EverythingEats Privacy Policy

Version 1.4 · Effective 28 June 2026

Privacy Policy

1. Introduction

EverythingEats is committed to protecting your privacy.

This Privacy Policy explains what personal data we collect, how we use it, why we use it, who we share it with, how long we keep it, and what rights you have.

EverythingEats is owned and operated by EVERYTHINGEATS LTD, a company registered in England and Wales.

For data protection purposes, the data controller is:

EVERYTHINGEATS LTD

Company number: 17265785

Email: privacy@everythingeats.co.uk

Support: support@everythingeats.co.uk

References to "EverythingEats", "we", "us", or "our" mean EVERYTHINGEATS LTD.

2. Data We Collect

We may collect and process the following categories of personal data.

Account and Identity Data

  • email address;
  • username;
  • display name;
  • password hash, where you create a password;
  • email verification status;
  • third-party sign-in provider, such as Google or Apple;
  • provider account identifier;
  • provider-verified email status;
  • social sign-in name, where provided;
  • linked authentication methods;
  • sign-in identity tokens or credential responses, where needed to verify a Google or Apple sign-in;
  • account creation date;
  • account status;
  • login and authentication records.

If you use Sign in with Apple and choose to hide your email, Apple provides a private relay email address instead of your personal address. We treat this relay address as your account email and use it to contact you; Apple forwards messages we send to it to your real address. If relay forwarding is turned off or the Apple sign-in is unlinked, you may be unable to receive our emails at that address.

User Content

  • recipe names;
  • ingredients;
  • recipe steps;
  • preparation notes;
  • recipe images;
  • recipe videos or links;
  • servings;
  • cooking times;
  • preparation times;
  • rest times;
  • difficulty level;
  • tags;
  • recipe category;
  • nutrition information;
  • allergens;
  • equipment;
  • public or private recipe status;
  • scanned or imported recipe content, where recipe scanning is used.

If you mark a recipe as public, that recipe and associated public content may be visible to everyone, including guests and unregistered visitors. Public recipes are not limited to registered users.

Meal Planning and Grocery Data

  • weekly menus;
  • selected meals;
  • shopping lists;
  • saved favourites;
  • generated meal plans;
  • recipe history;
  • recently used recipes.

Preferences and Settings

  • measurement units;
  • portion preferences;
  • meal slots;
  • weekly schedule preferences;
  • dietary preferences;
  • allergens;
  • disliked ingredients;
  • day-level meal preferences;
  • meal-level preferences;
  • theme preference;
  • reminder settings;
  • notification preferences.

Usage, Analytics and Diagnostic Data

  • app opens;
  • screen views;
  • feature usage events;
  • recipe creation events;
  • menu generation events;
  • preference changes;
  • search activity within the app;
  • error reports;
  • crash logs;
  • performance data;
  • authentication and session activity;
  • security and audit events.

Ads and Advertising Data

  • AdMob consent status;
  • advertising identifiers, where permitted;
  • device identifiers, where permitted;
  • consent strings and consent records;
  • ad interaction data;
  • ad delivery and measurement data;
  • non-personalised or personalised ad selection data, depending on your choices and applicable law.

Technical Data

  • device platform;
  • operating system;
  • app version;
  • IP address;
  • approximate location inferred from IP address;
  • browser or app environment;
  • language settings;
  • system logs;
  • secure token/session information;
  • push notification token, where notifications are enabled.

Communications Data

  • emails you send to us;
  • support requests;
  • privacy requests;
  • bug reports;
  • feedback;
  • account deletion requests.

3. Special Category and Sensitive Data

Some information you provide may be sensitive.

This may include allergy information, dietary restrictions, health-related dietary needs, religious dietary requirements, ethical dietary preferences, or other information that could reveal special category data under data protection law.

We use this information only to provide, personalise, and improve relevant app features, including recipe filtering, menu generation, allergy warnings, shopping-list support, and preference settings.

We do not use allergy, health-related, religious, or sensitive dietary information for personalised advertising.

Where required, we rely on your explicit consent to process sensitive dietary, allergy, or health-related information.

You can update or delete this information in your app settings or by contacting us.

4. How We Use Your Data and Our Lawful Basis

For users in the UK or EEA, we rely on the following lawful bases.

