RecipesGuidesBlog

Privacy Policy

Last updated:

This Privacy Policy explains what personal data we collect when you use the Aipa Plate website and mobile app, why we collect it, how we use it, and what rights you have. We try to keep it short and honest. If anything is unclear, write to us at aipa.plate@gmail.com.

Who we are (data controller)

Aipa Plate ("Aipa", "we", "us") operates the website at aipaplate.com and the Aipa Plate mobile applications.

For all questions about your personal data, contact us at aipa.plate@gmail.com.

The data controller is Maria Prodan, an individual residing in Spain. For all questions about your personal data, contact us at aipa.plate@gmail.com. The lead supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), https://www.aepd.es. An EU representative under GDPR Art. 27 is not required because the controller is established in the European Union.

What we collect

We collect the minimum we need to run the service:

  • Account data: email address you provide at sign-up.
  • Preferences: language, theme, and cookie consent choices.
  • Usage data (only with consent): page views, click events, device type, approximate region — collected via Google Analytics 4 in anonymized form.
  • Technical logs: short-lived server logs (IP address, user agent) used for security and abuse prevention. We do not link these logs to your account by default.
  • Content you submit: messages you send to support, photos you upload to the app for food recognition.

Why we collect it

We use your data only for the following purposes:

  • Provide the service: authentication, saving your preferences, generating personalized content.
  • Improve the product: understanding which articles and tools are useful through aggregated analytics.
  • Communicate with you: answer support emails, send transactional notifications you opt into.
  • Protect the service: detect abuse, prevent fraud, comply with law.

Legal basis (EU/UK GDPR)

Under GDPR Article 6, we rely on the following legal bases:

  • Performance of a contract — to provide the service you signed up for (account, preferences, content delivery).
  • Consent — for analytics and any future marketing cookies. You can withdraw consent at any time through the Cookie preferences link in the footer.
  • Legitimate interest — for short-lived security logs, fraud prevention, and aggregate product improvement.
  • Legal obligation — when we must respond to lawful requests from authorities.

How long we keep your data

  • Account data: until you delete your account or ask us to delete it.
  • Cookie consent record: 13 months (then we ask again).
  • Analytics data: up to 14 months (Google Analytics default).
  • Support emails: up to 24 months for quality and reference, then deleted.
  • Server logs: up to 90 days, then deleted or anonymized.

Who we share data with

We do not sell your personal data. We share it only with processors that help us run the service:

  • Google Cloud / Firebase — hosting, authentication, database, file storage.
  • Google Analytics — anonymized website analytics (only with your consent).
  • Adapty — subscription management for the mobile app.
  • Email provider — to deliver transactional emails.

International transfers

Our infrastructure runs in the United States and European Union regions of Google Cloud. If you are in the EU/UK, your data may be transferred to the US under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework, where applicable.

If you are in Russia, please read the dedicated section below about data localization.

Where data is transferred outside your region, we rely on the Standard Contractual Clauses adopted by the European Commission, the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where the recipient is certified.

Your rights (EU/UK GDPR)

To exercise any of these rights, write to aipa.plate@gmail.com. We respond within 30 days.

If you are in the EU, UK, or another jurisdiction with similar rules, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (right to be forgotten).
  • Restrict or object to certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
  • Withdraw consent at any time (this does not affect lawful processing already done).
  • Lodge a complaint with your local data protection authority.

Your rights (California — CCPA / CPRA)

If you are a California resident, you have the right to know what we collect, request deletion or correction of your data, and opt out of the sale or sharing of personal information.

We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly process data of consumers under 16.

You can exercise your rights by writing to aipa.plate@gmail.com. We will not discriminate against you for exercising any of these rights.

You also have the right to limit our use of sensitive personal information. We honor the Global Privacy Control (GPC) browser signal as a valid request to opt out of any sale or sharing.

Your rights (Russia — 152-ФЗ)

Russian users: please read this section carefully. Aipa Plate uses Google Cloud infrastructure located in the United States and European Union. We do not currently store personal data of Russian users on servers physically located in the Russian Federation, which is a requirement of Federal Law 152-ФЗ for primary processing.

We are not registered as a personal data operator with Roskomnadzor. If you are a Russian citizen and do not consent to your data being processed outside of the Russian Federation, please do not use the service. You can also write to aipa.plate@gmail.com to request deletion of any data we hold about you.

We do not direct marketing or paid services specifically at users in the Russian Federation.

Children

The service is not directed at children under 13 (United States, COPPA) or under 16 (European Union). We do not knowingly collect data from children. If you believe a child has provided us data, write to aipa.plate@gmail.com and we will delete it.

Security

We protect your data using industry standards: TLS encryption in transit, encryption at rest in Firebase, role-based access for staff, and regular security reviews. No system is 100% secure, but we treat your data with care.

Changes to this policy

We may update this Privacy Policy as the product evolves or laws change. When changes are material, we will notify you by email or by a banner on the site. The Last updated date at the top reflects the latest version.

Contact us

Questions, requests, or complaints: aipa.plate@gmail.com. We try to reply within five working days.

v25.0.3.11