Eat Verdure
Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Eat Verdure (“we”, “us”, “our”) operates the website at eatverdure.com. We are the data controller responsible for your personal data. For privacy-related matters, contact us at [email protected].

2. Data We Collect

We collect the following personal data:

  • Account data — name and email address when you register, or name and email provided by Google if you sign in with Google OAuth.
  • Recipe data — the prompts you submit and the recipes generated for your account.
  • IP address — collected temporarily for rate limiting purposes (to prevent abuse of the free tier).
  • Terms acceptance — date and time you accepted these Terms of Service at registration.

3. Why We Collect It

Account data is used to authenticate you and associate your saved recipes with your account. Recipe data is used to display your recipe collection. IP addresses are used to enforce the guest limit and prevent abuse. Terms acceptance is stored as a legal record of consent.

4. Third-Party Services

We use the following third-party services:

  • Google OAuth — for sign-in via Google.
  • MongoDB Atlas (Google Cloud) — our database, hosted within the EU.
  • Google Cloud Run / Cloud Storage — hosting and image storage, EU region.
  • Anthropic — your recipe prompts are sent to Anthropic's API to generate recipe text.
  • OpenAI — recipe image prompts are sent to OpenAI's API to generate photographs.

5. Cookies and Local Storage

We use browser localStorage (not cookies) to store your language preference and consent status. No tracking or advertising cookies are used. NextAuth uses a session cookie for authentication — this is strictly necessary for the login function.

6. Data Retention

We retain your account data and recipes for as long as your account is active. You may request deletion of your account and associated data at any time.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your account and personal data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdrawal of consent — withdraw consent at any time where processing is consent-based.

8. Data Security

We use industry-standard measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls on our database.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will always reflect the most recent revision.

10. Contact

For any privacy questions or data requests, contact us at [email protected].

Terms of Service →Back to home