Privacy Policy
Effective date: 2 May 2026 · Last updated: 2 May 2026
This Privacy Policy describes how Hauptgang ("we", "us", "the app") collects, uses, and shares information when you use the Hauptgang iOS app and related services.
Operator: Szymon Nastaly, Zurich, Switzerland
Contact: hello@hauptgang.app
1. What we collect
Account information
- Email address — required to create an account and to sign in.
- First name — optional, used to personalize the app and notifications.
- Password — stored only as a salted hash (bcrypt). We never store your password in plain text.
Content you create
- Recipes you import or create, including title, ingredients, instructions, prep/cook time, servings, notes, and tags.
- Photos you upload (recipe cover images, photos of cookbook pages or handwritten notes).
- Cookbooks, including cookbooks you share with other users.
- Meal plans and shopping lists you create.
Device and identifiers
- Account identifier assigned to your account.
- API tokens issued per device for authentication (rotated periodically).
- Apple Push Notification (APNS) device token, used solely to deliver push notifications you have enabled.
- RevenueCat user identifier linked to your account, used to manage your subscription entitlement.
Purchases
Subscription status and purchase history for in-app subscriptions, processed via Apple and managed via RevenueCat. We do not receive your payment card or bank details from Apple.
Diagnostics
Crash reports and performance traces from the iOS app and our backend, collected via Sentry. We disable default personally identifiable information (PII) in Sentry: IP addresses, auth headers, and cookies are not stored. A small sample of performance traces and profiles is retained.
2. What we do NOT collect
- We do not request or use your location.
- We do not access your contacts, microphone, HealthKit, or fitness data.
- We do not use the Advertising Identifier (IDFA) or App Tracking Transparency permissions.
- We do not run third-party advertising, marketing, or behavioral analytics SDKs (no Mixpanel, Amplitude, PostHog, Firebase Analytics, AppsFlyer, etc.).
- We do not sell your data and do not share it with data brokers.
3. How we use your data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Provide and operate the app (account, recipes, sync, sharing) | Email, name, recipes, photos, identifiers | Contract (Art. 6(1)(b)) |
| Send push notifications you've enabled | APNS token | Consent (Art. 6(1)(a)) — revocable in iOS Settings |
| Process subscriptions | RevenueCat user ID, purchase history | Contract |
| Authenticate sessions and prevent abuse | Email, password hash, API tokens | Legitimate interest (Art. 6(1)(f)) |
| Diagnose crashes and improve reliability | Sentry crash and performance data (PII-scrubbed) | Legitimate interest |
| Import recipes from links you paste or photos you capture | Recipe URL, page content, image content | Contract — the import is the feature you requested |
4. Third-party processors
We share the minimum data necessary with the following processors:
- Apple — App Store, in-app purchases, push notification delivery.
- RevenueCat (USA) — subscription management. Receives your account identifier, subscription events, and platform metadata.
- Sentry (USA / EU) — crash and performance monitoring. Receives stack traces, device model, OS version, and (PII-scrubbed) request metadata.
- Hetzner Online GmbH (Germany / Finland) — hosts our application servers and object storage (recipe images and uploaded photos).
- OpenRouter / Google Gemini — when you ask the app to import a recipe from a link or photo, we send the page contents, image, or video metadata to an AI model via OpenRouter (which routes to Google Gemini) to extract a structured recipe. We do not send your account identity with these requests.
- YouTube Data API (Google) — used to fetch metadata, captions, and thumbnails when you import a recipe from a YouTube link.
- Apify — used to fetch YouTube transcripts when not otherwise available.
We do not transfer your data to third parties for their own marketing or advertising purposes.
International transfers
Some processors are located outside the EEA. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.
5. Sharing with other users
If you accept an invitation to a shared cookbook, the recipes, photos, ingredients, meal plan entries, and shopping list items in that cookbook are visible to all members of that cookbook. The owner can manage and revoke access at any time.
Your email address and name are visible to other members of cookbooks you share.
6. Data retention
- Account data is kept for as long as your account exists.
- Recipes, photos, meal plans, and shopping lists are kept until you delete them or your account.
- API tokens rotate every 90 days.
- Sentry diagnostics are retained according to Sentry's default retention (typically 30–90 days).
- Backups of the database are retained for a limited period for disaster recovery.
When you delete your account, your personal data and content are deleted from our active systems within 30 days, and from backups in the normal backup rotation.
7. Your rights
If you are in the EEA or the UK, you have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- request deletion of your data ("right to erasure");
- export your data in a portable format;
- object to or restrict certain processing;
- withdraw consent at any time (this does not affect prior lawful processing);
- lodge a complaint with your supervisory authority. In Germany, this is the data protection authority of the federal state in which you reside; the supervisory authority for the operator is the Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern.
You can delete your account at any time from Settings → Account, or by emailing hello@hauptgang.app. We will respond to requests within 30 days.
8. Children
Hauptgang is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
9. Security
We protect your data with TLS in transit, password hashing with bcrypt, scoped per-device API tokens, and access controls on our infrastructure. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
10. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by email. The "Last updated" date at the top reflects the latest revision.
11. Contact
Questions about this policy or your data:
hello@hauptgang.app
Szymon Nastaly, Zurich, Switzerland