PurposeData UsedLawful Basis
Create and manage your accountAccount and identity dataContractual necessity
Authenticate users and maintain sessionsAccount data, provider identity data, technical data, session dataContractual necessity and legitimate interests
Verify and link Google or Apple sign-inAccount and identity data, provider-verified email, provider account identifiers, authentication recordsContractual necessity and legitimate interests
Store and display your recipesUser contentContractual necessity
Store meal plans and shopping listsMeal planning and grocery dataContractual necessity
Personalise recipes, filters, menus, and preferencesPreferences, dietary preferences, allergens, disliked ingredientsContractual necessity, consent, and where required explicit consent
Send verification and password reset emailsEmail address, account statusContractual necessity
Send optional remindersReminder settings, notification token, email addressConsent or contractual necessity, depending on the reminder
Provide customer supportCommunications data, account dataLegitimate interests and contractual necessity
Improve the ServiceUsage, analytics, diagnostic dataLegitimate interests or consent where required
Monitor app performance and fix bugsLogs, error reports, crash dataLegitimate interests
Secure the Service and prevent fraudTechnical data, audit logs, authentication recordsLegitimate interests and legal obligations
Display non-personalised adsAd consent status, technical dataLegitimate interests or consent where required
Display personalised adsAd identifiers, consent data, usage/ad dataConsent
Comply with legal obligationsAccount data, logs, communicationsLegal obligation
Handle privacy requestsAccount data, communications dataLegal obligation
Enforce Terms and investigate misuseAccount data, user content, logsLegitimate interests and legal obligations

Where we rely on legitimate interests, we consider and balance our interests against your rights and freedoms.

Where we rely on consent, you may withdraw consent at any time.

5. Ads, AdMob and Consent

EverythingEats may display ads using Google AdMob and related advertising partners.

Depending on your region, consent choices, device settings, and applicable law, ads may be personalised or non-personalised.

Where required, we will ask for consent before:

  • using cookies, local storage, or similar technologies for advertising;
  • accessing advertising identifiers;
  • collecting, sharing, or using personal data for personalised ads;
  • using tracking technologies that require consent.

You can manage or withdraw consent through the app privacy settings, consent screen, operating-system settings, or other available privacy controls.

If you withdraw consent, ads may still appear, but they may be non-personalised where supported.

Google and its advertising partners may process data as independent controllers or processors depending on the context and their own terms.

6. Analytics, Crash Reporting and Observability

We use analytics, crash reporting, logging, and observability tools to understand how the Service performs, identify bugs, prevent abuse, improve features, and protect the Service.

This may include collecting:

  • app usage events;
  • crash logs;
  • device and app version information;
  • performance data;
  • error messages;
  • authentication events;
  • IP address;
  • system logs.

Where analytics or tracking requires consent, we will request consent before using those technologies.

7. Recipe Scanning, OCR and AI Processing

If you use recipe scanning, image upload, import, OCR, or AI-assisted recipe parsing features, we may process uploaded images, extracted text, and generated recipe draft data.

This processing is used to:

  • extract recipe text;
  • identify ingredients and steps;
  • structure recipes into the app format;
  • improve the reliability of recipe creation;
  • debug and secure the feature.

Uploaded images or extracted text may be processed by third-party providers that support OCR, AI, document processing, cloud storage, or app infrastructure.

You should not upload recipes, images, documents, or content that you do not own or have permission to use.

8. Push Notifications and Reminders

If you enable reminders or notifications, we may process notification preferences, reminder times, meal-plan settings, and device push tokens.

You can disable push notifications through the app settings or your device settings.

9. Who We Share Data With

We may share personal data with trusted service providers that help us operate the Service, including:

  • hosting providers;
  • cloud database providers;
  • cloud storage providers;
  • email providers;
  • authentication and security providers, including Google and Apple where you choose to use their sign-in services;
  • analytics providers;
  • crash-reporting and observability providers;
  • advertising providers, including Google AdMob;
  • consent-management providers;
  • AI, OCR, or document-processing providers where recipe scanning is used;
  • app stores and platform providers;
  • professional advisers where necessary;
  • legal or regulatory authorities where required.

We only share data where necessary for the purposes described in this Policy, where you have consented, or where required by law.

If you choose Google Sign-In or Sign in with Apple, the provider may process information about your use of that sign-in method under its own terms and privacy policy.

Service providers must process personal data only as instructed by us, unless they act as independent controllers under their own legal obligations.

10. International Transfers

Some of our service providers may process personal data outside the United Kingdom or European Economic Area.

