Privacy Policy

Last Updated: October 19, 2025

1. Introduction

Welcome to NeuralChef ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application located at neuralchef.app (the "Service").

This policy complies with the EU General Data Protection Regulation (GDPR) and applies to all users of our Service, regardless of location.

2. Data Controller

The data controller responsible for your personal data is:

NeuralChef
Email: [email protected]

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Email address, username, password (stored encrypted), and name
  • Profile Information: Cooking skill level, dietary preferences, kitchen equipment, cuisine interests, disliked ingredients, and measurement unit preferences
  • User-Generated Content: Recipes you create, meal plans, shopping lists, collections, and ratings
  • AI Settings: Custom AI configurations if you provide your own API keys

3.2 Information Collected Automatically

  • Usage Data: Recipe generation counts, recipe views, and feature usage patterns
  • Device Information: Browser type, device identifiers for analytics
  • Cookies and Similar Technologies: Session cookies for authentication and functionality

3.3 Information from Third Parties

  • OAuth Providers (Google): Email address, name, profile picture when you sign in with Google
  • Payment Information: Payment data is processed by Stripe (we do not store your payment card details)

4. How We Use Your Information

We process your personal data for the following purposes under GDPR Article 6:

4.1 Contract Performance (Article 6(1)(b))

  • Providing and maintaining the Service
  • Creating and managing your account
  • Generating personalized recipes based on your preferences
  • Processing your subscription and payments

4.2 Legitimate Interests (Article 6(1)(f))

  • Improving and optimizing the Service
  • Analyzing usage patterns to enhance user experience
  • Detecting and preventing fraud and abuse
  • Sending important service updates and notifications

4.3 Consent (Article 6(1)(a))

  • Sending marketing communications (you can opt-out anytime)
  • Using cookies for analytics and personalization

4.4 Legal Obligation (Article 6(1)(c))

  • Complying with applicable laws and regulations
  • Responding to legal requests and preventing illegal activities

5. Third-Party Services

We share data with the following third-party service providers:

  • Google OAuth: For authentication services
  • Stripe: For payment processing (subject to Stripe's privacy policy)
  • OpenAI: For AI-powered recipe generation (ingredients and preferences only)
  • DeepInfra: For additional AI processing
  • CalorieNinjas: For nutritional information
  • Brevo: For transactional emails (account verification, password resets)

These providers process data on our behalf and are contractually obligated to protect your data in accordance with GDPR standards.

6. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Until you delete your account, plus 30 days for backup purposes
  • Usage Data: Aggregated for up to 2 years for analytics
  • Payment Records: As required by law (typically 7 years)
  • Marketing Preferences: Until you withdraw consent

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Right of Access (Article 15)

You can request a copy of your personal data we hold.

7.2 Right to Rectification (Article 16)

You can update or correct inaccurate personal data through your account settings.

7.3 Right to Erasure (Article 17)

You can request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Restriction (Article 18)

You can request we limit how we use your data in certain circumstances.

7.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

7.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

7.7 Right to Withdraw Consent (Article 7(3))

You can withdraw consent for processing at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for specific countries
  • Service providers with appropriate certifications

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Password hashing using industry-standard algorithms (bcrypt)
  • Secure database access controls
  • Regular security assessments and updates
  • Limited employee access to personal data

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continually work to improve our safeguards.

10. Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use the Service (with your consent)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of the Service after changes indicates acceptance of the updated policy.

13. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority in the EU.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: https://neuralchef.app