proceeds automatically. You may instead submit a deletion request through our privacy-request channel, which is not subject to the reactivation window. When deletion is carried out, your personal information is deleted from our active systems without undue delay, subject to these exceptions:
- Subscription transaction records are anonymized (using a one-way hash of your user identifier) and retained for up to 7 years for tax and legal compliance (IRS Publication 583); the archived records we retain do not include your email, name, or IP address (the app stores and our subscription-management provider retain their own transaction records under their policies).
- Terms-of-Service / Privacy Policy / Disclaimer / End User License Agreement acceptance proof (timestamp, the IP address and device user agent captured at acceptance, sign-in method, and the accepted version of each document โ including a record of each End User License Agreement version you accepted) is retained for up to 7 years for legal compliance and defense of contract-related claims. The archived record is keyed to a one-way hash of your user identifier rather than to your name, email, or account.
- Consent-change history (a record of when you toggled consent settings, including the technical details captured with each change, such as the IP address and device information recorded at the time of the change) is retained for a minimum of 24 months to comply with CCPA recordkeeping requirements (ยง1798.130(a)(4)); upon account deletion, the record may be retained for up to 7 years for GDPR Article 7 demonstrability of consent and defense of legal claims, keyed to a one-way hash of your user identifier rather than to your name, email, or account.
- Age-verification records (the timestamp, IP address, and device user agent captured when you confirmed you meet the minimum-age requirement) are retained as legal proof of age-gating compliance for the operational life of your account, and may be retained beyond account deletion to the extent necessary to demonstrate compliance with applicable age-gating and minor-protection laws and to establish, exercise, or defend legal claims. A local verification artifact also persists on your device after account deletion and, on some platforms, may persist after the app is uninstalled.
- DMCA claim records are retained as described in the section titled "DMCA Compliance and Copyright Data."
- Messages you sent to other users are anonymized (sender replaced with a generic placeholder) to preserve conversation context for remaining participants; messages you posted in meal-plan discussion threads are removed rather than anonymized.
- Security and abuse-prevention records (such as sign-up attempt records, which store a hashed, de-identified form of your network address rather than the raw address) are retained for 90 days and are designed to be purged automatically thereafter. A randomly generated, device-scoped identifier used to prevent automated signup abuse is stored in your device's secure storage and, on some platforms, may persist after the app is uninstalled; it does not identify you personally and is not used for advertising or cross-app tracking. Cloud infrastructure logs are retained under our cloud provider's standard retention periods (generally 30 days, with certain administrative audit logs retained longer by the provider).
- Enforcement records (such as records of account suspension, termination, or bans issued under our Terms of Service or Acceptable Use Policy) may be retained after account deletion to the extent necessary to enforce our Terms (including their restrictions on creating new accounts after termination) and to establish, exercise, or defend legal claims.
- Analytics data deletion is requested via our third-party analytics provider's user-deletion API without undue delay; the provider completes processing under its own timelines, and individual event data is otherwise retained by that provider for a limited period under our configuration.
- Deleted files remain in a soft-delete tier for up to 30 days for disaster recovery before permanent purge, and backup copies are purged on our standard backup schedule, typically within 90 days. Content removed by our moderation processes, deleted by an administrator, or deleted by you may be retained internally for approximately 30 days so the action can be reviewed or reversed, and is designed to be purged automatically thereafter.
- Anonymized, aggregated statistics that do not reasonably identify individuals may be retained for product improvement.
Subscription lapse. If your subscription lapses, we do not delete your data; your account and content remain stored under this retention schedule and become accessible again upon renewal. You may export or delete your data and submit privacy requests at any time regardless of subscription status.
11. HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate and reasonable technical and organizational security measures designed to protect your personal information, including encryption at rest using industry-standard encryption for data stored on our servers and an encrypted local store on your device for certain health-sensitive fields. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security. Transmission of personal information to and from our Services is at your own risk; access the Services within a secure environment.
12. DO WE COLLECT INFORMATION FROM MINORS?
You must be 18 years or older to use our Services. We do not knowingly collect personal information from, or market to, anyone under 18.
