Privacy Policy

1. Introduction

Brioche ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our recipe management application ("App"). Please read this policy carefully. By using the App, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account using Sign in with Apple, we collect:

• Apple User Identifier: A unique identifier provided by Apple
• Name: If you choose to share it during Sign in with Apple
• Email Address: If you choose to share it during Sign in with Apple (you may use Apple's private relay email option)

2.2 User Content

When you use the App, we store the following data locally on your device and, if you use sync features, on our cloud servers:

• Recipes you create, import, or receive via sharing
• Recipe images you upload or import
• Meal plans and scheduled meals
• Shopping/grocery lists
• App preferences (e.g., preferred unit system, timer sounds)

2.3 Analytics and Usage Data

We use PostHog, a third-party analytics service, to collect usage data to improve the App. This includes:

• Feature adoption (e.g., whether you use cooking timers, meal planning, or recipe sharing)
• Subscription and purchase events (to understand conversion)
• App performance metrics and error reports
• Device type and operating system version

Analytics data is linked to a pseudonymous identifier associated with your account. We do not track the content of your recipes or share analytics data with third parties for advertising purposes.

2.4 Transaction Information

When you subscribe to premium features, Apple processes your payment. We receive:

• Subscription status (active, expired, cancelled)
• Subscription tier and billing period
• Transaction identifiers (for support purposes)

We do not receive your payment method details, credit card numbers, or billing address.

2.5 Information We Do NOT Collect

We do not collect:

• Precise location data
• Contacts or address book
• Browsing history outside the App
• Data from other apps on your device
• Health or fitness data
• Biometric data

3. How We Use Your Information

We use the information we collect to:

• Provide the App: Store and sync your recipes, meal plans, and shopping lists
• Process Subscriptions: Manage your premium subscription status
• Improve the App: Analyze usage patterns to fix bugs and develop new features
• Provide Support: Respond to your inquiries and troubleshoot issues
• Communicate: Send important service announcements (e.g., security updates, policy changes)
• Ensure Security: Detect and prevent fraud, abuse, or unauthorized access

We do not use your information for:

• Selling to third parties
• Targeted advertising
• Profiling for marketing purposes

4. AI-Powered Recipe Parsing

When you import recipes from URLs, images, or text, the content is processed by OpenAI to extract recipe information.

What is sent to OpenAI:

• The URL content, image, or text you submit for parsing
• No personal information or account data is sent

What is NOT sent:

• Your account information
• Your other recipes
• Your meal plans or shopping lists
• Any analytics or usage data

OpenAI may retain data according to their privacy policy. We recommend reviewing OpenAI's Privacy Policy for details.

5. Third-Party Services

We use the following third-party services to operate the App:

Service	Purpose	Data Shared
Apple	Authentication, payments	Apple user ID, subscription transactions
Amazon Web Services (AWS)	Cloud storage, database	Encrypted user content (recipes, images)
RevenueCat	Subscription management	User ID, subscription status
PostHog	Analytics	Usage data, device info
OpenAI	Recipe parsing	Recipe content submitted for import

Each service operates under its own privacy policy. We encourage you to review their policies.

6. Data Storage and Security

6.1 Where Your Data is Stored

• Local Storage: Your data is stored on your device using encrypted local storage
• Cloud Storage: If you use sync features, your data is stored on Amazon Web Services (AWS) servers located in the United States

6.2 Security Measures

We implement industry-standard security measures including:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
• Encryption at Rest: Data stored on our servers is encrypted
• Secure Authentication: We use Sign in with Apple, which provides secure, token-based authentication
• Access Controls: Access to user data is restricted to authorized personnel only
• Secure Token Storage: Authentication tokens are stored in your device's secure Keychain

6.3 Security Limitations

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

• Active Accounts: Your data is retained as long as your account remains active
• Deleted Content: When you delete recipes or other content, it is removed from our servers during the next sync
• Account Deletion: Upon account deletion, your data is permanently removed from our servers within 30 days
• Analytics Data: Analytics data may be retained indefinitely for aggregate analysis
• Backup Retention: Server backups containing your data are retained for up to 90 days for disaster recovery

8. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

8.1 Service Providers

We share data with third-party service providers who assist in operating the App (as listed in Section 5). These providers are contractually obligated to protect your data.

8.2 Recipe Sharing

When you share a recipe via a link, the recipe content (title, ingredients, instructions, image) becomes accessible to anyone with the link. Shared recipes do not include your personal information.

8.3 Legal Requirements

We may disclose your information if required by law, such as in response to a subpoena, court order, or legal process, or to protect our rights, property, or safety.

8.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

9. Your Rights and Choices

9.1 Access and Portability

You can access your recipes and data directly within the App. You may request a copy of your personal data by contacting us.

9.2 Correction

You can update or correct your recipes and content directly within the App.

9.3 Deletion

You can delete individual recipes within the App. To delete your entire account and all associated data, contact us at [email protected].

9.4 Opt-Out of Analytics

Analytics collection cannot currently be disabled within the App. If you prefer not to share analytics data, you may choose not to use the App.

10. Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request that we limit how we process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing:

• Contract: To provide the App and its features to you
• Legitimate Interests: To improve the App, ensure security, and prevent fraud
• Consent: For optional analytics (where required)

To exercise your GDPR rights, contact us at [email protected]. We will respond within 30 days.

11. Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request information about:

• The categories of personal information we collect
• The purposes for which we use your information
• The categories of third parties with whom we share your information
• The specific pieces of personal information we have collected about you

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

11.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.4 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Apple user ID, name (if provided), email address (if provided)
• Commercial Information: Subscription status and history
• Internet/Electronic Activity: App usage data, feature interactions
• User-Generated Content: Recipes, meal plans, shopping lists

11.5 Sale of Personal Information

We do not sell your personal information as defined by the CCPA.

To exercise your CCPA rights, contact us at [email protected].

12. International Data Transfers

The App is operated from the United States. If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the App, you consent to this transfer.

For EU/EEA users, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international data transfers.

13. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us immediately at [email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the App or via email (if you have provided one)

Your continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

For GDPR or CCPA-specific requests, please include "Privacy Request" in the subject line.

---

Last Updated: January 2026