Privacy Policy

The data controller under the GDPR is:

Contact: mail@preservefood.de

We only process data that is necessary to operate the app and website:

• Account data (email address, hashed password) – processed via our auth provider Supabase to enable sign-in and sync.
• User content (saved groceries, recipes, meal plans, notes) – used solely to provide the app's features.
• Images & camera input – if you take or upload photos of food items. Data is stored encrypted in our database and not shared with third parties.
• Push tokens – if you enable notifications, we store an anonymous device token so we can send reminders (e.g. expiring food).
• Subscription status – we receive from Apple or Google only the information whether your account has an active premium subscription. Payment details (credit card, address, billing information) are processed exclusively by Apple/Google and are not transmitted to us.
• Technical data – server logs (IP, timestamp, user agent) are kept briefly to protect the service from abuse and then deleted or anonymised.

Processing is based on Art. 6(1)(b) GDPR (performance of a contract / provision of app features), Art. 6(1)(f) (legitimate interest in secure operation), and where applicable Art. 6(1)(a) (consent, e.g. push notifications) and Art. 6(1)(c) (legal obligations).

The following providers process data on our behalf:

• Supabase Inc. – database hosting and authentication (EU servers, data processing agreement in place).
• Vercel Inc. / hosting provider – technical operation of the website.
• AI providers based in the USA – specifically OpenAI, L.L.C. (OpenAI API) and Perplexity AI, Inc. (Perplexity API). These providers process requests for the app's AI-powered features (e.g. recipe suggestions, automatic recognition, research). For most AI features, only generic, anonymised queries are sent (e.g. ingredient lists, quantities) – no personal data. The recipe chat feature is an exception: the message you type is forwarded unchanged to OpenAI, so please do not enter personal data (e.g. real names, addresses, health information) there. Data processing agreements (DPAs) are in place with OpenAI and Perplexity; data transfer to the USA is based on the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). The providers have contractually agreed not to use submitted API content to train their models.
• Apple App Store / Google Play Store – distribution of the mobile app; their privacy notices apply in addition.

When you register via „Sign in with Apple“ or „Sign in with Google“, we receive your name (only on your very first sign-in) and an email address from Apple or Google — with „Sign in with Apple“ this may be a private Apple Relay address. We use this data solely to create your Preserve Food account. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Provider privacy policies: Apple (https://www.apple.com/legal/privacy/), Google (https://policies.google.com/privacy).

Within the app you may optionally enter allergens (e.g. gluten, milk, nuts) and dietary preferences (e.g. vegetarian, vegan). This information may constitute health data within the meaning of Art. 9(1) GDPR. We process it solely on the basis of your explicit consent (Art. 9(2)(a) GDPR) and use it only to suggest matching recipes and filter content. You can withdraw your consent at any time in the app settings by removing the relevant entries.

The Preserve Food app is not intended for users under 16 years of age. We do not knowingly collect personal data from children under that age. If you are a parent or legal guardian and become aware that your child has provided us with personal data, please contact us at mail@preservefood.de — we will delete the data promptly.

On the website we only use what is strictly necessary:

• Essential cookies/tokens for sign-in and session management (e.g. Supabase auth cookie). These are required for authenticated areas to work.
• Local storage (localStorage) for your theme preference (light/dark).
• We do not use analytics, tracking or advertising cookies and do not embed any ad networks.

You can clear or block cookies in your browser at any time. Blocking essential cookies will prevent sign-in from working.

We keep personal data only as long as needed for the purposes above. Account and content data are deleted on your request or at the latest after 12 months of inactivity. Log data is automatically deleted or anonymised after 14 days at the latest.

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21) at any time. Where processing is based on consent, you can withdraw it at any time.

You also have the right to lodge a complaint with your supervisory authority (in Hesse: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit).

You can delete your account and all related data at any time directly in the app (Settings → „Delete account“). Alternatively, you can request deletion via our dedicated „Delete account“ page.

For privacy questions or to exercise your rights, write to mail@preservefood.de. We usually reply within a few days.