We do not knowingly collect personal information from children under 13. During signup, you are required to confirm your age, and anyone who does not confirm they meet the age requirement โ including anyone who indicates they are under 13 โ is blocked from creating an account, consistent with the Children's Online Privacy Protection Act (COPPA). If we learn that we may have collected personal information from a user under 18, we will investigate and, where confirmed, deactivate the account and delete the data as required by applicable law. If you become aware of any data we may have collected from anyone under 18, contact us at support@therecipesociety.com.
13. WHAT ARE YOUR PRIVACY RIGHTS?
Depending on where you live (including the EU/EEA/UK/Switzerland, Canada, Australia, New Zealand, South Africa, and a number of US states), you may have the right to:
- Request access to and obtain a copy of your personal information;
- Request correction of inaccurate information;
- Request deletion of your personal information, subject to the legal-retention exceptions described in the section titled "How Long Do We Keep Your Information?";
- Request portability of your data;
- Object to or restrict certain processing;
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal. Withdrawing consent is as easy as giving it, and the consequence is that the feature that depends on it stops working;
- Lodge a complaint with your local data protection authority.
How to exercise your rights. Use the in-app controls in Settings (including account deletion), visit therecipesociety.com/privacy-request (including for data export), or email support@therecipesociety.com. We will consider and act upon requests in accordance with applicable law, and within the response window that law requires (for example, up to 45 days under the CCPA, extendable once by an additional 45 days with notice to you). For your security, data-export download links expire after a limited time.
Marketing opt-out. You can unsubscribe from marketing email at any time using the unsubscribe link in the email, through the app's privacy settings, or by contacting us. You will continue to receive service-related (transactional) messages necessary to administer your account.
Account deletion. You can delete your account at any time from Settings. Your account is deactivated when you request deletion and permanently deleted after an approximately 30-day reactivation window; signing back in before the window ends cancels the deletion. We also send a notice to your account email address when a deletion is scheduled and when it is cancelled, so you can act if you did not request the change. Deleting your account does not cancel a subscription โ cancel through the Apple App Store or Google Play Store.
14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the rights described in this section under your state's privacy law.
Categories of personal information we collect. We collect: identifiers (name, email, username, account identifier, IP address); characteristics you provide (age, gender, height, weight, activity level, fitness goals, dietary preferences, food allergies); commercial information (meal logs, recipe interactions, shopping list history, subscription records); internet or network activity (usage analytics, security event records); approximate (IP-based) geolocation only โ no precise GPS; sensory data (images you upload; voice input is transcribed by your device's operating-system speech service and the audio is not received or stored by us); inferences (food preferences, dietary patterns, personalization data); and sensitive personal information (account login credentials and the health-related characteristics above). We do not use facial-recognition technology and do not collect biometric identifiers (as defined by applicable biometric-privacy laws) or precise geolocation. We do not collect professional, employment, or education information, except credentials and professional information voluntarily submitted by users who apply to offer services as nutrition professionals through the Services.
No sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, and we have not done so.
Your rights include: the right to know, access, and receive a copy of your personal information; the right to correct; the right to delete (subject to legal exceptions, including CCPA ยง1798.105(d)); the right to opt out of sale or sharing; the right to limit the use of sensitive personal information; and the right not to be discriminated against for exercising your rights.
Your controls. From the Settings screen, the Privacy & Data section contains a "Do Not Sell or Share My Information" toggle and a "Limit Sensitive Information Use" toggle, through which you can exercise your rights to opt out of sale/sharing and to limit the use of sensitive personal information. We honor these toggles, and we honor Global Privacy Control signals where applicable. Because we do not currently engage in sale, sharing for cross-context behavioral advertising, or non-essential use of sensitive personal information, these toggles have no current behavior to change; the rights, the toggles, and the record of your selections remain in place so you can exercise them at any time and so that we maintain the recordkeeping required by these laws.
How to exercise your rights. Visit therecipesociety.com/privacy-request, use the in-app controls, or email support@therecipesociety.com. We will verify your request using information associated with your account; an authorized agent may submit a request on your behalf with proof of authorization. We will respond within the timeframe required by your state's law (generally 45 days, extendable once with notice). If we decline to take action, you may appeal by replying to our response or emailing support@therecipesociety.com with the subject "Privacy Appeal"; if your appeal is denied, you may contact your state Attorney General.
