Privacy Policy
Effective Date: 1APR2025
1. Introduction
Foryoueats is a recipe management platform built by two people who love food. We created this app to help home cooks store, discover, and share recipes — for free. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website or mobile apps.
Personal data includes any information that could identify you — such as your name, email address, or IP address.
For security, our website uses SSL/TLS encryption. You can verify this by checking that your browser shows "https://" and a lock symbol in the address bar.
If you have any questions about how we handle your data, please contact us at [email protected].
2. Who We Are
Foryoueats is operated by 9489-8558 Quebec Inc. (doing business as Foryoueats), based in Montreal, Canada. If you have any questions about your personal data, want to make a request, or have a concern, you can reach us at:
Email: [email protected]
If you are located in the EU or EEA, 9489-8558 Quebec Inc. acts as the Controller for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR).
3. Information Collection
When you visit our website without registering, the following data is automatically collected by our servers:
- Masked IP address
- Date, time and timezone of access
- Pages visited and files accessed
- Web browser and version
- Operating system
- Referring website
This data is collected as part of the normal operation of our services. It is not combined with any personal information from your account. We use this data solely for troubleshooting, generating statistics, and improving our services.
Server logs, including IP addresses, are collected via Betterstack and are retained for 2 days, after which they are automatically deleted.
Usage data collected via Google Analytics is retained in accordance with Google's data retention policies.
We also use Microsoft Clarity, a behavioural analytics tool that records how visitors interact with our website (such as mouse movements, clicks, and scrolling). This data is anonymised and used solely to improve our user experience. Data collected by Microsoft Clarity is retained in accordance with Microsoft's privacy policies.
We also collect information that you voluntarily provide when registering, such as your email address and username. You may also choose to add a display name to your profile after registration.
We also use cookies to improve your experience. For more information see Section 5 (Use of Cookies and Tools).
4. Contact
If you wish to contact us, you can do so at any time via email at [email protected]. Contacting us is always voluntary.
We use your contact information solely for the purpose of responding to your request. We do not pass your requests to third parties.
5. Use of Cookies and Tools
5.1 What are cookies?
To improve the look of our website and to enable certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device used for the temporary storage of information. If you are registered with us, cookies help us to recognise you and your device the next time you access our pages. Some cookies may contain personal data.
5.2 What cookies do we use?
We classify our cookies as Required, Functional, and Analysis & Statistics. Some cookies are required for you to use our website (session cookies) — without these, certain features such as logging in will not work. These session cookies are deleted when you close your browser.
Other cookies remain on your device and allow us to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a set period of time.
5.3 What is the purpose of using cookies?
Most of the cookies we use do not store information that can personally identify you. They provide us with general, anonymised information about how our website is used — such as pages visited, browsers used, and general location. We only collect masked IP addresses.
Functional cookies enable the technical operation of our service and make it easier for you to use our pages. We also use cookies to measure the performance of our website using statistical data.
5.4 How to disable cookies
You can configure your browser to notify you when cookies are set, or to block all cookies. Note that disabling cookies may affect the functionality of our website. You can find cookie settings for your browser here:
5.5 Do we use third-party cookies?
We use the following third-party tools which may set cookies on your device:
- Google Analytics — to understand how visitors use our website. Data collected is anonymised. See Google's Privacy Policy.
- Microsoft Clarity — to record how visitors interact with our website (clicks, scrolling, mouse movements). Data collected is anonymised. See Microsoft's Privacy Policy.
- Apple, Google, and Facebook — if you choose to sign in using one of these providers, they may set cookies as part of the authentication process. See their respective privacy policies for more information.
5.6 Cookie inventory
The following table lists all cookies set by Foryoueats and third-party services when you use our website. All first-party cookies are served over HTTPS, are marked HttpOnly where applicable, and use a SameSite=Lax policy.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| Required | |||
| Nameforyoueats_session | TypeRequired | PurposeMaintains your login session while browsing the site | DurationSession |
| NameXSRF-TOKEN | TypeRequired | PurposeProtects against cross-site request forgery (CSRF) attacks | DurationSession |
| Namehttp_referer | TypeRequired | PurposeTracks the referring page for internal navigation purposes | Duration6 months |
| Functional | |||
| Nameremember_web_* | TypeFunctional | PurposeKeeps you logged in across sessions when "Remember Me" is selected at login | Duration5 years |
| NamedarkMode | TypeFunctional | PurposeRemembers your light or dark theme preference | Duration6 months |
| Namelayout | TypeFunctional | PurposeRemembers your preferred recipe display layout (grid or list) | Duration6 months |
| NamecommunitySortBy | TypeFunctional | PurposeRemembers your preferred sort order for community recipes | Duration6 months |
| NamesortBy | TypeFunctional | PurposeRemembers your preferred sort order for recipe listings | Duration5 months |
| NamepantrySortBy | TypeFunctional | PurposeRemembers your preferred sort order for shopping lists | Duration5 months |
| Namefilters | TypeFunctional | PurposeRemembers your active filter selections across recipe views | Duration6 months |
| NamesearchSource | TypeFunctional | PurposeRemembers your preferred search scope (e.g. my recipes vs. community) | Duration5 months |
| Analytics & Statistics | |||
| Name_ga | TypeAnalytics | PurposeGoogle Analytics — distinguishes unique users | Duration2 years |
| Name_gid | TypeAnalytics | PurposeGoogle Analytics — distinguishes users within a 24-hour window | Duration24 hours |
| Name_ga_* | TypeAnalytics | PurposeGoogle Analytics 4 — persists session state | Duration2 years |
| Name_clck | TypeAnalytics | PurposeMicrosoft Clarity — persists a unique user ID for session recording | Duration1 year |
| Name_clsk | TypeAnalytics | PurposeMicrosoft Clarity — connects multiple page views within a single session | Duration1 day |
| NameCLID | TypeAnalytics | PurposeMicrosoft Clarity — identifies first-time vs. returning visitors | Duration1 year |
| Third-Party Authentication | |||
| NameApple | TypeAuthentication | PurposeSet by Apple during the OAuth sign-in flow. Controlled entirely by Apple. | DurationVaries |
| NameGoogle | TypeAuthentication | PurposeSet by Google during the OAuth sign-in flow. Controlled entirely by Google. | DurationVaries |
| NameFacebook (Meta) | TypeAuthentication | PurposeSet by Facebook during the OAuth sign-in flow. Controlled entirely by Meta. | DurationVaries |
6. Hyperlinks and Third Parties
Our website may contain links to third-party websites or platforms. By clicking on these links, you leave our website and your browsing becomes subject to the terms of use and privacy policies of those third parties. We have no control over these third-party platforms and are not responsible for their content or privacy practices.
