Privacy Policy
Last updated: March 25, 2026
Swoodie (“we”, “our”, “us”) operates the Swoodie mobile application and the website swoodie.app (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
Data Controller: Swoodie. For data protection inquiries, contact privacy@swoodie.app.
By using our Service, you agree to the collection and use of information as described in this policy.
1. Information We Collect
a) Information You Provide
- Waitlist sign-up: When you join our waitlist, we collect your email address.
- Subscription purchases: When you subscribe to Swoodie Premium, payment is processed by the Apple App Store or Google Play Store. We do not directly collect or store your payment card details.
b) Automatically Collected Data
When you use Swoodie, we automatically collect:
- Usage data: Swipe history, saved favorites, ratings, comments, features used (such as Swipe Together sessions and Chef AI queries), and navigation patterns.
- Device information: Device type, operating system version, unique device identifiers, and IP address.
- Anonymous authentication: We create an anonymous account for you automatically — no email or password is required. This account is used to sync your data across sessions.
c) AI Feature Data
When you use our AI-powered features (Chef AI, recipe variations, nutrition estimation, Swoodie Scan photo analysis, meal planning), the text and images you submit (such as ingredient lists, recipe prompts, dietary preferences, or meal photos) are sent to our AI service providers for processing. Meal photos submitted via Swoodie Scan are processed in real-time and are not permanently stored on our servers. AI-generated meal plans, recipes, and nutritional estimates are for informational purposes only. We do not use this data to train AI models.
d) Photo Data
When you use Swoodie Scan, photos you take or select are:
- Converted to base64 format and sent to our secure backend for AI analysis
- Processed in real-time by our AI service provider (OpenAI)
- Not permanently stored — photos are discarded after analysis is complete
- Never shared with third parties beyond the AI processing provider
2. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Personalize your recipe recommendations
- Facilitate Swipe Together partner sessions
- Process subscription purchases
- Translate recipe content into your preferred language
- Analyze usage patterns and fix bugs
- Detect fraud, abuse, and enforce our Terms of Service
2b. Legal Basis for Processing (EU/EEA Users)
We process your personal data under the following legal bases:
- Contractual necessity (Art. 6(1)(b)): Account creation, recipe delivery, subscription management, favorites sync, meal plans, Swipe Together sessions
- Legitimate interest (Art. 6(1)(f)): Usage analytics, bug fixing, fraud detection, service improvement
- Consent (Art. 6(1)(a)): Waitlist email collection, analytics cookies on website
- Legal obligation (Art. 6(1)(c)): Tax/financial records for subscription transactions (processed by Apple/Google)
You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
3. Third-Party Services
We use third-party service providers to operate and improve the Service. These providers may process your data in the following capacities:
- Supabase (cloud infrastructure and database) — to store and manage your account data, favorites, ratings, meal plans, and usage data.
- OpenAI (AI service provider) — to power Chef AI recipe generation, recipe variations, nutrition estimation, and Swoodie Scan photo analysis. Text and images you submit to AI features are sent to OpenAI for processing.
- Google Gemini (AI service provider) — to power the AI Meal Planner feature. Dietary preferences and recipe data are sent to Google for processing.
- DeepL (translation service provider) — to translate recipe content into German and Polish. Recipe text is sent to DeepL for translation.
- Spoonacular (recipe data provider) — to provide recipe data, nutritional information, and ingredient details.
- TheMealDB (recipe data provider) — to provide additional recipe content.
- RevenueCat (subscription management) — to process and manage premium subscriptions, including purchase data, device identifiers, and subscription status.
- Vercel — hosts our website and provides anonymized performance analytics via Speed Insights.
- Apple App Store / Google Play — for app distribution and payment processing, subject to their own privacy policies.
We do not sell your personal information to third parties.
4. Cookies and Tracking Technologies
Our website (swoodie.app) uses the following technologies:
Essential
- Language preference storage (localStorage)
- Consent preference cookie (swoodie_consent)
Analytics
- Vercel Speed Insights — collects anonymized page performance data, device type, browser version, page load times. No personally identifiable information is collected. Data is processed by Vercel Inc. (USA). Privacy: https://vercel.com/legal/privacy-policy
Mobile App
- AsyncStorage — local device storage for preferences, cached recipes, and offline data. This data never leaves your device unless synced to your Supabase account.
- Supabase Anonymous Auth — creates a unique anonymous identifier for data synchronization. No personal information is collected.
You can manage cookie preferences at any time via the cookie settings link in the website footer.
5. Data Retention
- Account data: Retained while your account is active.
- Application logs: Automatically deleted after 30 days.
- Cached recipe data: Automatically expires after 2 hours.
- Meal plans: Retained until deleted by the user.
- Swoodie Scan photos: Processed in real-time and not permanently stored.
- AI Cookbook recipes: Retained until deleted by the user (soft-delete supported).
You may request deletion of your data at any time by contacting us.
6. Data Security
We implement appropriate technical measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Row-level security on all database tables
- Server-side API key storage (no API keys stored on your device)
- Rate limiting on all backend services
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6b. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected users without undue delay if the breach poses a high risk to their rights and freedoms
- Document all breaches, including their effects and remedial actions taken
Notification will be sent via the email address associated with your waitlist registration (if provided) or through an in-app notice.
6c. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. Our service providers and their locations:
| Provider | Location | Safeguards |
|---|---|---|
| Supabase | USA | SOC 2 Type II certified |
| OpenAI | USA | DPA, SCCs |
| Google (Gemini) | USA | EU SCCs, DPA |
| DeepL | Germany | EU-based, GDPR-native |
| Spoonacular | USA | Data Processing Agreement |
| RevenueCat | USA | SOC 2, DPA |
| Vercel | USA | DPA, SOC 2 |
For EU/EEA users, transfers to the US are protected by Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.
7. Your Rights
Depending on your jurisdiction (including GDPR and CCPA), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data
- Export your data in a portable format
- Object to processing based on legitimate interest
To exercise these rights, contact us at support@swoodie.app.
7b. Automated Decision-Making
Swoodie uses automated processing in the following ways:
- Recipe recommendations: Based on your swipe history, dietary filters, and allergen preferences. No profiling for marketing.
- AI meal planning: Generates meal plans based on your calorie target, goal mode, and favorite recipes.
- Nutrition estimation: AI estimates nutritional content from food photos and recipe data. These are estimates only and should not replace professional dietary advice.
- Allergen detection: Keyword-based ingredient scanning to flag potential allergens. May produce false positives — always verify ingredients yourself.
None of these automated processes produce legal effects or similarly significant effects on you. You may contact us to request human review of any automated decision.
8. Children’s Privacy
Swoodie is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page.
10. Contact Us
For general questions: support@swoodie.app
For data protection inquiries, data access requests, or to exercise your GDPR/CCPA rights:
Data Protection Contact: privacy@swoodie.app
Response time: Within 30 days of receiving your request
If you are located in the EU/EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority (DPA).
For users in Poland: Urząd Ochrony Danych Osobowych (UODO)
Website: https://uodo.gov.pl
See also: Terms of Service | Cookie Policy