Washington and Nevada consumer health data. If you are a resident of Washington, Nevada, or another state with a consumer-health-data law, our separate Consumer Health Data Privacy Policy describes how we collect, use, and share consumer health data and the additional rights available to you under those laws, including under the Washington My Health My Data Act.
15. LEGAL COMPLIANCE DATA COLLECTION
When you create an account or accept our Terms of Service, we collect:
- IP address
- Browser/device information
- Timestamp of acceptance
This data is collected to:
- Create a legally binding record of your agreement to our Terms
- Comply with legal and regulatory requirements
- Prevent fraud and abuse
- Respond to legal requests from law enforcement
Retention periods:
-
Terms of Service and End User License Agreement acceptance. Records of your acceptance, including a record of each End User License Agreement version you accepted, are retained for the duration of your account. Upon account deletion, an archived record of your acceptance (including the technical details captured at acceptance) may be retained for up to 7 years for legal compliance purposes related to enforcement of our Terms and applicable statutes of limitations. The archived record is keyed to a one-way hash of your user identifier rather than to your name, email, or account.
-
Age verification records. When you confirm you are 18 or older during signup, two records are created: (a) an age field stored on our servers as part of your profile, deleted without undue delay when you delete your account; and (b) a local verification artifact stored in your device's secure storage as legal proof of age-gate compliance, which persists on your device even after account deletion and, on some platforms, may persist after the app is uninstalled. The acceptance-time proof (timestamp, IP, device user agent) is retained as described in the section titled "How Long Do We Keep Your Information?"
By creating an account, you acknowledge that these records may be used as evidence of your agreement in any legal proceedings.
16. ADVERTISING
The Services do not display third-party advertisements. We do not share your personal information with advertising networks, do not request advertising identifiers from your device, and do not engage in cross-context behavioral advertising as that term is defined under applicable state privacy laws.
Your California privacy controls remain available regardless, as described in the section titled "Do United States Residents Have Specific Privacy Rights?"
17. FITNESS DATA COLLECTION
When you connect Apple Health (iOS) or Health Connect (Android), we may read workout and activity data made available through those platforms. On either platform, if you also grant write authorization, weight entries you log in the app for yourself can be saved back to your device's health platform (Apple Health on iOS, Health Connect on Android); you can revoke this at any time in your device's health settings. Entries saved this way become part of your device's health platform records and are not removed by us when you delete your account or the app; you can review or delete them in the device's health app.
Data handling:
- Raw sensor-level fitness data is read on your device through the platform's Health framework and is not stored on our servers. If you enable Personalized AI, the summary workout information described below transits our systems as part of your AI requests.
- An audit record is written to our servers when you connect or disconnect a fitness app, retained for compliance purposes and deleted with your account.
- If you enable Personalized AI, your fitness goals and summary workout activity (such as workout types, session counts, durations, and estimated calories burned โ not raw sensor samples, heart-rate data, or workout locations) may be included in requests to our AI provider for personalized recommendations.
- Fitness data is not shared with advertisers.
- We do not collect GPS routes or precise workout locations.
Disclaimers:
- We rely on data provided by the device's Health platform and connected fitness apps; we do not guarantee its accuracy.
- Calorie calculations and nutrition recommendations based on fitness data are estimates only.
- You should consult a healthcare professional before making health decisions based on app data.
- We are not responsible for any health issues arising from reliance on fitness-based calculations.
You can disconnect fitness apps at any time from the Settings screen by selecting "Fitness Apps." You can also revoke access at the platform level in your device's health settings.
18. DIRECT, GROUP, AND MEAL-PLAN MESSAGING BETWEEN USERS
Our Services allow you to send messages to other users in one-to-one direct message threads, in group message threads with multiple participants, and in discussion threads attached to a shared meal plan.
Information collected:
- Message content, sender and recipient or thread-participant identifiers, timestamps, and read/unread indicators.
- For group and meal-plan threads, the participant list for the thread and basic thread metadata (such as group name or the meal plan the thread is attached to).
Data storage:
- Messages are stored on our servers and retained while the thread has active participants, and thereafter until removed under our standard retention processes.
