Tastebuds AI

Privacy Policy

Last updated: February 12, 2025

Who we are

Tastebuds AI is operated by Marco Singhof ("we", "our"), based in the United States. We are the data controller for the personal data described below. For privacy questions or to exercise your rights, contact us at privacy@tastebudsai.com.

Data we collect

We collect only what is necessary to run the service, process payments, prevent abuse, and improve performance.

  • Account data: When you sign up we collect basic account details such as your email address, name, login credentials, and account preferences. If you enable additional security features (such as two-factor authentication), we collect the information necessary to provide those features.
  • Recipe and cooking data: Content you create in the Service, such as recipes, cooking activity, lists, and related notes or metadata that you choose to store.
  • Payment data: We use Stripe for billing. We store your Stripe customer ID and rely on Stripe for payment details; we do not store full card numbers.
  • AI usage data (abuse and quotas): For AI features (such as recipe generation, import, image generation) we log: which operation was used, which model, token counts, and cost.
  • Images: Recipe images and other images you choose to upload are stored and associated with your account.
  • Newsletter: If you sign up to hear from us, we collect your email address so we can send you updates about Tastebuds AI. You can unsubscribe at any time using the link in those emails.

How we use your personal data

We use personal data for the following purposes:

  • To provide the Service: We use personal data to operate, maintain, and provide you with the Service, including to process your payments. In particular, we use personal data to enter into a contract with you or to perform our contractual obligations under our Terms of Service.
  • To communicate with you: We use your personal data to respond to your inquiries, comments, feedback, or questions where needed to perform our contract with you or where it is in our legitimate business interests.
  • To send administrative information: For example, we may send you information regarding the Service and changes to our terms, conditions, and policies as necessary to perform our obligations under our Terms of Service.
  • For analytics and product improvement: Where it is in our legitimate business interests, we use personal data for business purposes such as data analysis, identifying usage trends, improving the content and functionality of the Service, developing new products and features, determining the effectiveness of any promotional campaigns, and evaluating and improving the Service and your experience. In most cases we aggregate or de-identify personal data and use only aggregated information, such as statistics, for these purposes.
  • To protect the Service: It is in our legitimate business interests to prevent fraud, abuse of AI features, and other criminal or malicious activity, and to ensure the security of our systems, architecture, and networks.
  • For compliance and legal reasons: We may use personal data to comply with legal obligations, and it is in our legitimate business interests to use personal data to defend us against legal claims or disputes, protect our, your, or others' rights, privacy, safety, or property, audit our internal processes, enforce our Terms of Service, and comply with applicable laws, lawful requests, and legal process (for example, subpoenas or requests from government authorities).
  • To send newsletters and product updates: If you subscribe to receive our newsletter or marketing updates, we use your personal data (typically your email address) to send you these communications. Except where consent is required, we undertake such marketing on the basis of our legitimate business interests. Where we seek your consent, you may withdraw it at any time.

We do not sell your personal data or share your personal data for interest-based advertising purposes.

Opting out of marketing communications. You may opt out of marketing-related communications by following the unsubscribe instructions in the communication. You may continue to receive service-related communications and other non-marketing emails.

Sharing and disclosure of personal data

In certain circumstances we may share your personal data with third parties, including:

  • Vendors and service providers: We work with third-party companies to help us operate and improve the Service, such as hosting providers, cloud and storage providers, email and newsletter tools, payment processors, customer support tools, analytics and monitoring tools, and other IT and business service providers. These parties may access, process, or store personal data while performing services for us, based on our instructions and subject to contractual obligations to protect your personal data and use it only to provide services to us and to you.
  • Professional advisors: We may share personal data with professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they provide to us.
  • Business transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or a similar transaction, personal data may be shared in the diligence process and transferred to a buyer, investor, or other successor as part of that transaction, subject to appropriate confidentiality obligations.
  • Legal requirements: We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations (including national security or law enforcement requirements), protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users of the Service or the public, or protect against legal liability. We may disclose and exchange information with law enforcement agencies and regulators where necessary to meet our legal and regulatory obligations.

We do not sell your personal data.

Cookies

We use strictly necessary cookies to run the app:

  • session — Keeps you logged in (httpOnly, secure in production). About 30 days.
  • password_reset_session — Used only during password reset; removed when the flow completes.
  • email_verification — Used only during email verification; removed when the flow completes.

We do not use advertising or non-essential tracking cookies.

Retention and deletion

We will not retain your personal data for longer than necessary for the purposes set out in this privacy policy. Different retention periods may apply for different types of personal data. Generally, we store personal data until it is no longer necessary to provide the Service or until your account is deleted, whichever happens first.

When it is no longer necessary to retain your personal data, we will delete or anonymize it. If you want to delete your account, contact us at privacy@tastebudsai.com and we will remove your personal data and disassociate or delete your content in line with our deletion process and legal obligations. Session and temporary cookies are cleared when they expire or when you log out. AI usage logs are retained for cost tracking and abuse prevention and may be retained for a reasonable period after account deletion as required for our legitimate business or legal needs.

Your rights

Depending on where you live and the laws that apply to you, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Request a copy of your data (portability)
  • Object to or restrict certain processing
  • Withdraw consent where processing is consent-based
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@tastebudsai.com. We will respond within the timeframe required by applicable law.

International transfers

Our infrastructure and many of the service providers we work with process data in the United States and may also process data in other countries. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where privacy laws may be different from those in your country.

Children

The service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will endeavor to delete it.

Changes

We may update this policy from time to time. We will post the new version on this page and update the "Last updated" date. Material changes may be communicated by email or a notice in the app when you next log in.

Contact

For privacy-related requests or questions: privacy@tastebudsai.com.