1. Who We Are
ReciMind (βweβ, βourβ, βusβ) is a mobile application that uses AI to scan food and ingredients, generate personalized recipes, and help you plan meals. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have.
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address β used for login and account recovery
- Password hash β if you sign up with email/password (Supabase Auth manages this; we never see your plaintext password)
- Google profile information β name and profile picture, if you sign in with Google OAuth
2.2 Recipe and Preference Data
Each time you generate a recipe, we store:
- The recipe content (title, ingredients, instructions, tips, overview) generated by AI
- Your meal preference (breakfast, lunch, dinner, snack, or dessert) if you provide it
- Time available to cook, if you provide it
- A free-text comment containing any special dietary requests or preferences you write (e.g., βno nutsβ, βspicyβ, βvegetarianβ) β optional
- Your favorite flag (starred or not) per recipe
- Recipe edit history β a version snapshot is saved each time you or the AI modifies a recipe
2.3 User Profile (Optional)
In the Settings screen you may optionally add a display name and a profile photo (avatar URL). Neither field is required.
2.4 AI Usage Counter
To enforce daily limits, we record a count of how many AI requests you have made today. This counter resets at midnight UTC and contains no content β only a number and a date.
2.5 Subscription and Purchase Data
If you subscribe to ReciMind Pro, your subscription status and purchase history are managed by RevenueCat, a third-party payment platform. We receive only your entitlement status (e.g., βPro activeβ). We do not process or store payment card numbers.
2.6 Session Tokens
When you are logged in, your session tokens (JWT access token and refresh token issued by Supabase Auth) are stored locally on your device using React Native AsyncStorage. They are never sent to us directly β they are used to authenticate requests to our server.
2.7 Push Notifications (Optional)
If you enable push notifications, we may securely store a device push token to send you timely alerts. You can opt out of these at any time via your device settings.
3. Photos You Take β What We Do NOT Store
When you use the camera or photo library in ReciMind to scan your fridge, photograph a recipe card, or identify a dish, we do not store your photo on any server.
Here is exactly what happens:
- Your photo is captured or selected locally on your device.
- It is resized on-device to reduce file size.
- It is sent as an encrypted, temporary payload directly to Google's Gemini AI API for analysis.
- The AI extracts ingredient or recipe information and returns a text result.
- The photo is discarded immediately. It is never written to our database, our cloud storage, or any other server. We cannot access it, retrieve it, or share it.
This applies to all three photo features:
- Fridge scan (ingredient detection)
- Recipe card scan (digitizing a written recipe)
- Dish identification (reverse-engineering a recipe from a photo)
The only things we save are the text results extracted from the photo (ingredient names, recipe content) β not the image itself.
4. AI-Generated Dish Images
When a recipe is generated, we may also generate an AI food photograph of the dish using Google Gemini. This image is:
- Created entirely by AI based on the recipe text β it does not use your photos
- Stored in our cloud storage (Supabase Storage) linked to your recipe
- Accessible via a URL associated with your account
- Deleted when you delete the recipe or your account
5. How We Use Your Data
| Data | Purpose |
|---|---|
| Email / auth info | Login, account recovery, authentication |
| Recipe content | Displaying your recipe history and favorites |
| Meal preferences | Personalizing AI recipe generation |
| User comment | Passing dietary requirements to the AI |
| Recipe versions | Letting you view and restore previous versions |
| AI usage counter | Enforcing daily rate limits |
| Subscription status | Unlocking Pro features |
| Session tokens | Authenticating your requests |
| Display name / avatar | Showing your profile in the app |
| Device push tokens | Sending you opted-in push notifications |
We do not use your data for advertising, profiling, or selling to third parties. We do not track your activity across other companies' apps and websites for targeted advertising.
6. Third-Party Services
We work with the following sub-processors:
| Service | Purpose |
|---|---|
| Supabase | Database, authentication, cloud storage |
| Google Gemini API | AI ingredient detection, recipe generation, image generation |
| RevenueCat | In-app subscription management |
| Apple / Google | OAuth sign-in provider |
Your photos are processed by Google Gemini under Google's API Terms of Service. By default, Google does not use API input data to train its models.
6.1 International Data Transfers
ReciMind is operated under the laws of Norway (EEA), but we utilize secure third-party services located in the United States (such as Google and Supabase). By using the App, your data may be transferred to and processed in the US. We rely on established legal safeguards, such as Standard Contractual Clauses (SCCs) and adherence to the EU-US Data Privacy Framework by our sub-processors, to ensure your data remains protected.
7. Data Retention
| Data | Retention |
|---|---|
| Account and auth data | Until you delete your account, or after 24 months of inactivity |
| Recipes and versions | Until you delete the recipe, your account, or after 24 months of inactivity |
| AI-generated dish images | Until you delete the recipe or your account |
| AI usage counter | Automatically reset daily; deleted with your account |
| Session tokens (local device) | Until you log out or the token expires |
| Your photos | Never stored β discarded immediately after analysis |
When you delete your account from Settings, we permanently delete your account, user profile, all recipes, all recipe versions, and all dish images associated with your account. This action is irreversible.
8. Data Security
- All data in transit is encrypted using HTTPS / TLS.
- Database access is protected by Row-Level Security (RLS) β you can only read and write your own data; other users cannot access it.
- AI API keys are stored exclusively in our server environment (Supabase Edge Function secrets) and are never included in the app bundle or sent to your device.
- We do not log or store the content of photos you submit for analysis.
9. Children's Privacy
ReciMind is not directed at children under the age of 13 (or under 16 in the European Union). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Your Rights
Depending on where you live, you may have the following rights:
- Access β request a copy of the personal data we hold about you
- Correction β ask us to correct inaccurate data
- Deletion β delete your account (and all associated data) at any time from Settings β Delete Account, or by contacting us
- Data portability β request your recipe data in a machine-readable format
- Withdraw consent β where processing is based on consent, you may withdraw it at any time
GDPR (EEA/UK users): Our legal basis for processing is performance of a contract (providing the app service) and legitimate interest (security, rate limiting). You have the right to lodge a complaint with your local supervisory authority.
CCPA (California users): We do not sell your personal information. You have the right to know what data we collect and request its deletion.
To exercise any of these rights, or to submit a formal Data Subject Access Request (DSAR), please contact us at recimind@gmail.com. We will respond to all requests within 30 days.
Data Protection Officer (DPO): If you have concerns about how your data is handled, you may contact our designated Data Protection Officer at recimind@gmail.com.
11. Device Permissions
The app requests the following device permissions:
| Permission | Why |
|---|---|
| Camera | To take photos of your fridge or dishes for AI analysis |
| Photo Library | To select existing photos from your device |
| Notifications | To send you optional alerts and reminders |
You can revoke these permissions at any time in your device settings. Revoking them will prevent photo-based features or notifications from working but will not affect recipe history or other features.
12. Changes to This Policy
If we make material changes to this Privacy Policy, we will update the effective date at the top of this document. For significant changes, we will notify you within the app. Continued use of ReciMind after changes are posted constitutes acceptance of the updated policy.
13. Contact
If you have questions or requests related to this Privacy Policy:
Email: recimind@gmail.com
Last updated: May 12, 2026