- Upon account deletion, messages you sent in one-to-one and group threads are anonymized to preserve conversation context for the remaining participants; the sender is replaced with a generic placeholder and your profile image is cleared. Messages you posted in meal-plan discussion threads are removed. Where you are the sole remaining participant in a thread, the thread and your messages are removed along with your other account content.
- For group and meal-plan threads, you remain visible to other participants only while you are a participant. If you leave a thread or are removed from it, your prior messages remain in the thread for the other participants under the same anonymization rules described above.
User responsibilities:
- You are solely responsible for the content of messages you send in any thread.
- You agree not to send harassing, threatening, illegal, or spam content.
- The app may prevent you from sending content that violates the Community Guidelines in our Acceptable Use Policy.
- Violation may result in account suspension or termination.
Disclaimers:
- We do not monitor private, group, or meal-plan messages in real time.
- We are not responsible for the content of messages sent by other users.
- We are not liable for any disputes, damages, or harm arising from user communications.
- Group and meal-plan messages are visible to every participant in that thread. Other participants may be able to copy, screenshot, or otherwise retain your messages outside our Services, and we do not control what they do with that content.
- We may access messages when required by law or to investigate reported violations of our Terms of Service or the Community Guidelines in our Acceptable Use Policy.
19. MULTI-PROFILE AND PROFESSIONAL FEATURES
Our Services include features that let you share data with other users.
Plan collaboration. You can invite another user to collaborate on a meal plan or workout plan. If they accept, that user can view and edit the plan for as long as they remain a collaborator, including the plan's contents โ for meal plans, the planned meals and their nutrition information; for workout plans, the planned workouts. Collaborators can also see the plan name and your display information as the plan owner. You can remove a collaborator, and a collaborator can leave a plan, which stops their further access to it; content they contributed while collaborating is handled as described in our messaging and user-content disclosures elsewhere in this Privacy Policy. Only invite people you are comfortable sharing this information with.
Household Profiles. You may create additional profiles under your account to track nutrition for adult household members (for example, a spouse or another adult in your household). Household profiles can store the same categories of health-related data as your own profile, including age, gender, height, weight, dietary preferences, food allergies, and fitness goals.
By creating a profile for another person, you represent that they are 18 years of age or older and that you have their authority to provide their information to us. Household profiles are for adults only; you may not create a household profile for a minor. You are responsible for the accuracy of the information you provide and for any required consent from the household member.
Household profile data is stored under your account and is subject to the same storage, retention, and deletion terms as your own profile (see the "Health Data Handling" provisions elsewhere in this Privacy Policy). When you delete your account, household profile data is removed along with your own. A household member may contact us directly at support@therecipesociety.com to exercise rights over their data; we may involve you as the account holder to verify and action the request.
Nutrition Professional Relationships. If you accept a relationship invitation from a nutrition professional through our Services, the connected professional can view your goal type, daily calorie target, food allergies, dietary preferences, and any notes you add to your goal record. The professional's access through our Services is limited to those goal-record fields; your meal log, weight history, and AI chat history are not made available to them through the Services.
You may decline an invitation before accepting it, and you may end the relationship at any time from the screen where the relationship was established. When the relationship ends, the professional's ongoing access through our Services to the goal information you shared with them during the relationship is revoked. The relationship record itself is retained on our servers until your account or the professional's account is deleted, after which it is removed from our active systems without undue delay. The professional's own copy of any information they reviewed during the relationship (for example, in their own records outside our Services) is governed by that professional's own privacy practices, which we do not control.
Disclaimers:
- A nutrition professional you connect with through our Services acts independently. We do not employ, supervise, or verify the credentials of nutrition professionals who use our Services.
- Information and recommendations from a connected professional are not medical advice. You should consult a qualified healthcare provider before making significant dietary changes.
- We are not responsible for the accuracy of information provided by a connected professional, for the professional's compliance with applicable laws governing their profession, or for any disputes between you and the professional.
Legal basis (EU/EEA/UK):
- Household profile data is processed on the basis of performance of contract and, where it includes health-related fields, your explicit consent provided when you enter those fields on the profile.
- The nutrition professional relationship feature itself is processed on the basis of performance of contract; the sharing of your health-related fields with the professional is processed on the basis of your explicit consent, which you provide by accepting the relationship invitation and which you may withdraw at any time by ending the relationship.
