1. Scope

This policy applies to information processed through the public website, authenticated account areas, recipe submission flows, tools (including kashrus-related tools), and related APIs served from the same Site. It does not apply to third-party sites we link to.

2. Information we collect

Depending on how you use the Site, we may process:

• Account and profile data — for example, email address, display name, authentication identifiers, and preferences you save to your profile, processed through our authentication provider (Supabase Auth).
• Recipe and community content — titles, descriptions, ingredients, instructions, images you upload, favorites, and similar content you submit or store on the Site.
• Glatt Bot and AI-assisted features — messages you send to Glatt Bot, related metadata (such as conversation identifiers and titles), and server logs needed to provide responses. These may be sent to model providers (for example, OpenAI) to generate replies.
• Technical and usage data — IP address, device and browser type, approximate location derived from IP, pages viewed, referring URLs, timestamps, and diagnostic data. We may use cookies or similar technologies for session management, security, and analytics.
• Support and transactional email — when we send service emails (such as sign-in links or invitations), our email delivery provider processes recipient addresses and delivery events.
• Error and performance diagnostics — if enabled, crash reports and performance data may be sent to an error-tracking vendor (for example, Sentry). This may include replay-style troubleshooting data (such as page interactions and console logs) when replay features are enabled in that tooling.
• Optional product analytics — if configured, event data and page views may be sent to an analytics vendor (for example, PostHog), which may include session replay depending on project settings.
• Optional session recording— if a third-party recorder (for example, Jam) is enabled for debugging, additional interaction data may be collected according to that vendor's practices.

3. How we use information

We use the information above to:

• Provide, secure, and improve the Site and its features.
• Create and maintain your account; authenticate requests.
• Publish and moderate recipes and other User Content.
• Operate Glatt Bot and similar tools, including safety, abuse prevention, and quality measurement.
• Send transactional messages (such as magic links) and respond to inquiries.
• Comply with law, enforce our Terms, and protect rights and safety.

Legal bases (EEA/UK/Switzerland): where GDPR-style laws apply, we rely on performance of a contract (providing the Site you request), legitimate interests (security, product improvement, and communications that are not required as contract), consent where required (for example, certain cookies or marketing if offered), and legal obligation where applicable.

4. How we share information

We share information with service providers who process it on our instructions, including:

• Supabase — database, authentication, file storage, and related infrastructure.
• Vercel (or comparable host) — application hosting and edge delivery.
• OpenAI — processing prompts and context to power Glatt Bot and certain import or analysis features when those features are enabled.
• Resend (or comparable provider) — transactional email delivery.
• PostHog — product analytics when enabled.
• Sentry — error monitoring when enabled.
• Jam or similar — optional session capture when enabled.

We may also disclose information if required by law, to respond to lawful requests, or to protect the rights, safety, and security of users and the public. If the Site operator undergoes a business transaction (such as a merger), information may transfer as part of that transaction with appropriate safeguards.

We do not sell your personal information for money as a primary business model. We also do not use sensitive profile data to infer religious rulings or personalized halachic outcomes.

5. Retention

We retain information for as long as your account is active, as needed to provide the Site, and as required to comply with law, resolve disputes, and enforce agreements. Recipe content and backups may persist for a period after deletion due to technical retention. Glatt Bot conversation history may be stored to let you resume chats until you delete it or we delete it under our data practices.

6. Security

We implement reasonable technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Children

The Site is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

8. International transfers

We may process and store information in the United States and other countries where we or our vendors operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

9. Your choices and rights

Depending on your location, you may have the right to:

• Access, correct, or delete certain personal information.
• Object to or restrict certain processing, or withdraw consent where processing is consent-based.
• Export machine-readable copies of information you provided (data portability), where applicable.
• Lodge a complaint with a supervisory authority.

Many account-related details can be reviewed or updated in your profile when signed in. For other requests, contact us using the information below. We may need to verify your identity before fulfilling requests.

You can also limit some tracking through browser controls (for example, blocking third-party cookies) and extension/ad-block settings. Disabling certain cookies may affect sign-in and other Site features.

10. U.S. state privacy notices

Residents of certain U.S. states (including California, Colorado, Connecticut, Virginia, and Utah, among others) may have additional rights under local law, such as the right to know, delete, or correct personal information, and to opt out of certain types of sharing defined as "sale" or "targeted advertising" under those laws. We do not knowingly sell personal information of minors under 16. To exercise rights, contact us below. You may designate an authorized agent where permitted by law.

11. Cookies and similar technologies

We use cookies and similar technologies for authentication, security, preferences (such as theme), and—when enabled—analytics. Browser settings may let you refuse some cookies; blocking required cookies can prevent parts of the Site from working.

If session replay is enabled in analytics or diagnostics tooling, privacy controls such as masking and redaction are used where configured by those providers, but no automated masking is perfect.

12. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top will change when we do. If changes are material, we will provide additional notice as appropriate (for example, a banner or email where we have your address).

13. Contact

For privacy-related requests or questions: Contact the site operator using the primary support or administrative channel for this website.

