EverythingEats Privacy Policy
Privacy Policy
1. Introduction
EverythingEats is committed to protecting your privacy.
This Privacy Policy explains what personal data we collect, how we use it, why we use it, who we share it with, how long we keep it, and what rights you have.
EverythingEats is owned and operated by EVERYTHINGEATS LTD, a company registered in England and Wales.
For data protection purposes, the data controller is:
EVERYTHINGEATS LTD
Company number: 17265785
Email: privacy@everythingeats.co.uk
Support: support@everythingeats.co.uk
References to "EverythingEats", "we", "us", or "our" mean EVERYTHINGEATS LTD.
2. Data We Collect
We may collect and process the following categories of personal data.
Account and Identity Data
- email address;
- username;
- display name;
- password hash, where you create a password;
- email verification status;
- third-party sign-in provider, such as Google or Apple;
- provider account identifier;
- provider-verified email status;
- social sign-in name, where provided;
- linked authentication methods;
- sign-in identity tokens or credential responses, where needed to verify a Google or Apple sign-in;
- account creation date;
- account status;
- login and authentication records.
If you use Sign in with Apple and choose to hide your email, Apple provides a private relay email address instead of your personal address. We treat this relay address as your account email and use it to contact you; Apple forwards messages we send to it to your real address. If relay forwarding is turned off or the Apple sign-in is unlinked, you may be unable to receive our emails at that address.
User Content
- recipe names;
- ingredients;
- recipe steps;
- preparation notes;
- recipe images;
- recipe videos or links;
- servings;
- cooking times;
- preparation times;
- rest times;
- difficulty level;
- tags;
- recipe category;
- nutrition information;
- allergens;
- equipment;
- public or private recipe status;
- scanned or imported recipe content, where recipe scanning is used.
If you mark a recipe as public, that recipe and associated public content may be visible to everyone, including guests and unregistered visitors. Public recipes are not limited to registered users.
Meal Planning and Grocery Data
- weekly menus;
- selected meals;
- shopping lists;
- saved favourites;
- generated meal plans;
- recipe history;
- recently used recipes.
Preferences and Settings
- measurement units;
- portion preferences;
- meal slots;
- weekly schedule preferences;
- dietary preferences;
- allergens;
- disliked ingredients;
- day-level meal preferences;
- meal-level preferences;
- theme preference;
- reminder settings;
- notification preferences.
Usage, Analytics and Diagnostic Data
- app opens;
- screen views;
- feature usage events;
- recipe creation events;
- menu generation events;
- preference changes;
- search activity within the app;
- error reports;
- crash logs;
- performance data;
- authentication and session activity;
- security and audit events.
Ads and Advertising Data
- AdMob consent status;
- advertising identifiers, where permitted;
- device identifiers, where permitted;
- consent strings and consent records;
- ad interaction data;
- ad delivery and measurement data;
- non-personalised or personalised ad selection data, depending on your choices and applicable law.
Technical Data
- device platform;
- operating system;
- app version;
- IP address;
- approximate location inferred from IP address;
- browser or app environment;
- language settings;
- system logs;
- secure token/session information;
- push notification token, where notifications are enabled.
Communications Data
- emails you send to us;
- support requests;
- privacy requests;
- bug reports;
- feedback;
- account deletion requests.
3. Special Category and Sensitive Data
Some information you provide may be sensitive.
This may include allergy information, dietary restrictions, health-related dietary needs, religious dietary requirements, ethical dietary preferences, or other information that could reveal special category data under data protection law.
We use this information only to provide, personalise, and improve relevant app features, including recipe filtering, menu generation, allergy warnings, shopping-list support, and preference settings.
We do not use allergy, health-related, religious, or sensitive dietary information for personalised advertising.
Where required, we rely on your explicit consent to process sensitive dietary, allergy, or health-related information.
You can update or delete this information in your app settings or by contacting us.
