Privacy Policy

1. Introduction & Overview

Thank you for your interest in our community platform. Privacy is of particular importance to us. As we operate this project without any profit motive, we consciously refrain from using advertising trackers and selling data.

This privacy policy informs you about the nature, scope and purpose of the personal data we collect, use and process. You will also be informed about the rights available to you.

As of: February 2026

Table of Contents

• Introduction
• Controller
• Data Security & SSL
• Hosting & Infrastructure
• Registration & Single Sign-On
• Community Features
• Statistics & Local Storage
• Third-Party Services
• Your Rights

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Daniel Löb
Friedensstraße 2
65428 Rüsselsheim
Germany

Email: [email protected]
Legal Notice

3. Data Security & SSL

For security reasons and to protect the transmission of confidential content – such as your login credentials – we use SSL/TLS encryption. You can recognise an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the padlock icon in your browser bar.

In addition, we protect our website and other systems through technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons.

4. Hosting & Infrastructure

In order to provide our online service in a secure and efficient manner, we use the services of web hosting providers. We pay particular attention to choosing server locations within the European Union.

• Railway (App Hosting): Our application runs on Railway's infrastructure. We use the server location Netherlands (EU), so the processing of your requests takes place primarily within the European Union.
  Service provider: Railway Corp., USA.
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR).
• PostgreSQL (Database): Your user data (if you create an account) and content are stored in a PostgreSQL database hosted on Railway's infrastructure in the Netherlands (EU).
  Legal basis: Performance of contract (Art. 6 para. 1 lit. b GDPR).

Note: Even with server locations in the EU, technical access by US parent companies cannot be completely excluded. We ensure that appropriate guarantees are in place (such as standard contractual clauses or participation in the Data Privacy Framework).

5. Registration & Single Sign-On (SSO)

We offer you the option to sign in using an existing account with third-party providers (Google, Discord, GitHub) – so-called "Single Sign-On". For security reasons, we do not offer classic registration with email and password.

How it works: When you sign in, you are redirected to the respective provider's page. After successful authentication, we receive a digital token and certain profile information from the provider (typically your email address, name and a profile picture).

We do NOT store any passwords. Authentication is handled exclusively by the third-party providers' servers.

• Google OAuth: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• Discord OAuth: Discord Inc., 444 De Haro Street, San Francisco, CA 94107, USA.

Legal basis: Performance of contract (Art. 6 para. 1 lit. b GDPR) for the provision of the user account.

6. Community Features & Emails

User-generated content: When you publish recipes, images or comments, this data is stored in our database and displayed publicly on the website. This storage is permanent until you request deletion or close your account.

Email delivery (Resend): For system-relevant emails (e.g. confirmation of account deletion or security alerts), we use the service provider Resend. We do not send newsletters or advertising without your explicit consent.
Service provider: Resend, Inc., USA.

7. Statistics & Local Storage

Anonymous usage statistics (documentation):
When you watch videos on our site (e.g. the documentary), we record the duration watched in order to display a total of all minutes watched on the platform. Important: This data is stored anonymously and in aggregate form. No IP address or user ID is linked to the viewing duration. It is not possible for us to identify you personally.

Local Storage (instead of cookies):
We use technologies such as the "Local Storage" of your browser to provide features for guests (e.g. crossing off ingredients or a temporary wishlist). This data is stored exclusively on your device and is not transmitted to our servers as long as you are not logged in.

Cookies: We only use technically necessary session cookies required for the login area (managed by Better-Auth).

8. Third-Party Services & Tools

We embed content and tools from third-party providers to ensure functionality. For technical reasons, your IP address is transmitted to the respective provider.

• Cloudinary (Images & Media): For optimised display of images, we use the content delivery network of Cloudinary. This serves to improve the loading speed of our website (legitimate interest).
  Service provider: Cloudinary Ltd., Israel/USA.
• Sentry (Error Analysis): To improve the stability of our platform, we use Sentry. Sentry logs errors that occur in the code. The data is used exclusively for debugging purposes and is deleted after a short period. IP addresses are masked or anonymised in this process.
  Service provider: Functional Software, Inc., USA.

9. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You may request information about your personal data processed by us.
• Right to rectification (Art. 16 GDPR): You may request the immediate correction of inaccurate or the completion of incomplete personal data stored by us.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
• Right to restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your personal data where you dispute the accuracy of the data or the processing is unlawful.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
• Right to object (Art. 21 GDPR): Where your personal data is processed on the basis of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), you have the right to object to the processing where there are grounds relating to your particular situation.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or our place of business.