Where personal data is transferred internationally, we use appropriate safeguards where required. These may include adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum, Standard Contractual Clauses, or other lawful transfer mechanisms.

11. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy, including providing the Service, complying with legal obligations, resolving disputes, enforcing Terms, maintaining security, and improving the app.

Typical retention periods are:

Data TypeRetention Period
Account dataFor as long as your account exists
Private recipesUntil deleted by you or deleted after account deletion
Public recipesWhile public, then up to 30 days after account deletion or removal unless earlier removal is required
Weekly menus and shopping listsFor as long as your account exists or until deleted
Preferences and settingsFor as long as your account exists or until changed/deleted
Email verification and password reset recordsAs needed for security and account operation
Support emails and requestsUp to 24 months after resolution, unless longer retention is needed
System logs and security logsUsually up to 12 months, unless needed for security, fraud prevention, or legal reasons
Analytics dataUsually up to 26 months, or shorter where configured
Consent recordsFor as long as needed to demonstrate consent and compliance
Backup dataRetained for a limited backup cycle before being overwritten or deleted
Legal or dispute recordsAs long as necessary to handle the legal issue

After account deletion, we delete or anonymise personal data unless retention is necessary for legal, security, fraud-prevention, accounting, dispute-resolution, backup, or compliance reasons.

Some deleted data may remain temporarily in encrypted backups until the backup is overwritten or deleted.

Anonymised data that no longer identifies you may be retained indefinitely.

12. Account Deletion

You may request account deletion through the app where available or by contacting:

  • privacy@everythingeats.co.uk
  • support@everythingeats.co.uk

When you request deletion, we may need to verify your identity before completing the request.

After deletion, your access to the account will end and your personal data will be deleted or anonymised according to this Policy.

13. Your Rights

Depending on your location and applicable law, you may have rights to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data;
  • restrict processing;
  • object to processing;
  • withdraw consent;
  • request data portability;
  • complain to a data protection authority.

Where processing is based on consent, you may withdraw consent at any time.

Withdrawing consent does not affect processing that took place before consent was withdrawn.

14. Privacy Requests

To make a privacy request, contact:

  • privacy@everythingeats.co.uk
  • support@everythingeats.co.uk

Please include:

  • your account email address;
  • your username, if available;
  • the type of request you are making;
  • enough information for us to verify your identity.

We aim to respond within the period required by applicable data protection law.

15. Complaint Rights

If you are in the UK and are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office.

You can contact the ICO through its official website.

We would appreciate the opportunity to deal with your concerns first, so you may contact us at privacy@everythingeats.co.uk.

16. Children and Young Users

The Service is not intended for children under 13.

We do not knowingly collect personal data from children under 13.

If we become aware that we have collected personal data from a child under 13, we will take reasonable steps to delete it.

Users under 18 should use the Service only with the involvement and permission of a parent or guardian.

We may restrict certain features, advertising, tracking, profiling, or content visibility for young users where required by law or platform rules.

Parents or guardians who believe a child has provided personal data can contact us at privacy@everythingeats.co.uk.

17. Security

We use reasonable technical and organisational measures to protect personal data.

These may include:

  • password hashing;
  • secure app storage for tokens;
  • access controls;
  • encrypted connections;
  • monitoring and logging;
  • backup controls;
  • security reviews;
  • restricted access to production systems.

No system is completely secure. You are responsible for keeping your password, device, linked Google or Apple account, and account details confidential.

If you believe your account has been compromised, contact support@everythingeats.co.uk.

18. App Store, Google Play and Platform Privacy Disclosures

If the Service is available through the Apple App Store, Google Play Store, TestFlight, or another platform, we may be required to provide privacy and data-safety information to that platform.

Those disclosures should match the data practices described in this Privacy Policy.

Platform providers may process your personal data separately under their own privacy policies and terms.

19. Third-Party Links and Services

The Service may contain links to third-party websites, services, ads, sign-in services, or content.

We are not responsible for the privacy practices, security, content, or terms of third-party services.

You should review the privacy policies of third-party services before using them.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Where changes are material, we may notify you by email, in-app notice, or another reasonable method.

Where required by law, we will request renewed consent.

The latest version will be available in the app or on our website.

21. Contact

For privacy questions, requests, or concerns, contact:

  • privacy@everythingeats.co.uk
  • support@everythingeats.co.uk

Data controller: EVERYTHINGEATS LTD

Company number: 17265785