Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

Account information: When you create an account, we collect your name, email address, and password (stored as a bcrypt hash — we never store your plain-text password).

Recipe data: Recipes you create, import, or scan, including ingredients, directions, photos, tags, notes, and ratings.

Usage data: Meal plans, grocery lists, favorites, comments, and reactions you create within the app.

Payment data: If you subscribe to Recidex Pro, payment processing is handled entirely by Stripe. We store your Stripe customer ID but never your credit card number, CVV, or full card details.

Device data: We collect basic device information (browser type, operating system) through server logs to ensure compatibility and diagnose issues.

2. How We Use Your Information

  • Provide and improve the Recidex service (recipe storage, meal planning, grocery lists, social features)
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (password resets, account changes)
  • Send optional weekly digest emails (you can opt out in Settings)
  • Detect and prevent abuse, spam, and unauthorized access
  • Respond to support requests

We do not sell your personal data. We do not use your data for advertising. Your recipes are yours.

3. Information Sharing

We share your data only in these limited circumstances:

  • Stripe — Payment processing. Stripe’s privacy policy governs their handling of your payment data.
  • Sentry — Error tracking. Crash reports may include your user ID (never passwords or payment data).
  • Household members — If you join a household, your household partner can see shared recipes, meal plans, and grocery lists.
  • Public recipes — Recipes you mark as “public” are visible to other Recidex users.
  • Legal requirements — We may disclose information if required by law, subpoena, or court order.

4. Data Retention

We retain your data for as long as your account is active. When you delete your account, all your data (recipes, comments, ratings, meal plans, grocery lists, and profile information) is permanently deleted within 30 days. Stripe may retain payment records per their own policies and legal obligations.

5. Your Rights

You have the right to:

  • Access — Download all your data via Settings > Download my data
  • Correct — Update your profile information at any time in Settings
  • Delete — Delete your account and all associated data in Settings
  • Export — Export your data in machine-readable JSON format
  • Object — Opt out of non-essential communications (weekly digest) in Settings

For EU/EEA residents: these rights are provided under the General Data Protection Regulation (GDPR). Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (improving the service, preventing abuse).

6. Cookies

Recidex uses a single essential session cookie to keep you signed in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

7. Security

We protect your data with:

  • HTTPS encryption for all data in transit
  • Bcrypt password hashing (passwords are never stored in plain text)
  • Rate limiting on authentication endpoints
  • Content Security Policy (CSP) headers
  • Regular dependency audits for known vulnerabilities

8. Children’s Privacy

Recidex is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of Recidex after changes constitutes acceptance of the updated policy.

10. Contact Us

Questions about this policy? Email us at privacy@recidex.com.