20. CONTENT MODERATION AND SAFETY
We use third-party automated content moderation services to review user-generated content that you share publicly for harmful material including hate speech, violence, and explicit content. We also apply our own automated screening (for example, for spam and prohibited keywords).
User acknowledgment:
- By submitting content, you consent to automated moderation screening.
- Content flagged by automated systems may be removed without prior notice.
- We reserve the right to remove any content that violates the Community Guidelines in our Acceptable Use Policy.
Limitations:
- Automated moderation is not perfect and may not catch all violations.
- We are not liable for any harmful content that bypasses our moderation systems.
- We do not guarantee the accuracy of moderation decisions.
- Third-party moderation providers process content under their own privacy policies, which we do not control.
If you believe content was removed in error: you may contact support@therecipesociety.com with the content ID or title affected and a brief explanation of why you believe the removal was incorrect. We aim to review your request with human involvement and to respond as soon as practicable. We do not guarantee any specific moderation decision will be reversed; the review is intended to verify whether the original removal was warranted under the Community Guidelines in our Acceptable Use Policy.
21. BARCODE SCANNING AND FOOD DATABASE
Our Services allow you to scan food product barcodes to retrieve nutrition information from third-party nutrition databases, including public reference databases such as Open Food Facts and USDA FoodData Central.
Data handling:
- We do not upload or retain images captured by your camera during a scan; only the decoded barcode value (or, where a lookup requires it, the resulting product name) is sent to a third-party database to retrieve product information. Some database lookups are made directly from your device, in which case the database operator receives your device's network address under its own privacy policy.
- Product records returned from third-party databases may include URLs to product reference images hosted on those services' own servers; these images are loaded directly from the third-party source and are not stored by us.
- Lookup results and search queries may be cached for a limited time to improve performance, and de-identified product and nutrition records derived from lookups (containing no user identifiers) may be retained in our own food database to improve coverage for other users.
Disclaimers:
- Nutrition information is provided by third-party sources and may be inaccurate, incomplete, or outdated.
- We do not verify the accuracy of nutrition data and are not responsible for errors.
- You should verify nutrition information on product packaging before making dietary decisions.
- We are not liable for any health issues, allergic reactions, or other harm resulting from reliance on nutrition data.
- Third-party food databases operate under their own terms and privacy policies.
22. PRODUCT RECOMMENDATIONS FROM RECIPE CREATORS
Recipe creators may attach links to external products they recommend (such as kitchen tools, ingredients, or books) when authoring a recipe. These product entries are user-generated content.
Information we process:
- Product details entered by the recipe creator: name, destination link, optional description, optional price, optional store or brand name, category, and an optional product image uploaded by the creator.
- The creator's self-declaration of whether the recommendation is sponsored or otherwise the subject of material consideration. When the creator marks an entry as sponsored, a "Sponsored" label is displayed alongside the product so that other users can see the disclosure.
Information we do not collect:
- We do not log which product links you tap, do not track conversions on third-party retailer sites, and do not load third-party advertising or analytics pixels when a product card renders or is opened.
- We do not process payments, take a commission, or operate a checkout for these recommendations. Tapping a product link opens the destination in your device's default browser.
- We do not rewrite, inject, or add affiliate parameters to creator-supplied links.
- This section covers product links attached by recipe creators. Retailer shopping-list links (for example, sending a list to a grocery retailer) are described in the section titled "When and With Whom Do We Share Your Personal Information?" and in our Disclaimer.
User responsibilities and disclaimers:
- Product names, prices, availability, store names, and external links are entered by recipe creators and are not verified by us. Prices, stock, and product details on the destination retailer's site may differ from what is shown in the app. You should confirm details on the destination retailer's site before purchasing.
- Recipe creators are solely responsible for the accuracy of their product entries and for any required endorsement or sponsorship disclosures under applicable advertising and consumer-protection laws. We do not independently verify the existence of a sponsorship relationship; the "Sponsored" label reflects the creator's self-declaration.
- Product recommendations are not medical, nutritional, or supplement advice. Our Services do not diagnose, treat, cure, or prevent any disease or medical condition. You should consult a qualified healthcare provider before making significant dietary or supplement decisions.
- We are not responsible for the content, availability, accuracy, safety, or practices of any destination retailer or website reached through a product link, and we are not a party to any transaction you enter into with a third-party retailer.
