Privacy Policy
Last updated: January 2025
1. Introduction
Plated Up ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our recipe management application, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
The data controller responsible for your personal data is the owner/operator of this Plated Up instance. For questions about data protection, please contact the administrator of this application.
3. Personal Data We Collect
We collect the following categories of personal data:
- Account Information: Email address, password (encrypted), first name, and surname
- Recipe Data: Recipes you create, including ingredients, instructions, images, and notes
- Usage Data: Shopping lists, meal plans, categories, and favourites
- Household Data: Information about household memberships and recipe sharing
- Technical Data: Session tokens for authentication purposes
4. Legal Basis for Processing
We process your personal data under the following legal bases (UK GDPR Article 6):
- Contract Performance: Processing necessary to provide you with the recipe management service you signed up for
- Legitimate Interests: To maintain security and improve our services
- Consent: Where you have given explicit consent for specific processing activities
5. How We Use Your Data
Your personal data is used to:
- Create and manage your user account
- Store and display your recipes, meal plans, and shopping lists
- Enable recipe sharing with household members and other users
- Send password reset emails when requested
- Maintain the security and integrity of our service
6. Data Retention
We retain your personal data for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems. Password reset tokens expire after 1 hour and are automatically deleted after use.
7. Third-Party Services
We use the following third-party services:
- Google Fonts: We load fonts (Roboto, Lora, Material Symbols) from Google's servers. Google may collect anonymised usage data. See Google's Privacy Policy.
8. Cookies and Session Data
We use essential cookies to maintain your logged-in session. These cookies are strictly necessary for the application to function and do not track your activity across other websites. Session cookies expire after 30 days of inactivity.
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data via your account settings
- Right to Erasure: Delete your account and all associated data
- Right to Data Portability: Export your data in a machine-readable format (JSON)
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
- Right to Lodge a Complaint: Contact the Information Commissioner's Office (ICO) if you believe your rights have been violated
10. Exercising Your Rights
You can exercise your rights through the following methods:
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Password encryption using bcrypt hashing
- Secure session management with JWT tokens
- HTTPS encryption for all data in transit
- Access controls ensuring users can only access their own data
12. Children's Privacy
Plated Up is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page.
14. Contact
For questions about this Privacy Policy or to exercise your data protection rights, please contact the administrator of this Plated Up instance.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.