1. Scope

This policy applies to information processed through the public website, authenticated account areas, recipe submission flows, tools (including kashrus-related tools), and related APIs served from the same Site. It does not apply to third-party sites we link to.

2. Information we collect

Depending on how you use the Site, we may process:

• Account and profile data — for example, email address, display name, authentication identifiers, and preferences you save to your profile, processed through our authentication provider (Supabase Auth).
• Recipe and community content — titles, descriptions, ingredients, instructions, images you upload, favorites, and similar content you submit or store on the Site.
• Glatt Bot and AI-assisted features — messages you send to Glatt Bot, related metadata (such as conversation identifiers and titles), and server logs needed to provide responses. These may be sent to model providers (for example, OpenAI) to generate replies.
• Technical and usage data — IP address, device and browser type, approximate location derived from IP, pages viewed, referring URLs, timestamps, and diagnostic data. We may use cookies or similar technologies for session management, security, and analytics.
• Support and transactional email — when we send service emails (such as sign-in links or invitations), our email delivery provider processes recipient addresses and delivery events.
• Error and performance diagnostics — if enabled, crash reports and performance data may be sent to an error-tracking vendor (for example, Sentry). This may include replay-style troubleshooting data (such as page interactions and console logs) when replay features are enabled in that tooling.
• Optional product analytics — if configured, event data and page views may be sent to an analytics vendor (for example, PostHog), which may include session replay depending on project settings.
• Optional session recording— if a third-party recorder (for example, Jam) is enabled for debugging, additional interaction data may be collected according to that vendor's practices.

3. How we use information

We use the information above to:

• Provide, secure, and improve the Site and its features.
• Create and maintain your account; authenticate requests.
• Publish and moderate recipes and other User Content.
• Operate Glatt Bot and similar tools, including safety, abuse prevention, and quality measurement.
• Send transactional messages (such as magic links) and respond to inquiries.
• Comply with law, enforce our Terms, and protect rights and safety.

Legal bases (EEA/UK/Switzerland): where GDPR-style laws apply, we rely on performance of a contract (providing the Site you request), legitimate interests (security, product improvement, and communications that are not required as contract), consent where required (for example, certain cookies or marketing if offered), and legal obligation where applicable.

4. How we share information

We share information with service providers who process it on our instructions, including:

• Supabase — database, authentication, file storage, and related infrastructure.
• Vercel (or comparable host) — application hosting and edge delivery.
• OpenAI — processing prompts and context to power Glatt Bot and certain import or analysis features when those features are enabled.
• Resend (or comparable provider) — transactional email delivery.
• PostHog — product analytics when enabled.
• Sentry — error monitoring when enabled.
• Jam or similar — optional session capture when enabled.

We may also disclose information if required by law, to respond to lawful requests, or to protect the rights, safety, and security of users and the public. If the Site operator undergoes a business transaction (such as a merger), information may transfer as part of that transaction with appropriate safeguards.

We do not sell your personal information for money as a primary business model. We also do not use sensitive profile data to infer religious rulings or personalized halachic outcomes.

5. Retention

We retain information for as long as your account is active, as needed to provide the Site, and as required to comply with law, resolve disputes, and enforce agreements. Recipe content and backups may persist for a period after deletion due to technical retention. Glatt Bot conversation history may be stored to let you resume chats until you delete it or we delete it under our data practices.

6. Security

We implement reasonable technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Children

The Site is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

8. International transfers

We may process and store information in the United States and other countries where we or our vendors operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

9. Your choices and rights

Depending on your location, you may have the right to:

• Access, correct, or delete certain personal information.
• Object to or restrict certain processing, or withdraw consent where processing is consent-based.
• Export machine-readable copies of information you provided (data portability), where applicable.
• Lodge a complaint with a supervisory authority.

Many account-related details can be reviewed or updated in your profile when signed in. For other requests, contact us using the information below. We may need to verify your identity before fulfilling requests.

You can also limit some tracking through browser controls (for example, blocking third-party cookies) and extension/ad-block settings. Disabling certain cookies may affect sign-in and other Site features.

10. U.S. state privacy notices

Residents of certain U.S. states (including California, Colorado, Connecticut, Virginia, and Utah, among others) may have additional rights under local law, such as the right to know, delete, or correct personal information, and to opt out of certain types of sharing defined as "sale" or "targeted advertising" under those laws. We do not knowingly sell personal information of minors under 16. To exercise rights, contact us below. You may designate an authorized agent where permitted by law.

11. Cookies and similar technologies

We use cookies and similar technologies for authentication, security, preferences (such as theme), and—when enabled—analytics. Browser settings may let you refuse some cookies; blocking required cookies can prevent parts of the Site from working.

If session replay is enabled in analytics or diagnostics tooling, privacy controls such as masking and redaction are used where configured by those providers, but no automated masking is perfect.

12. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top will change when we do. If changes are material, we will provide additional notice as appropriate (for example, a banner or email where we have your address).

13. Contact

For privacy-related requests or questions: Contact the site operator using the primary support or administrative channel for this website.