Privacy Policy

When you create an account and use Spoonjoy, we store:

• Account details: your email address and username. Passwords are stored only as a salted hash, never in plain text.
• Sign-in methods you choose to connect: passkeys (WebAuthn credentials) and OAuth provider account identifiers from Apple, GitHub, or Google. We request only your name and email from those providers and never receive your provider password.
• Your content: recipes, cookbooks, shopping lists, cook logs, notes, and any photos you upload.
• API tokens and connector authorizations you create for programmatic or AI-assistant access. Token secrets are stored hashed and shown only once.
• Optional push-notification subscriptions, if you enable notifications.
• Limited technical and product-usage data (for example, error reports and feature interactions) to keep the service reliable.

• To operate your kitchen: store and display your recipes, cookbooks, shopping lists, and cooks.
• To authenticate you and keep your account secure.
• To deliver notifications you have opted into.
• To diagnose errors and improve reliability and features.

Recipes and cookbooks you publish are visible to anyone, along with your username and profile photo. Your shopping list, cook notes, account email, and API tokens are private to you. Anything you mark or keep public can be viewed, forked, and saved by other people.

We share data only with infrastructure providers that process it on our behalf to run Spoonjoy:

• Cloudflare — application hosting, database, and image storage.
• Product analytics and error monitoring — usage and error data, with on-page text masked by default.
• OpenAI — only when you import a recipe from a URL or generate a recipe image, to process that specific request.
• Apple, GitHub, and Google — only if you choose to sign in with them.
• Web-push services — only if you enable notifications.

We do not sell your personal information or share it for advertising.

You can connect Spoonjoy to AI assistants (for example, through the Model Context Protocol connector). Connectors act on your behalf using a scoped authorization you approve, and you can revoke that access at any time from your account settings. We never ask an assistant for your Spoonjoy password.

We keep your account and content for as long as your account is active. Deleting a recipe or shopping-list item removes it from your kitchen. If you want your account and associated data deleted, contact us and we will remove it.

• Update your profile and content at any time.
• Revoke API tokens and connector access from account settings.
• Turn notifications off at any time.
• Request export or deletion of your data by emailing us.

Spoonjoy is not directed to children under 13, and we do not knowingly collect personal information from them.

We may update this policy as Spoonjoy evolves. Material changes will be reflected in the “last updated” date above.

Questions or requests? Email ari@spoonjoy.app.