Privacy Policy
Effective date: March 16, 2026
Last updated: March 16, 2026
1. Who We Are and Scope
Remy ("we", "us", "our") provides a recipe manager and AI cooking assistant. This policy applies when you use our app, create an account, import recipes, chat with AI features, use voice features, or open share links. It does not apply to third-party websites or services we do not control.
2. Data We Collect
2.1 Information You Provide Directly
- Account details (for example: email address, display name, auth provider).
- Profile and preference data (for example: dietary preferences, allergies, cuisine interests, goals).
- User content (for example: recipe titles, ingredients, steps, notes, edits, imports, saved links).
- Support communications (for example: emails or bug reports you send us).
2.2 Information Generated Through Use of the Service
- App activity data (for example: feature usage, import events, error events, diagnostic telemetry).
- Subscription and purchase state (for example: plan status, entitlement flags, renewal timing).
- Device and technical information (for example: app version, device model, OS version, language).
2.3 Voice and AI Inputs
- Voice audio streams for speech-to-text when voice input is used.
- Text prompts and outputs required to provide AI recipe/chat/cooking responses.
We do not use your private recipe/chat content to publicly train models for third-party advertising profiles.
3. How We Use Personal Data
| Purpose | Examples | Legal Basis (EEA/UK) |
|---|---|---|
| Provide core service | Account creation, syncing recipes, rendering share pages | Contract performance |
| AI and voice features | Recipe chat, cooking guidance, speech processing | Contract performance, legitimate interests |
| Safety and abuse prevention | Fraud checks, system misuse detection, incident response | Legitimate interests, legal obligations |
| Billing and subscriptions | Entitlement verification, trial and renewal handling | Contract performance, legal obligations |
| Product improvement | Aggregate analytics, crash analysis, reliability improvements | Legitimate interests |
| Ad attribution and campaign measurement | Measuring which Meta and TikTok ads lead to installs, trials, subscriptions, and key in-app events | Consent where required, legitimate interests |
4. Third-Party Processors and Service Providers
We use service providers that process data on our behalf under contractual safeguards.
| Provider | Role | Typical Data Processed |
|---|---|---|
| Supabase | Authentication and database hosting | Account records, recipe content, preferences, app data |
| RevenueCat | Subscription state and receipt orchestration | Anonymous app user IDs, purchase/receipt metadata |
| PostHog | Product analytics and diagnostics | Usage events, app version, technical telemetry |
| Meta (Facebook) | Paid acquisition attribution and campaign measurement | Identifiers, app events, purchase/subscription signals, and device-level attribution data when tracking permission is granted |
| TikTok | Paid acquisition attribution and campaign measurement | Identifiers, app events, purchase/subscription signals, and device-level attribution data when tracking permission is granted |
| Deepgram | Speech-to-text processing | Voice input audio stream during transcription |
| Inworld AI | Text-to-speech processing | Text converted into generated speech output |
| Cerebras, Anthropic, xAI | Large language model inference | Recipe and chat text needed to produce AI responses |
| Apple | Platform services and app distribution | App Store purchase metadata, device/platform-level identifiers |
5. How and When We Disclose Data
- To processors and vendors that support the service.
- To advertising and measurement partners such as Meta and TikTok when you allow tracking and we need to measure ad campaign performance.
- When required by law, subpoena, court order, or regulator request.
- To protect rights, safety, and security of users, Remy, and the public.
- As part of a merger, acquisition, financing, or asset sale (with appropriate notice where required).
We do not sell personal information for money. If you grant tracking permission, we may share limited data with advertising partners for attribution, analytics, and campaign measurement.
6. International Data Transfers
Your data may be processed outside your country of residence. Where required, we use appropriate transfer mechanisms (such as contractual safeguards) for cross-border transfers.
7. Data Retention
| Data Category | Retention Approach |
|---|---|
| Account and profile data | Retained while account is active; deleted or anonymized after account deletion where feasible. |
| Recipe and chat content | Retained to provide product features; removed on account deletion subject to backup lifecycle windows. |
| Subscription records | Retained as needed for accounting, tax, and compliance obligations. |
| Logs and telemetry | Retained for limited periods needed for security, debugging, and service reliability. |
8. Security Measures
We use technical and organizational safeguards, including encryption in transit, controlled production access, and monitoring for abuse and operational incidents. No system can guarantee absolute security.
9. Your Rights and Choices
9.1 All Users
- Access, correct, or update account information in-app when available.
- Delete your account in Profile > Settings > Delete Account.
- Decline app tracking in the iOS ATT prompt or later in iOS Settings > Privacy & Security > Tracking.
- Contact us to request support for data rights workflows.
9.2 EEA/UK Rights
Depending on your location, you may have rights to access, correction, deletion, restriction, objection, portability, and withdrawal of consent where consent applies. You may also lodge a complaint with your local supervisory authority.
9.3 California Privacy Rights
California residents may have rights to know, access, delete, and correct personal information, and to receive equal service for exercising rights. We do not sell personal information for money. If you permit tracking, we may share limited identifiers and event data with advertising partners for ad attribution and campaign measurement.
10. Children's Privacy
Remy is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us and we will take appropriate deletion steps.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will post the revised version with an updated "Last updated" date. Material changes may also be communicated in-app.
12. Contact and Data Requests
For privacy questions or rights requests, contact:
support@getremy.app