Table of contents
The short version: we collect the recipes you save, the meals you plan, the pantry you track. We use it to make those features work for you, your household, and (if you opt in) the AI recipe generator. We don’t sell anything to advertisers and we don’t run third-party trackers. The long version is below — written in plain English, in articles you can skim.
The summary.
What we collect: the recipes you import or generate, the meal plans and shopping lists you build, the items in your pantry, your dietary profile, the household you share with, your subscription tier, and the device + analytics signals necessary to run the app reliably.
What we don’t: third-party advertising identifiers, contact lists, location histories, biometric data, or anything else you didn’t volunteer. Tasteze does not sell or rent personal information. There is no behavioural ad targeting.
Where it lives: on Supabase (PostgreSQL) in US-East, with row-level security on every table. Files (recipe photos, banners, cookbook drafts) live in Supabase Storage. The partner blog serves published posts publicly; everything else requires authentication.
Who else sees it: a short list of vendors that run specific features — payments, AI, search, email, error tracking. Each is named in Article 03.
What we collect.
We group your data into three buckets so it’s easy to reason about.
You give us this directly. Account email + password (or Apple, Google, or passkey identity). Display name. Optional avatar. Saved recipes (title, ingredients, instructions, photos, nutrition you edited). Meal plans, shopping lists, pantry inventory, cookbooks. Dietary profile + allergens. Household membership. Notes and ratings you leave on recipes.
The platform generates this from your activity. Cooking-mode progress, mise en place plans, AI generation history, usage counters (how many imports this month, how many AI generations), suggestion-engine signals (which recipes you saved, which you cooked, which you ignored), and search queries.
The system collects this automatically. Device type, browser, app version, IP address (used only to detect abuse, then truncated), session timestamps, error reports (Sentry), product analytics (PostHog — events only, no cross-site identifiers).
If you become a Tasteze partner, we additionally collect the answers you submitted on the application form, your voice interview transcript and AI-distilled voice profile, your blog posts and their generation history, and (if you connect a custom domain) the domain configuration.
How we use it.
Six things, full stop.
- Run the kitchen features. Save recipes, build plans, track pantry, generate shopping lists, run cooking mode, sync your household.
- Train the suggestion engine — but only on your own data, weighted to your preferences, never combined with anyone else’s profile.
- Fulfil AI requests you initiate. Send the necessary inputs to Anthropic, OpenAI, x.AI, or Google to import a recipe, generate a story, or render an image. We don’t send anything you didn’t ask for.
- Process payments via RevenueCat (App Store + Stripe). We see your subscription tier; we don’t see card numbers.
- Email you when something requires your attention: password reset, weekly summary if you opted in, partner-blog publish notifications. No marketing without explicit opt-in.
- Keep the lights on. Detect abuse, debug crashes, monitor performance. We use the minimum signal necessary.
AI & your recipes.
Tasteze is built around AI features. We want to be specific about what that means for the recipes you save.
The AI providers don’t train on your data. Our contracts with Anthropic, OpenAI, x.AI, Google, and ElevenLabs opt out of training on customer prompts and outputs. Inputs we send are processed for a single request and not retained for model improvement.
Tasteze does use your data to improve Tasteze. We log generation history (with the prompt, tokens used, cost, and your feedback) to debug and improve our prompts and suggestion engine. This stays inside the platform and is never shared externally.
Public partner content is publicly published. If you’re a partner and you publish a blog post, that post — including the AI-generated narrative around your recipe — is public. The partner blog renders it as soon as you click publish.
Your rights.
Regardless of where you live, you have the following rights over your data. We honour them globally — not just in jurisdictions that require it.
- Access. Email privacy@tasteze.app to request a full export of your library. We deliver it within 30 days as a structured JSON archive.
- Correction. Edit anything you submitted directly in the app.
- Deletion. Delete your account from Settings → Account → Delete. Data is purged within 30 days; backup retention adds another 90 days before final removal.
- Portability. The same export works for re-import elsewhere — bring your library wherever you go.
- Objection. Email privacy@tasteze.app to opt out of analytics, transactional summaries, or any specific processing.
- Withdraw consent. Cancel your subscription, disconnect OAuth providers, revoke passkeys — all in Settings.
If you’re in the EU, UK, California, Colorado, Virginia, or another jurisdiction with extended privacy rights, the same controls apply. We’ve appointed a representative for GDPR inquiries — contact details below.
Storage & security.
Your data lives in Supabase’s US-East region (Postgres + Storage). Encryption at rest is on by default. Connections are TLS 1.2+ from the client all the way to the database.
API keys for partner-side integrations live in an encrypted vault (AES-256-GCM) keyed by a master key that’s rotated quarterly. Admin access requires TOTP or passkey MFA in addition to the primary credential.
We retain account data while your account is active. If you cancel, your account stays as Free with all your recipes intact until you delete it. After deletion: 30 days to a soft purge, another 90 days for backup retention, then permanent removal.
Children.
Tasteze is not directed at children under 13 (or under 16 in the EU/UK). We don’t knowingly collect personal information from them. Households can include minors as members at the discretion of the household owner — the owner’s account is the legal counterparty. If you believe a minor has signed up directly, email us and we’ll investigate within 30 days.
Changes to this policy.
When we change this policy, we update the date at the top and email everyone with an active account at least 30 days before the changes take effect (unless required to apply them sooner by law). Past versions of this policy are kept at /privacy/history so you can see what changed.
How to reach us.
For privacy questions, data requests, or anything that reads unclearly above:
- Email · privacy@tasteze.app
- Mail · DND Media Group LLC · State of Florida, USA
- EU representative · listed at /privacy/eu-rep
We respond to data requests within 30 days. If we need additional information to verify your identity, we’ll ask before we act.