Eat Verdure
Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Eat Verdure ("we", "us", "our") operates the website at eatverdure.com. We are the data controller responsible for your personal data. For privacy-related matters, contact us at [email protected].

2. Data We Collect

We collect the following personal data:

  • Account data — name and email address when you register, or name and email provided by Google if you sign in with Google OAuth.
  • Recipe data — the prompts you submit and the recipes generated for your account.
  • IP address — collected temporarily for rate limiting purposes (to prevent abuse of the free tier).
  • Terms acceptance — date and time you accepted these Terms of Service at registration.

3. Legal Basis and Purposes

We process your personal data on the following legal bases (Article 6 GDPR):

  • Account data (name, email) — contract performance (Art. 6(1)(b)): necessary to provide the Service and maintain your account.
  • Recipe data (prompts and generated content) — contract performance (Art. 6(1)(b)): necessary to display and save your recipe collection.
  • IP address — legitimate interest (Art. 6(1)(f)): used to enforce the guest usage limit and prevent abuse of the free tier.
  • Terms acceptance timestamp — legal obligation (Art. 6(1)(c)): required to maintain a demonstrable record of consent to our Terms of Service.

4. Third-Party Services

We use the following third-party services that may process your personal data:

  • Google OAuth — for sign-in via Google.
  • MongoDB Atlas (Google Cloud) — our database, hosted within the EU.
  • Google Cloud Run / Cloud Storage — hosting and image storage, EU region.
  • Anthropic — your recipe prompts are sent to Anthropic's API to generate recipe text.
  • OpenAI — recipe image prompts are sent to OpenAI's API to generate photographs.
  • Paddle (paddle.com) — payment processing. When you purchase a subscription, Paddle processes your billing information (email address, country, and payment method details) as Merchant of Record. Paddle's privacy policy applies to this data: paddle.com/privacy.

5. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). Specifically:

  • Anthropic (United States) — your recipe prompts are transferred to the US for AI processing. Anthropic provides appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.
  • OpenAI (United States) — image generation prompts are transferred to the US. OpenAI provides appropriate safeguards through Standard Contractual Clauses (SCCs).
  • By using the Service, you acknowledge that your data may be transferred to and processed in the United States. We only use providers that offer appropriate safeguards under applicable data protection law.

6. Cookies and Local Storage

We use browser localStorage (not cookies) to store your language preference and consent status. No tracking or advertising cookies are used. NextAuth uses a session cookie for authentication — this is strictly necessary for the login function.

7. Data Retention

We retain your account data and recipes for as long as your account is active. You may request deletion of your account and associated data at any time.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your account and personal data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdrawal of consent — withdraw consent at any time where processing is consent-based.
  • Lodge a complaint — if you believe your data is being processed unlawfully, you may lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). If you reside in another EU/EEA country, you may also contact your local data protection authority.

9. Data Security

We use industry-standard measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls on our database.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will always reflect the most recent revision.

11. Contact

For any privacy questions or data requests, contact us at [email protected].

Terms of Service →Back to home