Legal

Privacy Policy

Last updated: April 2, 2026

1. Who We Are

Tasteze is operated by DnD Media Co. (“we,” “us,” or “our”). For privacy-related questions, contact us at privacy@tasteze.app.

2. Information We Collect

We collect the following categories of personal information:

  • Account information — email address, display name, and profile data provided during sign-up (including via Apple Sign-In or Google Sign-In)
  • Recipe and meal data — recipes you import, create, or save; meal plans; shopping lists; and cookbook collections
  • Kitchen and pantry data — pantry inventory items, expiration dates, barcode scan results, and storage preferences
  • Dietary and taste preferences — dietary restrictions, taste profile settings, and nutrition goals you provide
  • Household data — household membership and data shared among household members (recipes, meal plans, shopping lists, pantry items)
  • Subscription and billing data — subscription tier and status. Payment details (credit card numbers) are processed directly by Stripe or Apple and are never stored on our servers
  • Device and usage data — anonymous product analytics (feature usage, page views), device type, browser version, and app performance metrics
  • Camera data — images captured via barcode scanning are processed on-device and are not stored or transmitted beyond the barcode lookup

3. How We Use Your Information

We process your data under the following legal bases (for GDPR purposes):

  • Performance of contract — providing the Tasteze service: recipe management, meal planning, shopping lists, pantry tracking, household sharing, and syncing data across your devices
  • Performance of contract — generating personalized AI-powered recipe suggestions, customizations, and nutritional estimates based on your preferences and data
  • Legitimate interest — product analytics to improve the service, error monitoring, and fraud prevention
  • Consent — sending optional notifications such as expiration alerts and meal reminders (you can opt out at any time)
  • Legal obligation — tax and billing records as required by law

4. AI-Generated Content and Data Processing

Tasteze uses artificial intelligence to generate recipes, recipe images, nutritional estimates, chef's notes, blog content, and other suggestions. When you use these features:

  • Your inputs (ingredients, preferences, recipe text) are sent to our AI providers (Anthropic and OpenAI) to generate responses
  • AI providers process your inputs under their API terms and do not use API inputs to train their models
  • AI-generated recipes, images, and blog posts are clearly produced by AI and may not be unique — other users may receive similar outputs
  • AI-generated nutritional information is estimated and may not be accurate. It is not a substitute for professional dietary advice

5. Third-Party Services

We share data with the following third-party service providers, each under data processing agreements:

  • Supabase — database hosting and authentication (stores your account and app data)
  • Anthropic — AI recipe generation, analysis, and chef's notes (receives recipe text and preferences)
  • OpenAI — AI image generation for recipes (receives recipe titles and descriptions)
  • Stripe — payment processing for web subscriptions (receives payment information directly; we never see or store card numbers)
  • RevenueCat — subscription management and entitlement tracking
  • Apple — App Store subscription billing and Apple Sign-In authentication
  • Google — Google Sign-In authentication
  • Vercel — web application hosting
  • Fly.io — API server hosting
  • PostHog — anonymous product analytics (no personal identifiers are sent)
  • Sentry — error monitoring and crash reporting (no personal data included in error reports)

6. International Data Transfers

Tasteze is based in the United States. Your data is processed and stored on servers in the United States. If you are located outside the US (including the EU/EEA), your data is transferred to the US under Standard Contractual Clauses (SCCs) or equivalent safeguards as required by applicable law. By using Tasteze, you acknowledge this transfer.

7. Household Data Sharing

When you join or create a household, recipes, meal plans, shopping lists, and pantry items are visible to all household members. Each member must have their own account and consents to this shared visibility by joining the household. You can leave a household at any time. Content you personally created remains associated with your account after leaving.

8. Data Retention

We retain your data as follows:

  • Account and recipe data — retained while your account is active and for 30 days after deletion request
  • Subscription and billing records — retained for 7 years as required by tax and accounting regulations
  • Analytics data — anonymized and retained for up to 24 months
  • Error logs — retained for 90 days

9. Cookies, Local Storage, and Offline Data

We use the following storage mechanisms:

  • Authentication cookies — essential for maintaining your login session
  • localStorage — stores theme preferences and UI settings
  • Service workers and IndexedDB — cache app assets and recipe data for offline access
  • Analytics cookies — PostHog uses cookies for anonymous session tracking. No advertising or third-party tracking cookies are used

You can clear locally stored data at any time through your browser settings. Disabling cookies may prevent you from using certain features.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your data (see Section 11)
  • Portability — receive your data in a portable format
  • Restriction — request we limit processing of your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw at any time

California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information. We do not sell your personal information. To exercise any right, contact privacy@tasteze.app. We will not discriminate against you for exercising your privacy rights.

EU/EEA residents: You have the right to lodge a complaint with your local data protection supervisory authority.

11. Account Deletion

You can delete your account and all associated data at any time from the Settings page within the app. Upon deletion, all recipes, meal plans, pantry items, shopping lists, household memberships, and personal information are permanently removed from our systems within 30 days. Anonymized analytics data and billing records required by law are retained as described in Section 8.

12. Children's Privacy

Tasteze is not directed to children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal data, contact us at privacy@tasteze.app and we will promptly delete it.

13. Data Security

We protect your data using industry-standard measures including HTTPS encryption for all data in transit, row-level security policies at the database level, and secure authentication via Supabase Auth. No system is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email. The “Last updated” date at the top reflects the most recent revision. Continued use of Tasteze after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, data requests, or complaints, contact us at privacy@tasteze.app. We aim to respond to all requests within 30 days.

Tasteze

© 2026 Tasteze. All rights reserved.