Privacy policy

Last updated: April 17, 2026

iwant2eat ("we", "the service") is a private recipe vault. This policy explains what personal data we collect, why, who we share it with, and how to remove it. It is written plainly; nothing here is hidden in fine print.

What we collect

Account data: your primary email address, an optional display name, first/last name, avatar image, and a password hash (we never see your plaintext password). If you sign in via Google or Facebook, we receive an identifier and the email address they share with us.
Recipe content: everything you paste, email, drop, or photograph into your vault — title, ingredients, steps, photos, notes, the verbatim original text, and any source URL. This is the whole point of the service.
Additional emails: secondary email addresses you verify so the inbox (recipe@iwant2eat.com) can ingest recipes forwarded from them.
Subscription data: Stripe customer identifier, subscription status, trial and renewal dates. We never see or store your card number — Stripe handles payment.
AI usage records: for every Claude API call made on your behalf, we record a timestamp, model name, token counts, estimated cost, and the question you typed (so you can see your own history on the AI budget page).
Basic analytics: we use Google Analytics 4 to count page views and understand which features are used. No recipe content is sent to GA4 — only URLs, referrers, approximate locations, and device types.

How we use it

To operate your personal recipe vault — store, display, search, and process your recipes.
To run AI features (Ask AI, Write combined recipe, recipe parsing on ingest) by forwarding the relevant recipe text and your query to Anthropic (Claude API).
To send transactional email from noreply@iwant2eat.com — account verification, password reset, ingest confirmations — via Mailgun.
To bill your subscription via Stripe.
To enforce fair-use AI-spend limits per account.

We do not sell your data, show you ads, train AI models on your recipes, or share your content with other iwant2eat users. Your collection is visible only to you.

Who we share it with

Anthropic — receives recipe text and your queries when you trigger AI features. Anthropic does not train on API data per their privacy policy.
Mailgun — sends outbound email and receives your inbound forwards to recipe@iwant2eat.com.
Stripe — processes subscription payments. Card data goes to Stripe directly; we only see subscription metadata.
Google / Facebook — only if you choose to sign in with them. They receive the fact that you authenticated, nothing about your recipes.
Google Analytics 4 — page-view and behavior analytics.

Where data lives

All account and recipe data is stored in a Postgres database on our server in the United States. Backups are local and encrypted. Images are stored as binary blobs in the same database — not on a public CDN and not shared externally.

Cookies

We use cookies strictly for authentication (keeping you signed in) and anti-forgery protection. Google Analytics sets its own cookies for measurement. There are no advertising or retargeting cookies.

How long we keep it

Account and recipe data stays until you delete it or close the account. Soft-deleted recipes are purged on a rolling schedule. AI usage records are kept for audit and billing-consistency purposes — typically no more than 12 months. Backups roll off within 30 days.

Your rights

Access — your whole collection is visible to you while logged in; your AI spend history is on the AI budget page.
Delete — you can delete any recipe at any time. For full account deletion, see /data-deletion.
Export — contact us and we will export your recipes as JSON.
Correct — edit any recipe or account field yourself.

Children

iwant2eat is not intended for anyone under 13.

Changes

We will post any material change here with an updated date. If the change is significant, we will email registered users.

Contact

Questions, requests, or complaints: privacy@iwant2eat.com.