Privacy Policy

1. Introduction & scope

We care about your privacy and aim to be transparent about our data practices. This Policy applies to personal information we process about users of the Service. It does not apply to third-party websites, products, or services that we do not control, even if they link to or from the Service. By using the Service, you acknowledge the practices described here.

2. Who is responsible for your data

Tritium Technologies is the controller responsible for your personal information. You can reach us about privacy at privacy@simmmer.com. For general support, use support@simmmer.com.

3. Information we collect

(a) Information you provide

• Account information: your email address and password, or, if you sign in with a third party such as Google, the account identifier and basic profile information (such as name and email) that the provider shares with us. Passwords are handled by our authentication provider and stored in hashed form; we do not have access to your plain-text password.
• Profile & preferences: display name, date of birth, country of residence, household size, time zone, measurement units and style, dietary restrictions, preferred and avoided cuisines, typical time budget, and appearance settings (theme, accent color).
• Your content: favorites, folders and their contents, shopping lists, meal logs (including servings and ratings), notes, your “tonight’s situation” selections, and other content you create.
• Communications: information you provide when you contact us (for support, feedback, or legal/privacy requests).

(b) Information collected automatically

• Usage & search activity: searches you run, result counts, features you use, and timestamps. We use this to operate features (such as enforcing free-tier limits) and to improve the Service.
• Device & log data: IP address, browser and device type, operating system, language, referring pages, and similar technical information generated when you use the Service.
• Cookies & local storage: see Section 4.
• Analytics: we use a privacy-conscious analytics service (Vercel Analytics) to understand aggregate usage and performance.

(c) Payment information

If you purchase a subscription, payment is processed by our payment processor, Stripe. Stripe collects and processes your payment details (such as card information) under its own privacy policy. We do not store your full card number. We retain limited billing data such as a customer or subscription identifier, plan, status, and renewal dates to manage your subscription.

(d) Authentication & third-party sign-in

We use a third-party authentication provider (Supabase) to manage sign-in and sessions. If you sign in with Google, Google shares certain account information with us as permitted by your settings, and your use of Google sign-in is also subject to Google’s privacy policy.

(e) Voice search

If you use voice search, your browser’s built-in speech-recognition feature converts your speech to text. Depending on your browser, your audio may be sent to and processed by the browser vendor’s speech service (for example, Google for Chrome) under their terms. We receive only the transcribed text of your query; we do not record or store your audio.

(f) Sensitive information

Some information we collect, such as your date of birth, country, and dietary preferences, may be considered sensitive in some jurisdictions (for example, dietary choices can imply health or religious information). We collect it only for the purposes described in this Policy (such as personalizing recommendations and gating age-restricted content) and do not sell it or use it for advertising.

4. Cookies & local storage

We use cookies and similar technologies (including your browser’s local storage) for essential purposes, such as keeping you signed in, maintaining your session and security, remembering your preferences (for example, your appearance settings, situation panel state, and ingredient check-offs), and measuring aggregate usage. Most cookies we use are strictly necessary to provide the Service. You can control cookies through your browser settings, but disabling some may impair the Service (for example, you may not be able to stay signed in).

5. How we use your information

We use personal information to:

• provide, operate, maintain, and secure the Service and your account;
• personalize recipe discovery and recommendations based on your preferences and activity;
• enforce plan limits (such as the free-tier daily search and favorite limits);
• power features such as meal history and nutrition summaries;
• determine whether you may view alcohol-related content, using your date of birth and country;
• process subscriptions and payments and manage billing;
• communicate with you about your account, updates, security, and support;
• analyze and improve the Service, develop new features, and debug;
• detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
• comply with legal obligations and enforce our agreements.

6. Legal bases for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases: performance of a contract (to provide the Service you request); legitimate interests (to secure, analyze, and improve the Service, and to prevent fraud and abuse), balanced against your rights; consent (where we ask for it, such as certain optional features — you may withdraw consent at any time); and compliance with legal obligations.

7. How we share information

We share personal information only as described here:

• Service providers (processors) who perform services on our behalf under contract, including: cloud database, authentication, and storage (Supabase); application hosting and analytics (Vercel); and payment processing (Stripe). They may process your information only on our instructions and for the purposes of providing their services.
• Third-party sign-in (such as Google) when you choose to use it, as described above.
• Legal & safety: to comply with law, legal process, or government requests; to enforce our Terms; or to protect the rights, property, or safety of Simmmer, our users, or others.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
• Aggregated or de-identified information that cannot reasonably identify you, which we may use and share for any purpose.
• With your direction or consent, such as when you share a recipe link.

8. We do not sell your information

We do not sell your personal information for money, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California and other U.S. state privacy laws. We also do not serve third-party targeted advertising in the Service.

9. How long we keep your information

We keep personal information for as long as your account is active or as needed to provide the Service. You can delete your account at any time from Settings → Account; when you do, we delete or de-identify your personal information within approximately 30 days, except where we must retain certain data to comply with legal, tax, accounting, or regulatory obligations, to resolve disputes, to prevent fraud and abuse, or to enforce our agreements. Backups are deleted on a rolling basis.

10. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and reputable infrastructure providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If we become aware of a breach affecting your information, we will notify you and authorities as required by law.

11. International data transfers

We and our service providers are based in or process data in the United States and potentially other countries. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and elsewhere, where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers. By using the Service, you understand that your information may be processed in the United States.

12. Your rights & choices

You can access and update much of your information directly in Settings, and delete your account from Settings → Account. Depending on where you live, you may also have rights to:

• access the personal information we hold about you and obtain a copy;
• correct inaccurate information;
• delete your information;
• restrict or object to certain processing;
• data portability;
• withdraw consent where processing is based on consent;
• lodge a complaint with your local data-protection authority (EEA/UK users).

To exercise these rights, email privacy@simmmer.com. We may need to verify your identity before responding, and we will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

13. U.S. state privacy rights

If you are a resident of California or another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, and others), you may have the rights to know/access, delete, and correct your personal information; to opt out of the sale or “sharing” of personal information and of targeted advertising and certain profiling; and to limit the use of sensitive personal information. As described in Section 8, we do not sell or share your personal information for targeted advertising, and we use sensitive information only for the limited purposes described in this Policy. You have the right not to receive discriminatory treatment for exercising these rights, you may use an authorized agent to submit a request, and (where provided by law) you may appeal a decision by replying to our response. To make a request, email privacy@simmmer.com.

14. Children’s privacy

The Service is intended for users 13 years of age and older and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are under the age of majority where you live, you may use the Service only with the consent and involvement of a parent or legal guardian. If you believe a child under 13 has provided us personal information, please contact privacy@simmmer.com and we will take steps to delete it. We use date of birth and country only to provide the Service and to gate age-restricted (alcohol-related) content.

15. Third-party services & links

The Service relies on third parties (such as Supabase, Vercel, Stripe, and Google) and may include links to or content from third parties (such as recipe data from TheMealDB and nutrition reference data from the U.S. Department of Agriculture). Those parties have their own privacy practices, which we do not control. We encourage you to review their policies. We are not responsible for the privacy practices of third parties.

16. Do Not Track & Global Privacy Control

Because there is no consistent industry standard for “Do Not Track,” we do not currently respond to DNT signals. As we do not sell or share personal information for targeted advertising, an opt-out preference signal (such as Global Privacy Control) does not change how we handle your data.

17. Changes to this policy

We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you (for example, by updating the “Last updated” date, posting a notice, or emailing you). Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

18. How to contact us

For privacy questions or to exercise your rights, email privacy@simmmer.com. For general support, email support@simmmer.com. You can also review our Terms of Service.