Legal basis (EU/EEA/UK): Product entries created by recipe authors are processed on the basis of performance of contract as part of the recipe-authoring service.
Removal and deletion: When you delete a product entry you created, the entry is removed from product surfaces in the Services and the associated uploaded image is removed from our active systems without undue delay. When you delete your account, product entries you authored are removed along with your other account content.
23. HEALTH DISCLAIMER, HEALTH DATA HANDLING, AND CRISIS RESOURCES
IMPORTANT: The Recipe Society is a nutrition tracking and meal planning app. We are NOT a medical service and do not provide medical advice.
Not medical advice:
- All nutrition information, calorie calculations, and AI suggestions are for informational purposes only.
- Our Services do not diagnose, treat, cure, or prevent any disease or medical condition.
- You should always consult a qualified healthcare provider before starting any diet, exercise program, or making changes to your health routine.
- Do not disregard professional medical advice based on information from our Services.
We are not liable for:
- Health outcomes resulting from use of our Services
- Accuracy of nutrition data from third-party databases
- Allergic reactions or adverse health effects
- Eating disorders or disordered eating patterns
- Any physical or mental health issues
Crisis detection:
- Our AI systems may detect messages indicating crisis situations (self-harm, eating disorders, suicidal ideation).
- If detected, we may display crisis resources and helpline information in-app.
- We may restrict certain AI features if dangerous patterns are detected.
- This is not a substitute for professional mental health support.
If you are in crisis:
- 988 Suicide & Crisis Lifeline: 988 (US)
- Crisis Text Line: Text HOME to 741741
- National Eating Disorders Association: 1-800-931-2237
These resources remain accessible in the app regardless of subscription status.
Age requirement:
- You must be 18 years or older to use our Services.
- We do not knowingly collect personal information from children under 13. During signup, you are required to confirm your age, and anyone who does not confirm they meet the age requirement โ including anyone who indicates they are under 13 โ is blocked from creating an account, consistent with the Children's Online Privacy Protection Act (COPPA).
- By using our Services, you confirm you meet the 18+ age requirement.
- We collect age verification data as legal proof of compliance.
Health data storage:
Health-related data (such as age, gender, height, weight, target weight, activity level, dietary preferences, food allergies, and fitness goals) is stored on our servers under your user profile, encrypted at rest using industry-standard encryption. Certain health-sensitive fields may additionally be mirrored to an encrypted local store on your device for offline access. Other app data, such as your meal history, is stored on our servers and also held in your device's standard local app storage for offline use. The server copies are cleared without undue delay upon account deletion; local copies on the device where you perform the deletion are cleared as part of the deletion, and copies on any other device are cleared when you uninstall the app on that device. Health data is never shared with advertising networks. When you opt in to Personalized AI, relevant fields may be transmitted to our third-party AI provider during an AI session to provide personalized recommendations, under that provider's terms and privacy policy. Deleted files in our cloud storage are retained in a soft-delete tier for a limited period for disaster recovery before permanent purge. Anonymized, aggregated statistics that do not reasonably identify individuals may be retained for product improvement.
24. DMCA COMPLIANCE AND COPYRIGHT DATA
In short: We process and retain copyright claim data as required by law, which may limit your ability to request deletion of certain information.
Designated DMCA agent. For copyright infringement notifications under the Digital Millennium Copyright Act (DMCA), contact our designated agent:
Novelty Technologies, LLC Attn: Copyright Agent 11720 Amber Park Dr Ste 160 PMB 1056 Alpharetta, GA 30009 United States Email: contact@noveltytechnologies.us
Our designated agent is registered with the U.S. Copyright Office (Registration Date: November 14, 2024).
DMCA data we collect and process. When processing DMCA copyright claims, we collect and retain:
For claimants (copyright holders): full legal name and contact information; company name (if applicable); electronic signature; description of the copyrighted work; evidence of ownership.
For accused users: user identification and account information; content identified as allegedly infringing; counter-notification information (if filed); strike history and account status changes; communications related to the claim.
