Privacy Policy

This Privacy Policy explains how Clean Dish handles information when you use the Clean Dish mobile application, website, and related services.

The controller responsible for processing personal data through Clean Dish is Cagdan Ileri. The controller can be contacted at admin@cleandish.app.

Information we collect

We may process the following categories of information:

• Account and device identifiers: an anonymous app identifier, a Firebase authentication identifier, language, and basic device or request information needed to operate and secure the service.
• Food and preference information: allergens, avoided and preferred ingredients, diet goals, cuisine preferences, calorie targets, and optional profile details used to estimate a calorie target.
• App activity: saved recipes, meal plans, shopping-list state, recipe interactions, cooking completion, feedback, and notes.
• Pantry photos: if you choose photo ingredient detection, the selected image is processed temporarily by our API and sent to OpenAI to identify visible food ingredients. We do not retain the photo in our database or object storage.
• Support communications: information you include when you contact us.

How we use information

We use information to:

• provide personalized recipe discovery, meal planning, and shopping lists;
• apply saved food preferences and exclusions;
• analyze pantry photos when you request that feature;
• operate, maintain, debug, and secure the service;
• respond to support and privacy requests; and
• comply with applicable legal obligations.

Legal bases

Where the GDPR applies, we rely on the following legal bases:

• Performance of the service: Article 6(1)(b) GDPR for data needed to provide the features you request, such as saved non-health preferences, recipe activity, meal plans, and shopping-list state.
• Explicit consent: Articles 6(1)(a) and 9(2)(a) GDPR for allergen information and optional calorie-profile information that may constitute health data. This information is not required to use Clean Dish.
• Consent for optional photo analysis: Article 6(1)(a) GDPR when you choose to send a pantry photo for AI analysis.
• Legitimate interests: Article 6(1)(f) GDPR for limited diagnostics, security, abuse prevention, and maintaining a reliable service.
• Legal obligations: Article 6(1)(c) GDPR where processing is necessary to meet an applicable legal requirement.

You may withdraw consent at any time. Withdrawal does not affect processing that was lawful before withdrawal.

Service providers

We rely on service providers that process information on our behalf or provide platform services. These currently include Amazon Web Services for hosting, Firebase for anonymous authentication, OpenAI for optional pantry image analysis.

These providers handle information under their own terms and privacy policies and contractual data-protection obligations. We do not sell personal data or use it for third-party advertising.

Pantry image requests to OpenAI are configured with response storage disabled. OpenAI may still temporarily process or retain limited data for security and abuse monitoring according to its applicable data-retention controls.

Retention and security

Saved preferences and app activity are generally retained while the associated anonymous app profile remains active, until you reset or delete the relevant data, or until the data is no longer needed to provide the service. Pantry photos are processed temporarily and are not retained in our database or object storage. Support correspondence and limited security records may be retained as needed to resolve the request, protect the service, establish or defend legal claims, and meet legal obligations.

We use technical and organizational safeguards intended to protect information. No storage or transmission method is completely secure.

Your choices and data-protection rights

You can update or reset saved preferences from the Profile screen. The “Delete All My Data” action permanently deletes the profile associated with your installation, including preferences, favorites, plans, shopping lists, recipe notes, feedback, cooking history, reports, interactions, recommendation data, and the associated authentication identity.

You can also contact us to exercise rights that apply to you, including access, correction, deletion, restriction, objection, data portability, and withdrawal of consent. Requests may require reasonable verification using the anonymous identifier associated with your installation.

Camera access is optional and can be changed in your device settings. You can continue using manual pantry entry without camera access.

You also have the right to lodge a complaint with a competent data-protection supervisory authority, including the authority responsible for your place of residence or the controller’s establishment.

Children

Clean Dish is intended for adults aged 18 and over. We do not knowingly offer the service to or collect personal data from children.

International processing

Some service providers may process information outside Germany or the European Economic Area. Where required, transfers are protected by an adequacy decision, the European Commission’s Standard Contractual Clauses, or another lawful transfer mechanism together with appropriate safeguards.

Automated processing and policy changes

Clean Dish uses automated processing to personalize recipe suggestions and identify ingredients in optional pantry photos. These features do not make decisions that produce legal or similarly significant effects about you.

We may update this policy as the service changes. The effective date above identifies the current version.

Contact

For privacy questions or requests, email admin@cleandish.app.