Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

FördeLab UG (haftungsbeschränkt)
Jason Holweg
Altholzkrug 40
24976 Handewitt
Deutschland
E-Mail: hallo@foerdelab.de

2. What data we process and why

2.1 Account and authentication

When you sign in via magic link or “Sign in with Apple”, we store your e-mail address, a pseudonymous user identifier, and the timestamps of login events. This data is required for the app to recognise you (Art. 6 (1) (b) GDPR — performance of the user agreement).

2.2 Content (recipes, ingredients, profiles)

Content you create in your workspace — recipes, ingredients, AI profiles, images, label data — is stored with our database provider Supabase. Publication to the community only happens if you explicitly enable it (Art. 6 (1) (a) / (b) GDPR).

2.3 AI generations

When you use the AI generator or the AI ingredient importer, we transmit your prompt and, where applicable, excerpts of your inventory to our AI provider Anthropic. The responses are returned to you and stored as a draft in your workspace (Art. 6 (1) (b) GDPR).

2.4 Subscription and payment

For paid plans we use the payment provider Stripe. We transmit your e-mail address, a customer reference and invoice data; full card and bank details are processed exclusively by Stripe (Art. 6 (1) (b) GDPR). For in-app purchases via the Apple App Store, payment is processed by Apple.

2.5 Technical logs

When you access the app and the edge functions, technical data is generated (IP address, user agent, timestamp, requested URL). It is stored briefly by Supabase and our hosting provider Vercel to detect errors and defend against attacks (Art. 6 (1) (f) GDPR — legitimate interest in secure, stable operation).

3. Recipients of your data (processors)

  • Supabase (database, authentication, storage) — data centre in Frankfurt, EU.
  • Vercel (hosting of the web app) — server-side rendering in the EU region, global edge caches.
  • Anthropic (AI service “Claude”) — transfer to the USA based on the EU Commission’s Standard Contractual Clauses (SCC).
  • Stripe (payment processing) — Stripe Payments Europe Ltd., Ireland; sub-processing in the USA with SCC.
  • Apple (“Sign in with Apple”, in-app purchases) — in accordance with Apple’s privacy policy.

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors. For transfers to third countries without an adequacy decision, appropriate safeguards (in particular SCC) are applied.

4. Storage period

  • Account data: until you delete your account.
  • Content (recipes, ingredients): until you delete it.
  • AI generation logs (tokens, costs): up to 24 months for billing and statistics.
  • Invoicing and accounting data: in line with statutory retention periods (in Germany up to 10 years, § 147 AO).
  • Technical logs: as a rule no longer than 30 days.

5. Your rights

Under Art. 15 et seq. GDPR you have, in particular, the following rights:

  • Access to the data stored about you (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure (Art. 17), unless retention obligations apply
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection to processing based on legitimate interests (Art. 21)
  • Withdrawal of consent with effect for the future (Art. 7 (3))

You can exercise these rights at any time by e-mail to hallo@foerdelab.de.

6. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel, Deutschland
https://www.datenschutzzentrum.de

7. Cookies and comparable technologies

We use strictly necessary cookies only (e.g. for the light/dark/system theme selection and the auth session). We do not use tracking or marketing cookies. You can configure your browser to block cookies — parts of the app may then no longer function.

8. Changes to this policy

We adapt this privacy policy when features or providers change. The current version is always available on this page.

Last updated: June 2026