DMCA data retention period. DMCA claim records are retained for the period needed to maintain our safe-harbor protections under 17 U.S.C. ยง512 and to defend against potential legal claims, typically at least three years from the date of claim resolution. Data retained includes claim documentation, counter-notification records, communications between parties, the audit trail of actions taken, and strike history (including expired strikes).
Copyright strike system. We maintain a repeat-infringer policy with escalating consequences:
- First strike: warning notification.
- Second strike: account may be restricted, including limits on public posting.
- Third strike: account may be terminated.
We reserve discretion in determining the specific consequence based on the nature of the infringement and the user's history. Strikes may expire after a period of compliant behavior, in our discretion.
Interaction with your privacy rights.
GDPR users (European Economic Area): Under GDPR Article 17(3)(e), your right to erasure does not apply when processing is necessary for the establishment, exercise, or defense of legal claims. DMCA claim records fall under this exception.
CCPA users (California): Under California Civil Code ยง1798.105(d), we may retain personal information when necessary to comply with a legal obligation. DMCA compliance constitutes such a legal obligation.
What this means for you: You may request access to your DMCA-related data and correction of inaccurate contact information. You cannot request deletion of DMCA claim records during the retention period. Non-DMCA data will be deleted upon valid request. If you submit a deletion request and have DMCA-related data on file, we will (1) delete the data not subject to DMCA retention, (2) retain DMCA-related records with explanation, and (3) notify you of what data must be retained and why.
How DMCA restrictions are enforced. Account restrictions due to copyright strikes are enforced through application interface restrictions (disabled features), database-level access controls, and authentication system controls (for terminated accounts). These layered controls are designed to limit circumvention through technical means.
Contact for DMCA data inquiries: privacy@therecipesociety.com, subject line "DMCA Data Inquiry".
25. PRE-LAUNCH NOTIFICATION SIGNUPS
Our public website includes a "Notify Me at Launch" email signup form for users who want to be notified when the Services become generally available. This form is provided outside of the authenticated app and is governed by this section.
Information collected. When you submit the form, we collect the email address you enter, limited technical information about your submission (such as your browser/device user agent and the timestamp), and a transient signal derived from your network address that we use to prevent automated abuse. We do not store your network address in identifiable form; the bot-detection provider described below processes it under its own privacy policy.
Purpose and legal basis. The email address is used to send you a notification when the Services launch and a small number of related pre-launch updates. Legal basis: your consent, given by submitting the form. The technical signals described above are used to prevent automated abuse (bot signups, spam) and to maintain the security and integrity of our public-facing services.
Third-party bot detection. The signup form is protected by a third-party bot-detection service that assesses whether each submission is human. This service may set its own cookies and process limited technical signals at the time of submission under its provider's privacy policy. Because this service is required to protect the form from abuse, it operates as a strictly-necessary security function regardless of cookie-banner preferences.
Retention. Email addresses submitted to the launch signup form are retained until the Services launch and the launch-notification email has been sent, plus a reasonable period thereafter for bounce reprocessing and unsubscribe handling. After this period, the entries are deleted unless you have separately created an account, in which case your data is governed by the in-app retention policy. Transient abuse-prevention signals are retained only for the brief period required to perform their security function and are then overwritten or purged. We do not sell or share launch-signup email addresses with advertisers or third-party marketers.
Your rights. You may unsubscribe from the launch list, or request access to or deletion of your launch-signup record, at any time by emailing privacy@therecipesociety.com. Because no account exists at the pre-launch stage, we will verify your request by sending a confirmation to the email address on file.
26. DO WE MAKE UPDATES TO THIS POLICY?
Yes, we will update this policy as necessary to stay compliant with relevant laws and to reflect changes in our practices. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we will notify you by prominently posting a notice of such changes or by directly sending you a notification, and where required by law we will ask you to re-accept.
27. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may email us at support@therecipesociety.com or contact us by post at:
Novelty Technologies, LLC 11720 Amber Park Dr Ste 160 PMB 1056 Alpharetta, GA 30009 United States
28. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correction of inaccuracies, or deletion of your personal information. You may also withdraw your consent to our processing of your personal information; these rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, visit therecipesociety.com/privacy-request, use the in-app controls in Settings, or email support@therecipesociety.com.
Questions about your privacy?
If you have any questions about how we collect, use, or protect your personal information — or want to exercise a privacy right — our team is here to help.