Introduction
Wellnoria AB ("we," "us," or "our") operates Daily Simmer ("the Service"), a web application for AI-powered recipe creation and management. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using Daily Simmer, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.
Definitions
- Account - A unique account created for you to access our Service.
- Company - Wellnoria AB, registered in Sweden, referred to as "the Company," "we," "us," or "our" in this policy.
- Personal Data - Any information that relates to an identified or identifiable individual.
- Service - The Daily Simmer web application, accessible at dailysimmer.com.
- Service Provider - A third-party company or individual employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used.
- Usage Data - Data collected automatically, generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- You - The individual accessing or using the Service.
Information We Collect
Account Information
When you create an account, we collect your email address, display name, and profile image through our authentication provider, Clerk. You may sign in using Google, Apple, or email-based authentication. We store your account identifier and profile details to provide a personalized experience.
Recipe and Content Data
We collect and store the recipes you create, edit, and save within the Service. This includes recipe titles, ingredients, instructions, labels, images, and any other content you provide. We also store chat messages exchanged with the AI assistant, imported recipes from external URLs, and images you upload.
Usage Data
We automatically collect certain information when you visit, use, or navigate the Service. This information does not reveal your specific identity but may include your IP address, browser type and version, device information, operating system, referring URLs, pages visited, and timestamps of your interactions.
AI Interaction Data
When you interact with the AI recipe assistant, your chat prompts and recipe content are sent to Google Gemini models via OpenRouter for recipe generation and modification. Image generation prompts are derived from your recipe data to create recipe images. These interactions are processed by third-party AI providers as described in the Third-Party Service Providers section.
Payment Data
Subscription billing is handled entirely by Polar.sh. We store your subscription status and plan type to manage access to premium features. We do not collect, store, or process payment card details directly. All payment information is managed by Polar.sh in accordance with their privacy policy.
Analytics Data
We use PostHog (EU-hosted instance) to collect interaction data for analytics purposes. This data collection is subject to your cookie consent preferences. Analytics data helps us understand how the Service is used and identify areas for improvement.
Cookies and Local Storage
We use cookies and local storage for the following purposes:
- Essential: Authentication tokens managed by Clerk are required for the Service to function. These cannot be disabled.
- Preferences: We store your theme preference (
receptia-theme), language selection (receptia-language), and promotional banner dismissal states in local storage to remember your settings across sessions. - Analytics: PostHog sets cookies to collect usage analytics. These are only activated with your explicit consent through our cookie consent mechanism.
- Advertising: We do not use any advertising cookies or tracking technologies.
How We Use Your Information
We use the information we collect for the following purposes:
- Provide and operate the Service, including account management, recipe storage, and content delivery
- AI recipe generation and modification, where your chat messages and recipe content are sent to Google AI APIs to generate and refine recipes
- Image generation, where recipe data is used to create prompts for generating recipe images
- Process subscriptions and billing through our payment provider Polar.sh
- Internal analytics on aggregated data, such as popular recipe labels and general usage patterns. We do not analyze individual recipe content for analytics purposes
- Send service-related emails via Resend, including transactional notifications relevant to your account
- Security, rate limiting, and abuse prevention to protect the Service and its users
Third-Party Service Providers
We share data with the following third-party providers to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, profile image |
| Convex | Backend/database | All application data |
| Google Generative AI | AI chat and image generation | Chat messages, recipe content, image prompts |
| OpenRouter | AI model routing | Chat messages, recipe content |
| Polar.sh | Subscription billing | Email, subscription status |
| PostHog | Analytics (EU) | Usage events (with consent) |
| Resend | Transactional email | Email address |
| Cloudflare | Hosting, CDN, R2 storage | All served content, uploaded images |
Each provider processes data in accordance with their own privacy policies and our data processing agreements.
Data Sharing
We share your personal data only in the following circumstances:
- With Service Providers: We share data with the third-party providers listed above solely for the purpose of operating and improving the Service.
- Business Transfers: If the Company is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
- Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (for example, a court or government agency).
We do not sell your personal data to third parties. We do not use your content to train AI models. Your recipes, chat messages, and other content remain yours.
Data Retention
We retain your personal data for as long as your account is active and as needed to provide you with the Service. When you delete your account, we initiate deletion of your personal data through our Clerk webhook cascade, which removes your account data, recipes, chat history, and associated content from our systems.
Usage data and analytics information may be retained for a shorter period for aggregate statistical analysis, after which it is anonymized or deleted.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. Specifically:
- European Union: PostHog (EU instance) and certain Convex infrastructure process data within the EU.
- United States: Cloudflare, Google AI, and OpenRouter process data in the United States.
Where data is transferred outside the European Economic Area, we rely on standard contractual clauses and other appropriate safeguards to ensure an adequate level of data protection.
Security
We implement appropriate technical and organizational security measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- HTTP Strict Transport Security (HSTS) enforcement
- Security headers including X-Frame-Options: DENY, X-Content-Type-Options: nosniff, and strict Referrer-Policy
- Rate limiting to prevent abuse
- JWT-based authentication through Clerk with secure token handling
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
Children's Privacy
The Service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers. If you believe we have collected data from a minor, please contact us immediately.
Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:
- Right of Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to Erasure: You have the right to request that we erase your personal data under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
- Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions.
- Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us at support@dailysimmer.com. We will respond to your request within 30 days. Account erasure requests will be processed within 30 days of verification.
California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: You have the right to request that we disclose what personal information we collect, use, and share about you.
- Right to Delete: You have the right to request deletion of the personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information if we ever change this practice.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To exercise your rights, contact us at support@dailysimmer.com.
Links to Other Websites
The Service may contain links to other websites or allow you to import recipes from external URLs. We are not responsible for the privacy practices of third-party websites. When you import a recipe from an external URL, we access that URL to retrieve recipe data but do not share your personal information with the external site. We encourage you to review the privacy policies of any third-party sites you visit.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where appropriate, notifying you via email or an in-app notification.
We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, you can contact us:
- Email: support@dailysimmer.com
- Mail: Wellnoria AB, Kyndelgrand 19, 135 36 Tyreso, Sweden