Privacy Policy

Plain English summary of what data Recipe Developer collects, where it goes, and the choices you have.

Effective 14 May 2026

The short version

• Your recipes, photos, voice notes, shopping lists, and meal plans live on your device and, if you have iCloud enabled, in your private iCloud account.
• We don't have an account system. We don't ask you to sign up. We don't know who you are.
• AI features run through an AI provider you choose (Anthropic, OpenAI, or Google) using your API key. Your recipe content is sent directly to that provider, governed by their privacy policy.
• Voice recordings and video audio are sent through our server to OpenAI's Whisper for transcription, then discarded.
• When you tap "Share recipe", that recipe is stored on our server for 90 days so the share link works.
• We use Firebase Analytics and Crashlytics for anonymous usage funnels and crash reports. No personal identifiers, no recipe content.

Who runs the app

Recipe Developer (the "app", "we", "us") publishes the Recipe Developer iOS app. We are the data controller for any personal data processed through the app. You can reach us at support@recipedeveloper.co.uk.

What data we handle

Recipe Developer is designed to keep your content on your device. The categories below describe everything the app touches, where it goes, and why.

Data that stays on your device

The following data is stored locally on your iPhone or iPad. If you have iCloud Drive enabled, iOS syncs it to your private iCloud account using Apple's CloudKit — we don't have access to it.

• Recipes — titles, ingredients, methods, notes, photos, and any tags you add.
• Shopping lists and meal plans — including pantry items you mark as already having.
• Voice recordings — audio captured by the "Dictate recipe" feature. Audio is uploaded to our transcription server (see below) and then deleted from your device after the transcript returns, unless you choose to keep it.
• Imported photos — cookbook pages or screenshots you bring into the app.
• AI API keys — stored in the iOS Keychain. The Keychain is encrypted by iOS and protected by your device passcode or biometrics. The keys never leave your device except when the app calls the corresponding AI provider's API on your behalf.
• App preferences — your chosen AI provider, model, currency, and similar settings.

Data sent to AI providers

Recipe Developer uses AI to turn a TikTok video, a cookbook photo, a web link, or a voice note into a structured recipe, and to help you create new recipes from a prompt. We do not run any AI models ourselves. Instead, you bring your own API key from one of three providers:

• Anthropic (Claude)
• OpenAI (ChatGPT)
• Google (Gemini)

When an AI feature runs, the app calls that provider's API directly from your device using your API key. The data sent to the provider includes:

• For URL imports: the URL you shared and the text we fetched from it.
• For photo imports: the photo you selected.
• For video imports: the on-screen captions we read from the video and the transcript of its audio.
• For voice notes: the transcript of your recording.
• For "Magic Recipe": the natural-language prompt you wrote.

That data is then governed by the AI provider's own privacy policy and terms, not by this policy. Their policies are linked from the Data & Privacy section inside the app's AI Settings screen:

• Anthropic Privacy Policy
• OpenAI Privacy Policy
• Google Privacy Policy

You can disable AI features entirely by clearing your API key in Settings. Without a key, the app's AI features are inactive but the rest of the app continues to work.

Data sent to our server

We run a small server on Cloudflare Workers that powers four features. None of it requires you to create an account.

1. Recipe sharing

When you tap "Share recipe", the app sends the recipe payload (title, ingredients, method, hero image) to our server and we generate a short URL. Anyone who has the URL can open the recipe in a browser preview and tap through to the app. Shared payloads are stored in Cloudflare KV and auto-expire after 90 days.

2. Voice transcription

Audio you dictate or audio extracted from a video you import is uploaded to our server, which proxies it to OpenAI's Whisper API for transcription. The audio is processed in-memory and not stored. The resulting transcript is returned to your device and then sent to your chosen AI provider for recipe extraction (see above).

Whisper is OpenAI's speech-to-text service. Audio sent through it is governed by OpenAI's API data usage policy. We do not use a custom key for this — we operate a shared transcription endpoint.

3. Video import

When you share a TikTok, Instagram, YouTube Shorts, or similar video URL into the app, our server fetches the public metadata and the video's audio track so the audio can be transcribed (step 2). We do not store the video or its audio after processing.

4. Browser extension inbox

If you pair the optional browser extension with the app, the extension drops recipe URLs into a per-pairing inbox on our server. The app polls the inbox and removes items once imported. Inbox tokens and items are stored in Cloudflare KV and removed when you unpair or when the app deletes them after import.

Network metadata

Cloudflare, as our hosting provider, logs basic request metadata (IP address, timestamp, request path, user-agent) for the purpose of operating the service and mitigating abuse. This is described in Cloudflare's privacy documentation. We do not connect this metadata to any in-app identifier.

Analytics and crash reports

We use Google's Firebase Analytics and Firebase Crashlytics to understand which features people use and to detect crashes.

• Events we record — import started / completed / failed, AI key setup steps, AI model switches, "Magic Recipe" usage. Parameters include things like the AI provider, the AI model, the import kind (URL / photo / video / voice), and the host of the URL (e.g. tiktok.com) — never the URL itself or its content.
• User properties — active AI provider, active AI model, whether a key is configured, and a bucketed range of how many recipes you have (e.g. 20-49). We don't record exact counts and we don't record any recipe content.
• Crash reports — automatically generated by Firebase Crashlytics when the app crashes. These include the stack trace, device model, OS version, and a breadcrumb log of in-app actions. No recipe content.
• Identifiers — Firebase assigns an installation-level pseudonymous identifier. We do not link this to any account.

Firebase is operated by Google. Data is processed in line with Firebase's privacy and security policy.

Payments and the App Store

Recipe Developer is a one-time paid app sold through Apple's App Store. We don't process payments ourselves. Apple handles the purchase, refunds, and any subscription-style mechanics under Apple Media Services Terms and Conditions. We receive aggregate sales reports from Apple but no payment details and no personally identifying customer information.

How long we keep data

• On-device data — kept until you delete it or uninstall the app.
• Shared recipe payloads — 90 days from creation, then auto-deleted by Cloudflare KV.
• Voice and video audio — processed in-memory only, not persisted.
• Browser-extension inbox items — removed when the app imports them or when you unpair.
• Analytics and crash data — retained per Firebase's defaults (currently 2 months for event-level data, 14 months for user-property data; up to 90 days for crash data unless extended in our console settings).

Your rights

If you are in the UK, the EU, or another jurisdiction with similar laws, you have rights over personal data we hold about you, including:

• Access to your data.
• Correction of inaccurate data.
• Deletion of your data.
• Restriction or objection to certain processing.
• Data portability.
• Lodging a complaint with your supervisory authority — in the UK that is the Information Commissioner's Office (ICO).

Because the app is built so that we hold as little of your data as possible, most of these rights you can exercise yourself from inside the app: delete a recipe, clear an API key, unpair the extension, uninstall the app. If you want us to delete a specific shared-recipe link or you have any other request, email support@recipedeveloper.co.uk and we will action it within 30 days.

Our lawful basis for the limited processing we do is your consent (analytics, when enabled) and our legitimate interest in operating and improving the app (sharing, transcription, crash reports).

Children

Recipe Developer is rated 4+ on the App Store and is suitable for general audiences, but the app is not directed at children under 13 and we don't knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We will update this page when we change how we handle data — for example, if we add a new AI provider, change retention windows, or replace a third-party service. The "Effective" date at the top of the page reflects the most recent update. For substantive changes we will also notify you in the app on next launch.

Contact

Privacy questions, data requests, or anything else legal: support@recipedeveloper.co.uk.