Privacy Policy

This Privacy Policy explains how YummLens collects, uses, and safeguards your information when you use our mobile app and services.

Effective date: 2025 August 28th
App: YummLens (iOS and Android)

Who we are

YummLens is a mobile application that turns your food photos into step‑by‑step recipes using AI. For privacy inquiries, contact us at lukacsmedard@gmail.com (fast response, please include subject “[YUMMLENS]”), or support@yummlens.com (not monitored 24/7).

Data we collect

Account and Authentication

  • Email address and (if provided) name.
  • Authentication data, including OAuth identifiers for Apple/Google, session tokens, token expiration, and basic device metadata (IP address and user agent) for security.

Content you provide

  • Photos/images you upload to generate recipes.
  • Generated recipes, saved recipes, and recipe chat messages.
  • Dietary and cooking preferences (e.g., vegan, halal, equipment, measurement system), language preference, and any custom instructions you enter.

Usage and device information

  • App interactions and performance data (e.g., screens viewed, feature usage) and technical diagnostics.
  • Analytics events about AI generation (e.g., model used, token counts, latency, success/error); no payment card data is collected by us.

Notifications and marketing

  • Push token (Expo) and your preferences for reminders or marketing messages, including timing for reminders.

Purchases

  • Subscription status and product identifiers (managed through Apple App Store / Google Play and RevenueCat). We do not receive your full payment card details.

Communications

  • Support requests and email messages you send us.

How we use data

  • Provide core features: process your photos with AI to generate recipes, save and manage your recipe history, and personalize results.
  • Operate the app: authentication, fraud prevention, service reliability, and security.
  • Analytics and quality: understand feature usage, improve prompts and models, and measure performance.
  • Notifications: send opt‑in reminders and product messages, respecting your preferences.
  • Support: respond to your requests and resolve issues.

Legal bases (GDPR): performance of a contract (to provide the app), legitimate interests (security, service improvement), and consent (marketing notifications and, where required, analytics/session‑replay).

Sharing and processors

We do not sell your personal information. We share data with trusted processors to operate the app:

  • Cloud storage: Cloudflare R2 for storing uploaded images.
  • AI infrastructure: OpenRouter and model providers (e.g., Google Gemini, OpenAI) to process your images and prompts.
  • Analytics: PostHog for usage analytics; limited backend event logging for AI generation.
  • Push: Expo push service to deliver notifications.
  • Email: Resend to send transactional emails (e.g., password reset).
  • Subscriptions: RevenueCat to manage entitlements; Apple App Store / Google Play handle billing.
  • Hosting and databases: reputable cloud providers that help us run our servers and databases.

AI processing

To generate recipes, we send your uploaded images and instructions to third‑party AI providers via OpenRouter. We include only the data necessary for generation. We log minimal technical metrics (e.g., model name, token counts, latency, cost) to monitor performance and fairness. We do not use your content to train our own models beyond what is necessary to operate and improve the service. Model providers may retain data per their policies; we select vendors with strong security commitments.

Please avoid uploading photos that contain people or personal data. Review generated recipes for accuracy and allergens before cooking.

Analytics and session replay

We use PostHog to measure app usage and quality. We may enable session replay to better understand crashes and usability; this can include screen interactions and technical metadata. We take steps to avoid capturing sensitive inputs and do not collect payment card numbers. Where required by law, we seek consent before enabling analytics/session replay.

Notifications and marketing

We send push notifications only if you opt in. You can change your preferences in the app settings or your device settings at any time. Marketing messages are rate‑limited and localized; you can opt out at any time.

Purchases and subscriptions

Subscriptions are billed by Apple App Store or Google Play. We receive status information (e.g., active, expiration) via RevenueCat to grant features. Refunds are handled by the respective store in accordance with their policies.

Data retention

  • Account and preferences: retained while your account is active.
  • Uploaded images and recipes: retained to provide your history and features; removed upon account deletion or by request.
  • Technical logs and analytics: retained for up to 24 months unless we need longer for security or legal reasons.
  • Deleted accounts: we keep a minimal record of your email in a “deleted users” list to prevent re‑registration with the same email, to meet App Store requirements.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, and request data portability. You can:

  • Export your data from the in‑app settings (Profile → Data export),
  • Delete your account in the app (Profile → Delete account), or
  • Contact us using the emails below. Please include “[YUMMLENS]” in the subject line for faster handling.

For EU/EEA/UK residents, you can withdraw consent at any time without affecting prior lawful processing.

International transfers

We may transfer data to countries outside your own (e.g., to the United States) where our providers are located. When we do, we use appropriate safeguards such as Standard Contractual Clauses or rely on other lawful transfer mechanisms.

Security

We protect data with encryption in transit, access controls, and secure development practices. No method of transmission or storage is 100% secure, but we work to safeguard your information and promptly address incidents.

Children’s privacy

YummLens is not directed to children under 13 (or under 16 in some regions). We do not knowingly collect personal data from children. If you believe a child provided us data, contact us and we will take appropriate action.

Contact

Email: lukacsmedard@gmail.com (fast response, include “[YUMMLENS]”), or support@yummlens.com (not monitored 24/7).

View Terms of Service