Last updated: 10 March 2026
Yummonom ("we", "us", "our") operates the website at yummonom.com and associated mobile applications (collectively, "the Service"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Service.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account information — email address and password when you register
- Profile and preferences — dietary restrictions, skill level, favourite cuisines, and pantry items you configure in your profile
- User content — recipes you create or save, ratings, photos, captions, and shopping list items
- AI prompts — the text prompts you enter when generating recipes
- Payment information — billing details processed by Stripe (we do not store your full card number on our servers)
- Communications — messages you send through our contact form or to our support email
1.2 Information Collected Automatically
- Usage data — pages visited, features used, timestamps, and interaction patterns
- Device information — browser type, operating system, screen resolution, and device type
- IP address — used for security purposes and approximate geolocation
- Cookies — essential authentication cookies (see Section 6 below)
1.3 Information from Third Parties
- Stripe — subscription status, payment success/failure events, and customer identifiers
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Contract performance |
| Generating AI recipes based on your prompts | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Sending transactional emails (welcome, password reset, payment receipts) | Contract performance |
| Personalising recipe recommendations and search results | Legitimate interest |
| Analysing usage patterns to improve the Service | Legitimate interest |
| Detecting and preventing fraud, abuse, and security threats | Legitimate interest |
| Responding to support requests and feedback | Legitimate interest |
We do not use your personal data for marketing emails unless you explicitly opt in to receive them.
3. Data Sharing
We do not sell, rent, or trade your personal data to third parties. We share information only with the following service providers who are necessary to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription events, billing info |
| OpenAI | AI recipe and image generation | Recipe prompts and generation parameters (no personal identifiers) |
| Mailgun (EU region) | Transactional emails | Email address, email content |
| Google Analytics | Anonymous usage analytics | Anonymised usage and device data |
We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, the safety of our users, or the public.
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on secure infrastructure. We implement the following security measures:
- Encrypted connections (TLS/HTTPS) for all data in transit
- Hashed and salted passwords — we never store passwords in plain text
- Secure, HTTP-only authentication cookies
- Access controls limiting who can access production systems
- Regular security reviews and dependency updates
While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
- Account data — retained for as long as your account is active, plus a reasonable period afterwards to allow for account reactivation
- User content — retained until you delete it, or until your account is deleted. Communal recipes may persist independently as community content
- AI prompts — not stored permanently on our servers; transmitted to OpenAI at generation time
- Payment records — retained as required by tax and accounting regulations (typically 7 years)
- Analytics data — aggregated and anonymised; retained indefinitely
Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
6. Cookies
We use a minimal number of cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
payload-token | Essential | Authentication session | Session / 2 weeks |
_ga, _ga_* | Analytics | Google Analytics (anonymised) | Up to 2 years |
We do not use third-party advertising or tracking cookies. Essential cookies are required for the Service to function and cannot be disabled.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
7.1 For All Users
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your account and personal data
- Data portability — request your data in a structured, machine-readable format
7.2 Additional Rights for EU/UK Residents (GDPR/UK GDPR)
- Restrict processing — request that we limit how we use your data
- Object to processing — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
- Lodge a complaint — file a complaint with a supervisory authority (e.g. the UK Information Commissioner's Office at ico.org.uk)
To exercise any of these rights, contact us at support@yummonom.com. We will respond within 30 days.
7.3 Managing Your Data in the App
You can take the following actions directly within your account:
- Update your email, preferences, and pantry in Profile Settings
- Delete individual recipes, photos, and shopping list items
- Cancel your subscription via the Stripe customer portal
- Request full account deletion by contacting support@yummonom.com
8. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us.
9. International Data Transfers
Our servers are hosted in the European Union / United Kingdom. Some of our third-party service providers (OpenAI, Google) may process data in the United States. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users by email for significant changes
We encourage you to review this page periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Email: support@yummonom.com
- Contact form: yummonom.com/contact