DishBinder

    DishBinder Privacy Policy

    Effective date: 2026-04-25

    DishBinder ("we", "our", "the app") is a personal recipe management application. This policy explains what data we collect, why, and your rights. By using DishBinder you agree to the practices described here.

    1. Information we collect

    Account information: email address, name (optional), and an encrypted password. We never store your password in readable form — it is hashed with bcrypt before being written to disk.

    Profile preferences: dietary restrictions, disliked ingredients, cooking skill level, and timezone. All optional. Used to personalize the AI features.

    Your recipe library: recipe titles, descriptions, ingredients, instructions, source URLs, notes, tags, and images you upload or import. Recipes you save are private to your account unless you explicitly generate a public share link.

    Collections, grocery lists, and meal plans: groupings of recipes, shopping items, and weekly meal-slot assignments you create.

    AI feature inputs: messages you send to the Chef chat, prompts you submit to the recipe generator, and constraints you send to the meal planner. We store a per-day count of AI generations per feature for rate-limiting; we do not store the content of the messages themselves on our servers.

    Subscription metadata: the platform that handled your payment (Stripe / Apple / Google), your subscription status, plan, and the start/end of your current billing period. We never see or store your payment-instrument details (card numbers, Apple ID password, etc.).

    Operational data: push notification tokens (if you enable notifications), email verification + password-reset tokens (transient — invalidated on use), and rate-limit / lockout counters (transient).

    2. How we use your data

    • To provide the recipe library, collections, grocery list, and meal planner
    • To send recipe URLs through our scraper service so you can save them with one tap
    • To power the AI features (Chef chat, recipe generator, meal planner)
    • To send transactional email (signup verification, password reset, recipe-share emails you initiate)
    • To process subscription payments through Stripe, Apple, and Google
    • To deliver push notifications you opt into
    • To enforce rate limits and protect the service from abuse

    Apple Health & Health Connect (mobile)

    On iPhone and iPad, DishBinder can connect to Apple Health (HealthKit); on Android, to Health Connect. This connection is optional and only happens after you explicitly grant permission in the system prompt. When connected:

    • We write the nutrition and water you log in DishBinder (calories, protein, carbs, fat, fiber, water) to the health store, tagged as coming from DishBinder, so your other health apps can see it.
    • We read your body weight, energy burned (active / total calories), and step count, which power your weight-trend and net-energy reports. We read aggregate energy totals — we do not read nutrition data written by other apps, and we never re-import the nutrition we ourselves wrote.

    Health data is only sent to our servers as the daily summary needed for those reports, and only while the connection is enabled — you can disconnect at any time in Settings, and you control all access from your device's Health / Health Connect settings. We never use health data for advertising or marketing, and never sell it.

    3. Third-party processors

    We use the following third-party services to deliver DishBinder. Each one only receives the data it needs to do its job.

    • Groq (AI features) — receives the text of your Chef-chat messages, recipe-generation prompts, and meal-plan prompts, plus any profile preferences you've set (dietary restrictions, dislikes, skill level) so the AI can personalize results. Your email and name are not sent. See Groq's privacy policy.
    • Stripe (web payments) — handles credit-card data for web subscriptions. We never see or store card numbers; we keep only your Stripe customer ID. See Stripe's privacy policy.
    • Apple App Store (iOS payments) — handles iOS subscriptions through StoreKit. We receive transaction identifiers but never your Apple ID password.
    • Google Play (Android payments) — handles Android subscriptions through Play Billing. We receive purchase tokens but never your Google account credentials.
    • Resend (transactional email) — sends signup verification, password reset, and recipe-share emails. Receives only the recipient address and the message content. See Resend's privacy policy.
    • Cloudflare R2 (image storage) — stores recipe and avatar images you upload. Images are served through signed URLs that expire.
    • Railway (hosting) — runs our backend, Postgres database, and Redis cache. Customer data lives on Railway's managed Postgres.
    • Cloudflare Workers (web hosting) — serves the web app static assets. Does not receive your account data.

    When you import a recipe by URL, we fetch the page from the recipe site you provided. That site's own privacy practices apply to that fetch.

    4. Recipe sharing

    When you generate a public share link for one of your recipes (a Premium feature), the recipe's title, description, ingredients, instructions, photo, and the name of the sender (you) become readable by anyone who has the link. Notes, tags, and your favourite status are not exposed. You can invalidate a share link at any time by deleting the underlying recipe.

    5. Data storage & security

    • Passwords hashed with bcrypt (irreversible)
    • JWT tokens stored in encrypted device storage (iOS Keychain / Android Keystore on mobile, browser localStorage on web)
    • All API communication uses HTTPS / TLS encryption
    • Rate limiting and account lockout against brute-force login attempts
    • Parameterized database queries — no raw SQL with user input
    • HTTP security headers (HSTS, X-Frame-Options, X-Content-Type-Options) prevent clickjacking, MIME sniffing, XSS
    • Database backups taken daily by Railway; restore drills run periodically (see docs/LAUNCH_CHECKLIST.md)
    • Non-root database role for the application — the backend cannot drop tables

    6. Data sharing

    We do not sell your data. We share data only with the third-party processors listed in section 3 (each for the limited purpose described there), with parties you explicitly direct (e.g. recipients of share links you generate or recipe-share emails you send), and with law enforcement only if required by valid legal process.

    7. Your rights (CCPA / similar)

    You have the right to:

    • Know what personal data we collect (this policy)
    • Access / export your data — use Settings → Your data → Export my data (in the app or on the web) and we'll email you a JSON file of everything in your account, or email us to request it
    • Delete your data — use Settings → Danger zone → Delete account (in the app or on the web), or email us. You're signed out immediately and your account, recipes, collections, grocery list, meal plans, pantry, food log, and profile are permanently deleted within 7 days
    • Opt out of sale — we do not sell personal data, so this is automatic
    • Non-discrimination — we will not change the service you receive for exercising any of these rights

    To exercise any of these rights, email support@duskfieldstudios.com. We respond within 45 days.

    8. Data retention

    We retain your account data while your account is active. Account deletion signs you out immediately and permanently removes all your data within 7 days, except for transactional records (subscription history) we are required to keep for tax or audit purposes, which are retained per applicable accounting rules.

    9. Children's privacy

    DishBinder is for users 13 and older. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

    10. Recipe content disclaimer

    Recipes saved or generated in DishBinder are user-generated and AI-generated content. They are not nutritional, dietary, or medical advice. We make no representation that any recipe is safe for any specific allergy, intolerance, or medical condition. If you have food allergies or dietary restrictions, verify ingredients yourself before cooking.

    11. Changes

    We may update this policy. Material changes will be communicated via in-app notification or email at least 14 days before they take effect. The "Effective date" at the top of this page is updated on every revision.

    12. Contact

    Privacy questions, data export / deletion requests, or other concerns: support@duskfieldstudios.com.

    See also: Terms of Service · Subscription Terms · Refund Policy · Account Deletion

    ← Back to DishBinder