Privacy Policy

Effective date: 13 July 2026 · Last updated: 13 July 2026

This Privacy Policy explains what personal data OnlyChefs (“OnlyChefs”, “the app”, “we”, “us”) collects, why we collect it, who we share it with, and the rights you have. We are based in the European Union (Sweden), so the EU General Data Protection Regulation (“GDPR”) applies. We have written this in plain language wherever we can.

Contents
  1. Who we are
  2. What data we collect
  3. Why we use it & lawful bases
  4. Analytics & consent
  5. AI recipe processing
  6. Who we share it with
  7. International transfers
  8. How long we keep it
  9. Your rights
  10. Children
  11. Security
  12. Changes to this policy
  13. Contact

1. Who we are (the data controller)

The controller responsible for your personal data is:

Eklund Lindberg AB
Marklundavägen 58, 283 45 Osby, Sweden
Swedish org. no. 559288-3705
Email: johan.lindberg@seamen.se

Data protection contact: We have not appointed a Data Protection Officer; for any data-protection matter please use the email above.

2. What data we collect

We only collect what we need to run the service. In detail:

CategoryWhat it includes
Account & identity Your email address, an authentication identifier from our sign-in provider, your display name, your language preference, and your account creation date.
Social profile Your unique @handle (public to other users only when you turn on discoverability), your discoverability setting, and your recipe-visibility setting (all / friends / none). All of these default to private.
Your content Recipes you import or create (titles, ingredients, steps, times, categories, tags, dietary flags, nutrition values), the source URLs of imports, photos you upload and images we generate or suggest for a recipe, shopping lists, meal schedules, pantry items, nutrition goals, and the inputs you provide to the wine-pairing and health-coach features.
Import inputs The web URLs, and the images you submit or share into the app, so we can extract a recipe from them.
Analytics & attribution
(opt-in only — see §4)
If, and only if, you consent: product-analytics events, screen views (as generic path patterns, never with your content or ids), feature usage, and device/OS information (via Google Firebase Analytics); plus a small set of install-attribution and “first-purchase” events (via Singular). This is off by default.
Subscription & billing Your subscription and purchase status, obtained via RevenueCat and the Apple App Store / Google Play. We never receive or store your card or payment details — the app stores handle payment.
Technical & operational IP address, device identifiers, timestamps, and server logs generated in the normal course of operating and securing the service.

OnlyChefs is offline-first: much of your content lives on your device and is synced to our servers so it is available across your devices and not lost if you lose your phone.

3. Why we use your data, and our lawful bases

Under the GDPR we must have a lawful basis for each use of your data. Here is the mapping:

PurposeLawful basis
Creating and running your account; storing and syncing your recipes and content; importing recipes; generating nutrition, ingredient amounts, dietary flags, wine pairings and health-coach output; providing the social features you enable. Performance of a contract (our Terms of Service) — GDPR Art. 6(1)(b).
Product analytics and install/purchase attribution. Consent — GDPR Art. 6(1)(a). This is opt-in and you can withdraw it at any time (see §4 and §9).
Keeping the service secure, preventing fraud and abuse, diagnosing faults, and protecting the integrity of the service (e.g. server logs, rate limiting). Legitimate interests — GDPR Art. 6(1)(f). We balance these against your rights.
Handling subscriptions and meeting accounting, tax and consumer-law obligations. Contract and legal obligation — GDPR Art. 6(1)(b) and 6(1)(c).

4. Analytics & consent

Analytics and attribution are opt-in and off by default. Nothing is collected for these purposes, and no analytics SDK is activated, until you actively grant consent.

Where consent is granted, data goes to two services, each for a narrow purpose:

5. AI recipe processing

Several features use automated systems (large language models and related services) to process the recipes and inputs you give us: extracting a recipe from a URL or a photo, estimating nutrition and ingredient amounts, classifying recipes and generating dietary flags, suggesting wine pairings, and powering the health-coach. To do this, the relevant content you submit (for example a recipe’s text, an imported page’s content, or a photo you provide) is sent to our AI processing providers described in §6.

These outputs are automated estimates. Nutrition values, ingredient-amount estimates, dietary flags, and health-coach suggestions are generated automatically and may be inaccurate or incomplete. They are not medical, nutritional, dietary, or allergen advice. Do not rely on them for allergies or for medical or dietary decisions — always verify independently and consult a qualified professional. See our Terms of Service for the full disclaimer.

6. Who we share your data with

We do not sell your personal data. We share it only with the service providers (“processors” and sub-processors) that we need to run OnlyChefs. Each acts on our instructions under a data-processing agreement. The recipients are:

RecipientPurposeRegion
Auth0 / Okta (migration to self-hosted Zitadel planned) Authentication and sign-in. US / EU
Our own servers Hosting the API and database. EU
Contabo (S3-compatible object storage) Storing recipe and source images. EU
OpenRouter (and the LLM providers it routes to) AI recipe extraction, nutrition/amount estimation, classification, wine pairing, health-coach. US / various
Jina AI Fetching and reading web pages during URL imports. US / various
Our internal recipe/media parser service Processing imports from links and media. EU
Pexels Searching for stock images to suggest as a recipe photo. US / various
Google Firebase Analytics (only with your consent — §4) Product analytics. US / EU
Singular (only with your consent — §4) Install and purchase attribution. US
Apple App Store & Google Play Processing payments and managing subscriptions. US / EU
RevenueCat Verifying and managing your subscription status. US
A note about TikTok. The app shows a read-only feed of public trending TikTok recipe content, which we gather on our own servers. We do not send any of your personal data to TikTok, and browsing that feed inside the app does not share your data with TikTok.

We may also disclose data where we are legally required to (for example, to comply with a valid legal request), or as part of a business transfer (such as a merger or acquisition), in which case we will tell you.

7. International transfers

Your recipe and source images are stored in the EU. Some of the providers listed in §6 are based in the United States or operate globally, so using OnlyChefs can involve transferring personal data outside the EU/EEA. Where that happens, we rely on appropriate safeguards — typically the European Commission’s Standard Contractual Clauses, and, where applicable, an adequacy decision or a certification such as the EU–US Data Privacy Framework. You can ask us for more detail using the contact in §13.

8. How long we keep your data

9. Your rights

Under the GDPR you have the right to:

How to exercise your rights: contact us at johan.lindberg@seamen.se. To delete your account and associated data, please email us using that address and we will action your request. We respond to requests within the time limits the GDPR requires (normally one month).

10. Children

OnlyChefs is not directed at young children. You must be at least 13 years old to use the app. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us and we will delete it.

11. Security

We take reasonable and appropriate technical and organisational measures to protect your data, including encryption in transit (TLS/HTTPS), access controls, and limiting who can access production systems. No system can be guaranteed perfectly secure, but we work to keep your data safe and to respond quickly if something goes wrong.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you in the app. Your continued use of OnlyChefs after an update means you accept the revised policy.

13. Contact

Questions about this policy or your data? Contact us at johan.lindberg@seamen.se, or by post at Eklund Lindberg AB, Marklundavägen 58, 283 45 Osby, Sweden.