Effective date: 13 July 2026 · Last updated: 13 July 2026
This Privacy Policy explains what personal data OnlyChefs (“OnlyChefs”, “the app”, “we”, “us”) collects, why we collect it, who we share it with, and the rights you have. We are based in the European Union (Sweden), so the EU General Data Protection Regulation (“GDPR”) applies. We have written this in plain language wherever we can.
The controller responsible for your personal data is:
Eklund Lindberg AB
Marklundavägen 58, 283 45 Osby, Sweden
Swedish org. no. 559288-3705
Email: johan.lindberg@seamen.se
Data protection contact: We have not appointed a Data Protection Officer; for any data-protection matter please use the email above.
We only collect what we need to run the service. In detail:
| Category | What it includes |
|---|---|
| Account & identity | Your email address, an authentication identifier from our sign-in provider, your display name, your language preference, and your account creation date. |
| Social profile | Your unique @handle (public to other users only when you turn on discoverability), your discoverability setting, and your recipe-visibility setting (all / friends / none). All of these default to private. |
| Your content | Recipes you import or create (titles, ingredients, steps, times, categories, tags, dietary flags, nutrition values), the source URLs of imports, photos you upload and images we generate or suggest for a recipe, shopping lists, meal schedules, pantry items, nutrition goals, and the inputs you provide to the wine-pairing and health-coach features. |
| Import inputs | The web URLs, and the images you submit or share into the app, so we can extract a recipe from them. |
| Analytics & attribution (opt-in only — see §4) |
If, and only if, you consent: product-analytics events, screen views (as generic path patterns, never with your content or ids), feature usage, and device/OS information (via Google Firebase Analytics); plus a small set of install-attribution and “first-purchase” events (via Singular). This is off by default. |
| Subscription & billing | Your subscription and purchase status, obtained via RevenueCat and the Apple App Store / Google Play. We never receive or store your card or payment details — the app stores handle payment. |
| Technical & operational | IP address, device identifiers, timestamps, and server logs generated in the normal course of operating and securing the service. |
OnlyChefs is offline-first: much of your content lives on your device and is synced to our servers so it is available across your devices and not lost if you lose your phone.
Under the GDPR we must have a lawful basis for each use of your data. Here is the mapping:
| Purpose | Lawful basis |
|---|---|
| Creating and running your account; storing and syncing your recipes and content; importing recipes; generating nutrition, ingredient amounts, dietary flags, wine pairings and health-coach output; providing the social features you enable. | Performance of a contract (our Terms of Service) — GDPR Art. 6(1)(b). |
| Product analytics and install/purchase attribution. | Consent — GDPR Art. 6(1)(a). This is opt-in and you can withdraw it at any time (see §4 and §9). |
| Keeping the service secure, preventing fraud and abuse, diagnosing faults, and protecting the integrity of the service (e.g. server logs, rate limiting). | Legitimate interests — GDPR Art. 6(1)(f). We balance these against your rights. |
| Handling subscriptions and meeting accounting, tax and consumer-law obligations. | Contract and legal obligation — GDPR Art. 6(1)(b) and 6(1)(c). |
Analytics and attribution are opt-in and off by default. Nothing is collected for these purposes, and no analytics SDK is activated, until you actively grant consent.
Where consent is granted, data goes to two services, each for a narrow purpose:
Several features use automated systems (large language models and related services) to process the recipes and inputs you give us: extracting a recipe from a URL or a photo, estimating nutrition and ingredient amounts, classifying recipes and generating dietary flags, suggesting wine pairings, and powering the health-coach. To do this, the relevant content you submit (for example a recipe’s text, an imported page’s content, or a photo you provide) is sent to our AI processing providers described in §6.
We do not sell your personal data. We share it only with the service providers (“processors” and sub-processors) that we need to run OnlyChefs. Each acts on our instructions under a data-processing agreement. The recipients are:
| Recipient | Purpose | Region |
|---|---|---|
| Auth0 / Okta (migration to self-hosted Zitadel planned) | Authentication and sign-in. | US / EU |
| Our own servers | Hosting the API and database. | EU |
| Contabo (S3-compatible object storage) | Storing recipe and source images. | EU |
| OpenRouter (and the LLM providers it routes to) | AI recipe extraction, nutrition/amount estimation, classification, wine pairing, health-coach. | US / various |
| Jina AI | Fetching and reading web pages during URL imports. | US / various |
| Our internal recipe/media parser service | Processing imports from links and media. | EU |
| Pexels | Searching for stock images to suggest as a recipe photo. | US / various |
| Google Firebase Analytics (only with your consent — §4) | Product analytics. | US / EU |
| Singular (only with your consent — §4) | Install and purchase attribution. | US |
| Apple App Store & Google Play | Processing payments and managing subscriptions. | US / EU |
| RevenueCat | Verifying and managing your subscription status. | US |
We may also disclose data where we are legally required to (for example, to comply with a valid legal request), or as part of a business transfer (such as a merger or acquisition), in which case we will tell you.
Your recipe and source images are stored in the EU. Some of the providers listed in §6 are based in the United States or operate globally, so using OnlyChefs can involve transferring personal data outside the EU/EEA. Where that happens, we rely on appropriate safeguards — typically the European Commission’s Standard Contractual Clauses, and, where applicable, an adequacy decision or a certification such as the EU–US Data Privacy Framework. You can ask us for more detail using the contact in §13.
Under the GDPR you have the right to:
How to exercise your rights: contact us at johan.lindberg@seamen.se. To delete your account and associated data, please email us using that address and we will action your request. We respond to requests within the time limits the GDPR requires (normally one month).
OnlyChefs is not directed at young children. You must be at least 13 years old to use the app. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us and we will delete it.
We take reasonable and appropriate technical and organisational measures to protect your data, including encryption in transit (TLS/HTTPS), access controls, and limiting who can access production systems. No system can be guaranteed perfectly secure, but we work to keep your data safe and to respond quickly if something goes wrong.
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you in the app. Your continued use of OnlyChefs after an update means you accept the revised policy.
Questions about this policy or your data? Contact us at johan.lindberg@seamen.se, or by post at Eklund Lindberg AB, Marklundavägen 58, 283 45 Osby, Sweden.