Privacy Statement
Last updated: May 22, 2026 · Effective date: May 22, 2026
This Privacy Statement explains how Bon Appli (the “Service,” “App,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the App at bonappli.pages.dev and any successor domains.
Bon Appli is operated by Aaron McLaughlin, an individual sole proprietor based in Minnesota, United States (the “Operator”). If operation is later transferred to a limited liability company or other entity, that entity will be the Operator and bound by this Statement.
We tried to write this in plain English. If anything is unclear, contact us at the address in Section 11.
1. The short version
- Account info. When you sign in (typically with Google), we receive basic profile information such as your email address and display name from the identity provider.
- Your content. Recipes, meal plans, pantry items, grocery lists, cooking notes, photos, and favorites you create or import — these are stored so we can sync them across your devices.
- Photos. When you scan a pantry shelf or paste an image-based recipe, the photo is sent to a third-party AI provider so we can extract items or recipe data. We do not use your photos for advertising.
- No ads. No selling your data. We don't run ads, and we do not sell your personal information or share it with data brokers.
- You're in control. You can export, edit, or delete your data, including deleting your entire account, from inside the App or by emailing us.
The rest of this document is the detail behind those promises.
2. Information we collect
2.1 Information you provide
- Account information received from the identity provider you use to sign in (typically Google): your email address, name, profile image URL, and a stable user ID. We do not see or store your password for the identity provider.
- User Content you create or import: recipes, ingredient lists, instructions, tags, favorites, meal plans, pantry items, grocery items and notes, cook logs, scaling and timer preferences, recipe ratings, and the text and images you attach to those records.
- Photos and images you upload for pantry scanning, recipe import previews, or recipe attachments.
- URLs you import. When you import a recipe from a website, we store that URL and the recipe data parsed from it. Some imports go through a third-party reader (see Section 4).
- Settings and preferences, such as serving-size defaults, theme, big-text mode, and which tour or onboarding steps you've completed.
- Communications. If you contact us for support, we receive what you send us (e.g., the email, attachments, and account context).
2.2 Information collected automatically
- Device and session data generated by typical web technologies: browser type, operating system, approximate request timing, and error or diagnostic information necessary to keep the App working and secure.
- Authentication tokens and session identifiers managed by our auth provider (Supabase) so that you stay signed in.
- Local storage on your device. Bon Appli stores a local cache (including a “dirty” flag for unsynced edits) and a local journal (cook session and cook log) in your browser's
localStorage. This data lives on your device until you clear it or delete the App's data.
- Server logs. Our hosting and database providers maintain operational logs (e.g., IP address, request paths, response codes) for limited periods to protect the Service from abuse and to investigate issues.
2.3 Information we do not collect
- We do not require or collect payment card numbers (the App is currently free).
- We do not collect precise geolocation, contacts, calendars, or microphone audio.
- We do not knowingly collect personal information from children under 13.
3. How we use your information
We use the information described above to:
- Provide the Service — authenticate you, store and sync your recipes and plans across devices, generate grocery lists, run cook mode, and import recipes you request.
- Process photos and URLs through AI providers to extract structured information (e.g., identify items on a pantry shelf, parse ingredients from a webpage that lacks structured data).
- Improve the Service — diagnose bugs, monitor performance, and design new features. Where we look at usage to improve the App, we use aggregated or de-identified information whenever feasible.
- Communicate with you about the Service — important changes, security notices, and replies to support requests.
- Protect the Service — detect abuse, enforce our Terms of Service, prevent fraud, and respond to legal requests.
We do not use your User Content, photos, recipes, or cook history to train general-purpose AI models. Photos and URLs are sent to AI providers for the limited purpose of returning structured results to you; see Section 4.
4. Third parties that process your data
We use the following categories of third-party services to operate Bon Appli. They process information on our behalf or as needed to deliver their service:
- Google — Sign-in (OAuth/PKCE). Google sees your sign-in activity. See Google's Privacy Policy.
- Supabase — Authentication, database (Postgres), file storage, and realtime sync. Your account record and User Content are stored here.
- AI providers (used for recipe parsing fallbacks and pantry photo analysis). When AI processing is needed, the relevant URL contents or image data are sent to the provider's API. Providers may temporarily retain the request for abuse-monitoring purposes per their policies.