4. How We Use Your Data and Our Lawful Basis
For users in the UK or EEA, we rely on the following lawful bases.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Create and manage your account | Account and identity data | Contractual necessity |
| Authenticate users and maintain sessions | Account data, provider identity data, technical data, session data | Contractual necessity and legitimate interests |
| Verify and link Google or Apple sign-in | Account and identity data, provider-verified email, provider account identifiers, authentication records | Contractual necessity and legitimate interests |
| Store and display your recipes | User content | Contractual necessity |
| Store meal plans and shopping lists | Meal planning and grocery data | Contractual necessity |
| Personalise recipes, filters, menus, and preferences | Preferences, dietary preferences, allergens, disliked ingredients | Contractual necessity, consent, and where required explicit consent |
| Send verification and password reset emails | Email address, account status | Contractual necessity |
| Send optional reminders | Reminder settings, notification token, email address | Consent or contractual necessity, depending on the reminder |
| Provide customer support | Communications data, account data | Legitimate interests and contractual necessity |
| Improve the Service | Usage, analytics, diagnostic data | Legitimate interests or consent where required |
| Monitor app performance and fix bugs | Logs, error reports, crash data | Legitimate interests |
| Secure the Service and prevent fraud | Technical data, audit logs, authentication records | Legitimate interests and legal obligations |
| Display non-personalised ads | Ad consent status, technical data | Legitimate interests or consent where required |
| Display personalised ads | Ad identifiers, consent data, usage/ad data | Consent |
| Comply with legal obligations | Account data, logs, communications | Legal obligation |
| Handle privacy requests | Account data, communications data | Legal obligation |
| Enforce Terms and investigate misuse | Account data, user content, logs | Legitimate interests and legal obligations |
Where we rely on legitimate interests, we consider and balance our interests against your rights and freedoms.
Where we rely on consent, you may withdraw consent at any time.
5. Ads, AdMob and Consent
EverythingEats may display ads using Google AdMob and related advertising partners.
Depending on your region, consent choices, device settings, and applicable law, ads may be personalised or non-personalised.
Where required, we will ask for consent before:
- using cookies, local storage, or similar technologies for advertising;
- accessing advertising identifiers;
- collecting, sharing, or using personal data for personalised ads;
- using tracking technologies that require consent.
You can manage or withdraw consent through the app privacy settings, consent screen, operating-system settings, or other available privacy controls.
If you withdraw consent, ads may still appear, but they may be non-personalised where supported.
Google and its advertising partners may process data as independent controllers or processors depending on the context and their own terms.
6. Analytics, Crash Reporting and Observability
We use analytics, crash reporting, logging, and observability tools to understand how the Service performs, identify bugs, prevent abuse, improve features, and protect the Service.
This may include collecting:
- app usage events;
- crash logs;
- device and app version information;
- performance data;
- error messages;
- authentication events;
- IP address;
- system logs.
Where analytics or tracking requires consent, we will request consent before using those technologies.
7. Recipe Scanning, OCR and AI Processing
If you use recipe scanning, image upload, import, OCR, or AI-assisted recipe parsing features, we may process uploaded images, extracted text, and generated recipe draft data.
This processing is used to:
- extract recipe text;
- identify ingredients and steps;
- structure recipes into the app format;
- improve the reliability of recipe creation;
- debug and secure the feature.
Uploaded images or extracted text may be processed by third-party providers that support OCR, AI, document processing, cloud storage, or app infrastructure.
You should not upload recipes, images, documents, or content that you do not own or have permission to use.
8. Push Notifications and Reminders
If you enable reminders or notifications, we may process notification preferences, reminder times, meal-plan settings, and device push tokens.
You can disable push notifications through the app settings or your device settings.
9. Who We Share Data With
We may share personal data with trusted service providers that help us operate the Service, including:
- hosting providers;
- cloud database providers;
- cloud storage providers;
- email providers;
- authentication and security providers, including Google and Apple where you choose to use their sign-in services;
- analytics providers;
- crash-reporting and observability providers;
- advertising providers, including Google AdMob;
- consent-management providers;
- AI, OCR, or document-processing providers where recipe scanning is used;
- app stores and platform providers;
- professional advisers where necessary;
- legal or regulatory authorities where required.
We only share data where necessary for the purposes described in this Policy, where you have consented, or where required by law.
If you choose Google Sign-In or Sign in with Apple, the provider may process information about your use of that sign-in method under its own terms and privacy policy.
Service providers must process personal data only as instructed by us, unless they act as independent controllers under their own legal obligations.
10. International Transfers
Some of our service providers may process personal data outside the United Kingdom or European Economic Area.
Where personal data is transferred internationally, we use appropriate safeguards where required. These may include adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum, Standard Contractual Clauses, or other lawful transfer mechanisms.
