Privacy Policy

At WunderChef, a Wunderlandmedia project, we take your privacy seriously. This privacy policy explains how we collect, use, and protect your personal information in relation to our AI recipe generation service. We believe in transparency and minimal data collection.

What We Store on Our Servers

We store data necessary to provide our service while maintaining your privacy. All data is stored securely in our Directus CMS backend:

  • Basic account information: email address, encrypted password, first/last name (optional), language preference, account status
  • Credit balance and transaction history: current credits, purchases, usage, bonuses, and Stripe payment session IDs
  • Recipes you save: ingredients, instructions, preferences (cuisine, meal type, diet type), cooking times, difficulty, and sustainability metrics
  • Your dietary preferences, health goals, allergies, and notification settings
  • Sustainability tracking: total recipes created, money saved, ingredients used, food waste reduced (in kg)
  • Credit transaction history: purchases, usage, refunds, amounts, dates, and payment status

Analytics - Privacy-Focused Approach

We use Plausible Analytics, a privacy-focused, cookie-free analytics solution that is fully GDPR compliant. Here's what you need to know:

  • Plausible does not collect any personal data or personally identifiable information (PII)
  • No cookies are used, meaning no consent banners are required
  • No cross-site or cross-device tracking
  • Plausible is open source and transparent about data collection
  • We use a self-hosted instance at plausible.wunderland.dev for additional privacy
  • We only track aggregate data: page views, referrer sources, and custom events (like recipe generation counts)

Data Security

We implement industry-standard security measures to protect your data. Images you upload for ingredient analysis are processed and not permanently stored beyond the immediate request-response cycle with our AI provider. Server-side data is encrypted and protected using modern security protocols.

AI Data Processing

To generate recipes and analyze ingredients, we use third-party AI services:

  • OpenAI API: Processes uploaded images for ingredient recognition and generates recipe content. Images and prompts are sent to OpenAI but not stored permanently by them
  • Fal.ai: Generates recipe images based on recipe titles. Only recipe names are sent, no personal data
  • All AI processing is temporary - your images and data are not used to train AI models
  • We do not permanently store uploaded ingredient images on our servers

Third-Party Services

We use carefully selected third-party services to provide functionality:

  • Stripe: Processes payments securely. We don't store credit card information - only transaction IDs
  • Directus CMS: Our backend system where all user data is stored securely
  • AI Services (OpenAI, Fal.ai): Process data temporarily for recipe generation as described above
  • We NEVER sell your personal data to third parties or use it for advertising

Cookies and Local Storage

We use minimal cookies and local storage only for essential functionality. Our analytics solution (Plausible) does not use any cookies. The cookies we do use are strictly for maintaining your session and storing your preferences (like language selection). These are not tracking cookies and contain no personal information. You can clear this data at any time through your browser settings, though this may affect your user experience (e.g., logging you out or resetting preferences).

Data Retention

We retain your data only as long as necessary to provide our services:

  • Account information is retained until you delete your account
  • Saved recipes are kept until you delete them or your account
  • Uploaded images are processed immediately and not stored permanently
  • Analytics data (aggregated, non-personal) is retained for 2 years

Your Rights

You have several rights regarding your personal data:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to delete your account and associated data (saved recipes, user profile)
  • Right to export your data (e.g., saved recipes)

Data Location & Compliance

Information about where your data is stored and processed:

  • Our servers and Directus CMS are hosted in secure data centers within the European Union
  • We are fully GDPR compliant and respect EU data protection laws
  • Any data transfers to third-party services (OpenAI, Stripe) are done under appropriate data protection agreements
  • WunderChef operates under German/EU data protection laws as a Wunderlandmedia project

Contact Us

If you have any questions about our privacy policy or how we handle your data, please contact us at [email protected]