- Content readers (such as Jina Reader) — Used when we fetch certain third-party recipe pages (for example, social-network URLs that block direct fetching). The destination URL is shared with the reader.
- Hosting and CDN (such as Cloudflare Pages) — Serves the App and may log standard request metadata.
We do not sell, rent, or trade your personal information to third parties. We do not allow third-party advertising networks on the App.
5. Sharing
We share personal information only in these limited cases:
- With service providers as described in Section 4, under contracts that restrict their use of your data to providing services to us.
- With you and people you direct us to share with. (Bon Appli is currently single-user; if shared accounts or sharing features are added later, this Statement will be updated.)
- For legal reasons, such as to comply with a valid subpoena, court order, or government request; to enforce our Terms; or to protect the rights, safety, or property of users, the public, or the Operator.
- In a business transfer, such as a merger, acquisition, financing, reorganization, or transfer of the Service to a successor entity (including an LLC formed by the Operator). We will notify you of any such transfer and continue to honor this Statement.
6. Storage, security, and retention
We store data primarily in the United States through our cloud providers. If you access the App from outside the U.S., your information may be transferred to and processed in the U.S., which may have different data-protection laws than your country.
We use reasonable administrative, technical, and physical safeguards to protect your information — including encryption in transit, authenticated access controls, and use of established cloud providers. No system is perfectly secure, and we cannot guarantee absolute security.
We retain your information for as long as your account is active. When you delete a record (such as a recipe, plan, or photo), it is removed from our active systems and may persist in encrypted backups for a limited period before being overwritten. When you delete your account, we delete or de-identify your personal information within a reasonable period, except where we need to retain limited records for legal, security, or accounting purposes.
7. Your choices and rights
You have the following choices regardless of where you live:
- Access and export. You can view your data in the App. Contact us to request a machine-readable export.
- Correct. Edit your recipes, plans, and account information directly in the App.
- Delete. Delete individual records inside the App, or delete your entire account from Settings (or by emailing us). Deletion removes your User Content from the Service subject to the retention rules in Section 6.
- Withdraw consent. Where we rely on consent (for example, for optional features), you can withdraw it.
- Opt out of communications. We only send transactional and security messages; we do not send marketing email.
If you reside in Minnesota, California, Virginia, Colorado, Connecticut, Utah, the European Economic Area / United Kingdom, or another jurisdiction with comprehensive privacy laws, you may also have rights to:
- Confirm whether we process your personal information;
- Receive a copy of it in a portable format;
- Correct inaccurate information;
- Delete it;
- Limit or object to certain processing;
- Appeal a decision we make about your request;
- Lodge a complaint with your local data-protection authority (in the EEA/UK) or your state attorney general.
We do not “sell” personal information or “share” it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws, and we do not use sensitive personal information for inferring characteristics about you.
To exercise any of these rights, email us at the address in Section 11. We will respond within the timeframe required by applicable law. We may need to verify your identity (typically by confirming the email address on your account) before acting on a request.
8. Children
Bon Appli is not directed to children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us personal information, contact us and we will delete it. Users between 13 and the age of majority must use the Service with the involvement and consent of a parent or guardian.
9. Cookies and similar technologies
Bon Appli is a progressive web app. We use:
- Local storage and IndexedDB on your device to keep an offline cache of your account data, your cook journal, and your preferences. This is functionally necessary to make the App work offline.
- Session storage and authentication tokens issued by the auth provider to keep you signed in.
- Service worker caches for the app shell so the App loads quickly and offline.
We do not use third-party analytics cookies or advertising trackers. You can clear local storage and the service worker cache from your browser at any time; doing so will sign you out and remove the offline cache.
10. Changes to this Statement
We may update this Privacy Statement from time to time. If we make a material change, we will notify you through the App or by other reasonable means before the change takes effect. The “Last updated” date at the top reflects the most recent revision.
11. Contact
For privacy questions, requests, or complaints, contact:
Bon Appli — Privacy
Email: [email protected]
Web: bonappli.pages.dev
If you do not receive a satisfactory response, you may also contact your local data-protection authority.
Note: This document is a starting point provided for convenience and is not legal advice. You should have it reviewed by a licensed attorney in your jurisdiction — and updated to reflect your final provider stack, retention windows, and entity status — before relying on it for a public launch.
← Back to app Terms of Service →