Carbonara – Privacy Policy

Last Updated: 1 February 2026

This Privacy Policy explains how Carbonara, operated by Christos Sotirelis, based in Greece ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use the Carbonara mobile application ("the App") or visit our website.

We are committed to protecting your privacy and complying with all applicable laws, including the EU General Data Protection Regulation (GDPR).

By using Carbonara, you agree to the practices described in this Privacy Policy.

1. Data Controller

The Data Controller for your personal data is:

Christos Sotirelis
Greece
Contact us

2. Personal Data We Collect

We collect personal data in the following categories:

2.1. Information You Provide Directly

Account Information (via Supabase)

  • Email address
  • Password (encrypted and never visible to us)
  • Display name (optional)

Recipe Data

  • Recipes you create, edit, or import
  • Notes, ingredients, cooking steps
  • Images you upload

All stored securely in Supabase.

Contact Form (Website)

When you use the contact form on our website, we receive:

  • Name
  • Email address
  • Message content

Used only to respond to your inquiry; sent via our email provider (Resend).

In-App Feedback

If you submit feedback from within the App (Settings → Feedback), we store your message linked to your account in Supabase to improve the service and respond where appropriate.

2.2. Automatically Collected Information

Device & App Information

  • Device type (iOS/Android)
  • OS version
  • App version
  • Anonymous device identifiers

Analytics (via PostHog)

We collect event-level usage data such as:

  • Successful/failed recipe imports
  • Feature usage (e.g., cooking mode, grocery list)
  • Subscription status
  • App crashes/errors

All data sent to PostHog is pseudonymous (no name or email unless explicitly configured).

Website Analytics (if enabled)

  • IP address (anonymized)
  • Browser type
  • Cookies (only essential or analytics if consented)

2.3. Data Processed by Third-Party Services

AI Processing Providers

Carbonara uses external AI and extraction services to import and structure recipes:

  • OpenAI
  • Google Gemini
  • Apify

We send only the necessary content, such as:

  • Text from recipe pages
  • Images uploaded for recipe extraction
  • Social media video metadata
  • Plain text input

We never send:

  • Your email
  • Your account data
  • Sensitive personal data

AI providers process data temporarily for output generation. They do not store your data for training unless you opt in (we do not enable this).

Subscription & Payments (RevenueCat)

To manage Pro subscriptions, we share:

  • Anonymized App User ID
  • Purchase receipts/tokens
  • Subscription status

We never receive your credit card information—payments are handled by:

  • Apple App Store
  • Google Play Store

Cloud Storage & Backups

Your recipe data and images are stored in Supabase, located in EU data centers when available. Supabase maintains industry-standard security and encryption.

3. How We Use Your Data

We use your data to:

  • Create and manage your user account
  • Sync your recipes across devices
  • Process recipe imports and AI extractions
  • Provide cooking mode functionality
  • Generate grocery lists
  • Send subscription data to RevenueCat
  • Respond to contact form submissions and in-app feedback
  • Improve app features and performance
  • Prevent abuse, errors, and fraud
  • Comply with legal obligations

We do not sell your personal data.

4. Legal Basis for Processing (GDPR)

We process data based on:

4.1. Contractual necessity

To provide the core functions of Carbonara:

  • User account
  • Recipe storage
  • Syncing
  • Imports
  • Subscriptions

4.2. Legitimate interests

  • Improve app performance
  • Debug issues
  • Prevent abuse
  • Basic analytics

You may object to processing under legitimate interest (see Section 8).

4.3. Consent

For:

  • Optional analytics on the website
  • Cookies
  • Push notifications (if used)

4.4. Legal obligation

To comply with EU or Greek law.

5. How We Share Your Data

We share data only with trusted service providers:

ServicePurposeData Shared
SupabaseDatabase, auth, storageAccount & recipe data
PostHogAnalytics & error trackingPseudonymous event data
RevenueCatSubscription validationApp user ID & receipt tokens
OpenAI / GeminiRecipe extractionUploaded text/video/image content
ApifyScraping TikTok/InstagramPublic video metadata
Apple/GooglePaymentsPurchase information
ResendContact form deliveryName, email, message

We do not share your personal data with advertisers.

6. Data Retention

We retain data for as long as your account is active.

  • If you delete your account, your personal data is permanently removed from Supabase within 30 days.
  • Backup copies may persist for up to 90 days, then are purged automatically.
  • Analytics data is retained by PostHog for up to 1 year, then deleted or anonymized.

7. Children's Privacy

Carbonara is not intended for children under 16 years old. We do not knowingly collect personal data from children.

If we discover such data has been collected, we will delete it immediately.

8. Your Rights (GDPR)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your account/data
  • Export (port) your data
  • Object to certain processing
  • Withdraw consent
  • File a complaint with your local data protection authority

To exercise your rights, contact us at: our contact form

9. Data Security

We use:

  • Encryption in transit (HTTPS/TLS)
  • Secure storage (Supabase)
  • Role-based access control
  • Industry-standard security practices

However, no online service can guarantee 100% security.

10. International Transfers

We aim to store and process data within the EU whenever possible.

Some providers (e.g., OpenAI, Google) may process data outside the EU. In those cases, transfers are protected by:

  • Standard Contractual Clauses (SCCs),
  • GDPR-compliant safeguards.

11. Cookies (Website Only)

The Carbonara website may use:

  • Essential cookies
  • Analytics cookies (only with consent)

You can manage cookie preferences via your browser settings.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • The App
  • Legal requirements
  • Data processing practices

We will notify users when required by law.

13. Contact

If you have questions about this Privacy Policy or your data rights:

Christos Sotirelis
Greece
Contact us

Carbonara