11. Data Retention
We keep personal data only for as long as necessary for the purposes described in this Policy, including providing the Service, complying with legal obligations, resolving disputes, enforcing Terms, maintaining security, and improving the app.
Typical retention periods are:
| Data Type | Retention Period |
|---|---|
| Account data | For as long as your account exists |
| Private recipes | Until deleted by you or deleted after account deletion |
| Public recipes | While public, then up to 30 days after account deletion or removal unless earlier removal is required |
| Weekly menus and shopping lists | For as long as your account exists or until deleted |
| Preferences and settings | For as long as your account exists or until changed/deleted |
| Email verification and password reset records | As needed for security and account operation |
| Support emails and requests | Up to 24 months after resolution, unless longer retention is needed |
| System logs and security logs | Usually up to 12 months, unless needed for security, fraud prevention, or legal reasons |
| Analytics data | Usually up to 26 months, or shorter where configured |
| Consent records | For as long as needed to demonstrate consent and compliance |
| Backup data | Retained for a limited backup cycle before being overwritten or deleted |
| Legal or dispute records | As long as necessary to handle the legal issue |
After account deletion, we delete or anonymise personal data unless retention is necessary for legal, security, fraud-prevention, accounting, dispute-resolution, backup, or compliance reasons.
Some deleted data may remain temporarily in encrypted backups until the backup is overwritten or deleted.
Anonymised data that no longer identifies you may be retained indefinitely.
12. Account Deletion
You may request account deletion through the app where available or by contacting:
- privacy@everythingeats.co.uk
- support@everythingeats.co.uk
When you request deletion, we may need to verify your identity before completing the request.
After deletion, your access to the account will end and your personal data will be deleted or anonymised according to this Policy.
13. Your Rights
Depending on your location and applicable law, you may have rights to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- request deletion of your data;
- restrict processing;
- object to processing;
- withdraw consent;
- request data portability;
- complain to a data protection authority.
Where processing is based on consent, you may withdraw consent at any time.
Withdrawing consent does not affect processing that took place before consent was withdrawn.
14. Privacy Requests
To make a privacy request, contact:
- privacy@everythingeats.co.uk
- support@everythingeats.co.uk
Please include:
- your account email address;
- your username, if available;
- the type of request you are making;
- enough information for us to verify your identity.
We aim to respond within the period required by applicable data protection law.
15. Complaint Rights
If you are in the UK and are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office.
You can contact the ICO through its official website.
We would appreciate the opportunity to deal with your concerns first, so you may contact us at privacy@everythingeats.co.uk.
16. Children and Young Users
The Service is not intended for children under 13.
We do not knowingly collect personal data from children under 13.
If we become aware that we have collected personal data from a child under 13, we will take reasonable steps to delete it.
Users under 18 should use the Service only with the involvement and permission of a parent or guardian.
We may restrict certain features, advertising, tracking, profiling, or content visibility for young users where required by law or platform rules.
Parents or guardians who believe a child has provided personal data can contact us at privacy@everythingeats.co.uk.
17. Security
We use reasonable technical and organisational measures to protect personal data.
These may include:
- password hashing;
- secure app storage for tokens;
- access controls;
- encrypted connections;
- monitoring and logging;
- backup controls;
- security reviews;
- restricted access to production systems.
No system is completely secure. You are responsible for keeping your password, device, linked Google or Apple account, and account details confidential.
If you believe your account has been compromised, contact support@everythingeats.co.uk.
18. App Store, Google Play and Platform Privacy Disclosures
If the Service is available through the Apple App Store, Google Play Store, TestFlight, or another platform, we may be required to provide privacy and data-safety information to that platform.
Those disclosures should match the data practices described in this Privacy Policy.
Platform providers may process your personal data separately under their own privacy policies and terms.
19. Third-Party Links and Services
The Service may contain links to third-party websites, services, ads, sign-in services, or content.
We are not responsible for the privacy practices, security, content, or terms of third-party services.
You should review the privacy policies of third-party services before using them.
20. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
Where changes are material, we may notify you by email, in-app notice, or another reasonable method.
Where required by law, we will request renewed consent.
The latest version will be available in the app or on our website.
21. Contact
For privacy questions, requests, or concerns, contact:
- privacy@everythingeats.co.uk
- support@everythingeats.co.uk
Data controller: EVERYTHINGEATS LTD
Company number: 17265785