Privacy Policy

Last updated: 6/26/2026

1. Introduction

Aldenté ("we," "our," or "us") is the data controller for personal information processed through the Al Dente mobile application and related services. This Privacy Policy explains what we collect, why we collect it, how long we keep it, and the rights you have under the UK GDPR, EU GDPR, and equivalent laws (including PIPEDA in Canada and the Privacy Act 1988 in Australia).

2. Information We Collect

Personal Information

  • Email address and authentication information
  • Name and profile information
  • Subscription and purchase information (processed by Apple and RevenueCat)
  • For Creators who enable monetization: bank account, tax identification, and identity verification information collected by Stripe Connect for payout purposes. Stripe processes and stores this data directly; Aldenté does not see your bank account number or full tax identification number.
  • Device information and app usage data

Usage Information

  • Recipe preferences and dietary restrictions
  • Meal planning data and grocery lists
  • Photos you upload (profile picture, cook log photos)
  • Chat interactions with our AI assistant
  • App features used and interaction patterns

Technical Information

  • Device type, operating system, and app version
  • IP address and general location data
  • Crash reports and performance analytics

3. How We Use Your Information

  • Provide and improve our AI-powered recipe services
  • Personalize your experience and recommendations
  • Process subscriptions and manage entitlements
  • Process creator content purchases, track creator earnings, and disburse payouts to Creators via Stripe Connect
  • Generate tax forms (e.g., IRS Form 1099-NEC) for US-based Creators earning above the reporting threshold
  • Send transactional notifications (e.g., meal-plan reminders, social activity, payout confirmations)
  • Send product updates and announcements (only if you opt in)
  • Analyze usage patterns to improve our service
  • Provide customer support and respond to inquiries

4. Lawful Basis for Processing (UK / EU GDPR)

We rely on the following lawful bases under Article 6 of the UK and EU GDPR:

  • Performance of a contract (Art. 6(1)(b)): creating and operating your account, syncing your recipes and meal plans, and processing your subscription.
  • Consent (Art. 6(1)(a)): sending marketing notifications (feature updates, announcements), accessing your photo library, and sending push notifications. You can withdraw consent at any time in the app's settings.
  • Legitimate interests (Art. 6(1)(f)): diagnosing crashes, preventing abuse, securing the service, and aggregate product analytics. We balance these interests against your rights and minimize the data used.
  • Legal obligation (Art. 6(1)(c)): retaining records required for tax, accounting, or to respond to lawful requests from authorities.

5. Information Sharing

We do not sell, trade, or rent your personal information. We share data only with the processors listed in Section 9 and where required by law (e.g., responding to a valid court order) or in connection with a merger, acquisition, or sale of assets — in which case you will be notified.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Data is encrypted in transit (TLS) and at rest. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal data only as long as needed:

  • Account data (profile, recipes, meal plans, photos): retained while your account is active. Deleted within 30 days of an account-deletion request; residual copies in encrypted backups are purged within 90 days.
  • Subscription records: retained for up to 7 years after subscription ends to meet tax and accounting obligations.
  • Creator earnings, payouts, and tax records: retained for up to 7 years to meet US tax reporting requirements (1099-NEC issuance, audit support). Aldenté stores creator earnings ledger entries; Stripe stores identity, banking, and tax form data per its own retention schedule.
  • Crash and performance logs: retained for up to 90 days, then automatically deleted.
  • Aggregate analytics: retained in anonymized form for up to 14 months.
  • Public recipes you published: if you delete your account, your name is removed and your published recipes are anonymized to "Deleted User" so other users' saves and ratings remain functional.

8. Your Rights

Under the UK GDPR, EU GDPR, PIPEDA (Canada), and the Privacy Act 1988 (Australia) you have the following rights:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your account and personal data — available in-app under Settings → Account, or by emailing us
  • Portability: receive your data in a structured, machine-readable format (request via the Contact page)
  • Objection: object to processing based on legitimate interests
  • Restriction: ask us to limit how we process your data
  • Withdraw consent: turn off marketing notifications and revoke permissions in Settings at any time
  • Lodge a complaint: UK users can complain to the Information Commissioner's Office (ico.org.uk); EU users can complain to their national data protection authority

To exercise any of these rights, please reach out via our Contact page. We aim to respond within 30 days.

9. Third-Party Processors

We rely on the following service providers to operate the app. Each acts as a data processor and is bound by a data processing agreement. Some providers may process data outside the UK/EU; in those cases we rely on Standard Contractual Clauses or equivalent safeguards.

  • Apple: in-app purchases, App Store subscription billing
  • Google / Firebase (Google Ireland Limited): authentication, database, cloud storage, analytics, crash reporting, push notifications, AI services
  • RevenueCat: in-app purchase receipt validation and entitlement management (both for Aldenté Premium and for creator content purchases)
  • Stripe (Stripe Inc. for US users; Stripe Payments Europe Ltd. for EU users): payment processing for print cookbook orders, and Stripe Connect Express for creator payouts. For Creators, Stripe collects and stores identity verification, bank account, and tax information directly during onboarding; Stripe acts as data controller for this information and may issue IRS Form 1099-NEC on Aldenté's behalf.
  • Google Sign-In: optional sign-in method

10. International Transfers

Our processors (notably Google/Firebase and RevenueCat) may transfer and store data in the United States and other countries outside the UK and EEA. Where such transfers occur, we rely on the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or other lawful transfer mechanisms.

11. Children's Privacy

Our service is not intended for children under 13 years of age (or under 16 in jurisdictions where that is the digital-consent age). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please reach out via our Contact page.