Privacy Policy

Data Controller

The data controller for Pasta Again is Maria Dozhdeva, Spain. You can contact the controller at zhavadik@gmail.com.

Information Collected

Pasta Again collects the information needed to provide recipe import, translation, shopping list, sync, and account features.

• Account identifiers handled through Supabase Authentication, including your email address and authentication provider identifiers.
• Profile preferences such as display name, interface language, recipe language preferences, and measurement system.
• Recipes you create, import, save, or make public, including titles, descriptions, ingredients, steps, timers, tips, sections, servings, category, rating, source URL, source name, source author, and cover images.
• Shopping lists and shopping list entries, including item names, quantities, units, categories, checked state, and source recipe title.
• Technical data processed by hosting and backend providers, such as request logs, security logs, and Supabase session data.

Authentication Data

Pasta Again supports email/password authentication and social sign-in through Apple Sign In and Google Sign In. When you use a social provider, Pasta Again receives the authentication token and account information needed to create and maintain your Supabase account.

Supabase stores the authentication account and session. The mobile app stores Supabase session data in secure local storage where supported by the device.

User Generated Content

Recipes, recipe translations, imported source information, cover images, shopping lists, and saved recipes are user generated content. Private content is protected by Supabase row-level security. Recipes marked public can be read by visitors on the website.

Shared shopping list links expose only the list and entry fields needed to render the shared list to anyone who has the unguessable link. They do not expose the account owner identifier.

Recipe Data

Recipe data is stored in Supabase. Cover images are stored in the public recipe-covers Supabase Storage bucket when a user adds or imports a cover image. If a recipe uses an external source image URL, that URL may also be stored as source metadata.

AI Processing

Pasta Again uses AI providers to parse and translate recipe content only when you intentionally submit content for those features.

• Pasted recipe text may be sent to Google Gemini or OpenAI to turn it into structured recipe data.
• Recipe URLs may be fetched by Pasta Again, extracted on the server, and sent to Google Gemini or OpenAI for parsing.
• Supported video links currently use YouTube Data API metadata and descriptions, then may send the recipe text to Google Gemini or OpenAI for parsing.
• Recipe translation sends recipe titles, descriptions, ingredients, steps, section headings, tips, and related recipe text to Google Gemini or OpenAI.

Third Party Services

Pasta Again uses third party service providers to operate the app and website. These providers process data only as needed to provide their services.

• Supabase: database, authentication, storage, edge functions, and backend infrastructure.
• Vercel: website hosting, deployment, image optimization, logs, and privacy-friendly website analytics if enabled for the website.
• OpenAI: AI parsing or translation fallback when configured.
• Google Gemini: primary AI parsing or translation provider when configured.
• Google Sign In: authentication for users who choose Google.
• Apple Sign In: authentication for users who choose Apple.
• YouTube Data API: video metadata and descriptions for supported YouTube recipe imports.

Analytics and Tracking

The Pasta Again mobile app currently does not use advertising, cross-app tracking, or payment analytics. The website may use privacy-friendly Vercel Web Analytics and event tracking for aggregate traffic and funnel measurement, without intentionally collecting personal content or selling personal data.

Data Retention

User data is retained until you delete your account or request deletion. Public recipes remain available while they are marked public. Backend logs may be retained for a limited period by infrastructure providers for security, debugging, and reliability.

Account Deletion

You can request deletion by emailing zhavadik@gmail.com from the email address associated with your account. The product requirement also states that account deletion is available directly inside the application.

When an account is deleted, account-linked profile, recipe, saved recipe, and shopping list data are intended to be deleted through the database relationships and backend deletion process.

User Rights

You may request access to your personal data, correction of inaccurate data, or deletion of your account and associated data by contacting zhavadik@gmail.com.

Security

Pasta Again uses Supabase authentication, row-level security, and HTTPS-based service connections. The website uses an anonymous Supabase key for read-only public data access and does not use a service-role key.

No online service can guarantee perfect security, but Pasta Again limits access to data based on account ownership and public visibility settings.

International Transfers

Pasta Again is operated from Spain and uses service providers that may process data in other countries. Those providers include Supabase, Vercel, OpenAI, Google, and Apple. Their processing may involve international data transfers under their own infrastructure and contractual safeguards.

Children's Privacy

Pasta Again is not intended for children under 13 years of age. If you believe a child under 13 has provided personal data, contact zhavadik@gmail.com so it can be reviewed and deleted where appropriate.

Contact Information

For privacy questions, data requests, or account deletion requests, email zhavadik@gmail.com.

Policy Updates

This policy may be updated when Pasta Again changes its features, providers, or legal requirements. The updated version will be posted on this page with a new effective date.