Privacy Policy

1. Introduction

We value and respect your privacy. This Privacy Policy explains what personal data we collect, why we use it, how long we retain it, and how you can exercise your rights when using recipegen.co.uk and related services (the “Service”).

• Controller: WINTER WORLD LIMITED (Company No. 16133390), 16 Tiller Road, London, England, E14 8PX (“RecipeGen”, “we”, “us”, “our”).
• Contact: info@recipegen.co.uk
• Scope: This Policy applies to users of the Service. The Service is intended for individuals 18+.

2. Data we collect

We only collect the data needed to operate, secure, and improve the Service.

2.1. You provide directly

• Name and contact details (e.g., email).
• Account credentials (stored securely in hashed form).
• Billing details (billing address; optional VAT information for invoices).
• Inputs for plan generation: ingredients, exclusions, allergens, dietary preferences, cuisines, goals, cooking equipment, and other free-form prompts.
• Support requests and communications.

2.2. Collected automatically

• IP address, device and browser information, timezone, access logs, security telemetry (e.g., failed logins).
• Usage data: page views, clicks, token purchases/redemptions, generation attempts, error logs.

2.3. From third parties (as needed)

• Payment processors (transaction references, status; never full card numbers).
• Fraud-prevention/anti-abuse providers (risk signals).

Special category data. Information about allergies, dietary restrictions, medical conditions or religious dietary choices may constitute special category data. We only process such data when you choose to provide it to personalise outputs. See §3.2 for the legal basis and your choices.

3. Why we process your data & legal bases

We process personal data under the UK GDPR and Data Protection Act 2018 on the following bases:

3.1. Performance of a contract

• To register and maintain your account;
• To process token top-ups and deliver digital content (Meal Plans/PDFs);
• To provide customer support and handle refunds/queries.

3.2. Consent (including special category data)

• To use allergens/dietary details you input to tailor results;
• To send marketing emails/newsletters where you opt-in;
• To use your content/feedback for model improvement where you opt-in (we do not use your personal data for training/improvement unless you consent).

You can withdraw consent at any time via account settings or by contacting us (see §10).

3.3. Legitimate interests

• To keep the Service secure (fraud detection, abuse prevention, logging);
• To measure and improve Service performance and UX (aggregated analytics);
• To communicate important, non-marketing updates about the Service.

3.4. Legal obligation

• Tax, accounting, and compliance record-keeping;
• Responding to lawful requests from authorities.

4. AI, profiling and automated decisions

• The Service uses AI to generate meal plans based on your inputs. This involves automated processing and limited “profiling” to match recipes to your stated preferences and exclusions.
• We do not make legal or similarly significant decisions solely by automated means.
• You can opt out of using allergens/dietary inputs (but results may be less relevant). You can also request human review of support outcomes at any time.

5. Sharing and international transfers

We share data only as necessary to operate the Service:

• Payment processing: card acquirers/processors (e.g., Visa/Mastercard providers) – we receive transaction references/status, not full card details.
• Hosting & IT: secure cloud infrastructure, content delivery, and backups.
• Product & support tooling: analytics (in aggregated form), helpdesk, email delivery.
• Professional advisers: legal, accounting, compliance, if required.

Some providers may be located outside the UK/EEA. Where transfers occur, we implement appropriate safeguards (e.g., UK adequacy regulations, UK/EU Standard Contractual Clauses, and supplementary measures, as applicable).

We do not sell your personal data.

6. Cookies

We use cookies and similar technologies (e.g., localStorage) to run the Service, remember preferences, measure performance, and—where you consent—enable analytics/marketing. Essential cookies are required for basic functionality and security.

For details and controls, please see our Cookie Policy (link in the site footer).

7. Retention

• Orders, tokens & transactions: retained for at least 24 months, and up to 6 years where disputes, tax or enterprise records require.
• Account & profile data (incl. allergens/preferences): retained while your account is active and for a reasonable period after closure (typically up to 24 months) unless we need longer for legal or security reasons.
• Logs & security telemetry: typically 6–24 months, depending on purpose and risk.

We minimise and anonymise where feasible, then securely delete.

8. Your rights

Subject to legal limits, you have the right to:

• Access your data;
• Rectification (correction) of inaccurate data;
• Erasure (“right to be forgotten”);
• Restriction of processing;
• Data portability;
• Object to processing based on legitimate interests;
• Withdraw consent at any time (for marketing, allergens use, and model-improvement opt-ins).

How to exercise: email info@recipegen.co.uk from your account email. We may request proof of identity. We aim to respond within one month (extendable by two months for complex requests, with notice).

9. Security

We implement appropriate technical and organisational measures, including:

• Access controls, role-based permissions, MFA for admin interfaces;
• Encryption in transit (HTTPS/TLS) and at rest where applicable;
• Network segregation, firewalling, and regular backups;
• Logging/monitoring and incident response procedures;
• Vendor due diligence and contractual safeguards for processors.

No system can be 100% secure; we continuously improve our controls and promptly investigate incidents.

10. Children’s data

The Service is for users 18+. We do not knowingly collect data from children. If you believe a child has provided data to us, contact info@recipegen.co.uk so we can delete it.

11. Changes

We may update this Policy from time to time. Material changes will be notified by email and/or a prominent notice in the Service. Updates apply prospectively.

12. Contact & complaints