7. Sharing of Information
We do not sell or rent your personal information to any third party.
We may share your data with the following service providers solely for the purpose of operating our platform:
- Betterstack — for server logging and monitoring. Logs are retained for 2 days and contain masked IP addresses.
- Apple, Google, and Facebook — if you choose to sign in using one of these providers, authentication is handled by them. We only store the identifier and email address returned by the provider.
These providers only have access to the information necessary to perform their services and are required to process your data in accordance with applicable privacy laws.
We may also disclose your information if required to do so by law.
8. How Long Do We Keep Personal Information?
We retain personal information only for as long as necessary. Specifically:
- Account data (email address, username, and display name) is retained for as long as your account is active. If you delete your account, all data associated with it is permanently removed from our systems.
- Server logs collected via Betterstack, which may include masked IP addresses, are retained for 2 days and then automatically deleted.
All other analytics and usage data collected through tools such as Google Analytics and Microsoft Clarity is anonymised and does not constitute personally identifiable information.
9. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
We may use certain data to personalise your experience within the app — such as surfacing recipes based on your activity. This is not profiling in the legal sense and does not involve decisions that affect your rights or interests in a significant way.
If we ever introduce features that involve profiling in a legally meaningful sense, we will obtain your explicit consent beforehand. You will always have the right to withdraw that consent at any time.
10. Third-Party Data Processors
In order to operate our platform, we share certain personal data with trusted third-party service providers. Each provider only receives the data necessary to perform their service and is required to handle it in accordance with applicable privacy laws. The table below lists all vendors who may process personal data on our behalf.
| Vendor | Data Received | Purpose | Policy |
|---|---|---|---|
| Authentication | |||
| VendorApple | DataEmail address, unique identifier | PurposeSocial sign-in authentication | PolicyView |
| VendorGoogle | DataEmail address, unique identifier | PurposeSocial sign-in authentication | PolicyView |
| VendorFacebook (Meta) | DataEmail address, unique identifier | PurposeSocial sign-in authentication | PolicyView |
| Analytics & Behaviour | |||
| VendorGoogle Analytics | DataMasked IP address, browser, pages visited | PurposeWebsite usage analytics | PolicyView |
| VendorMicrosoft Clarity | DataMasked IP address, mouse movements, clicks, scrolling | PurposeBehavioural analytics to improve user experience | PolicyView |
| Infrastructure & Hosting | |||
| VendorVultr | DataAll user data stored on the platform | PurposeCloud hosting and infrastructure | PolicyView |
| VendorCloudflare | DataIP address, HTTP request data | PurposeDNS, traffic routing, and bot protection | PolicyView |
| VendorBetterstack | DataMasked IP address, server log data | PurposeServer logging and monitoring (retained 2 days) | PolicyView |
| Communications | |||
| VendorPostmark | DataEmail address | PurposeTransactional email delivery (e.g. account verification, password resets) | PolicyView |
| Payments | |||
| VendorStripe | DataPayment details, email address | PurposeProcessing voluntary donations | PolicyView |
11. Integration of Social Media
Our website and app may contain links to or references from social media platforms such as YouTube, TikTok, Facebook, and Instagram. These integrations allow us to share content with our community across platforms.
When you interact with social media content linked from our platform — for example, by watching a video on YouTube or viewing a post on Instagram — you leave our environment and your activity becomes subject to the terms of use and privacy policies of those platforms. We have no control over how these platforms collect or process your data.
These platforms may collect personal data about you (such as your IP address or browsing behaviour) even if you do not have an account with them or are not logged in. They may also transfer your data to servers located outside of your country, including to the United States. Platforms such as YouTube (Google), Facebook, Instagram (Meta), and TikTok participate in or comply with applicable data transfer frameworks to ensure an adequate level of data protection for transfers from the EU or EEA.
We recommend reviewing the privacy policies of any social media platform you visit through links on our site.
12. Your Rights as a Data Subject (EU)
If you are located in the EU or EEA, you have the following rights regarding the processing of your personal data.
12.1 Right of Access
You have the right to request confirmation of whether your personal data is being processed. If so, you have the right to access that data and to receive the following information: the processing purpose; the recipients or categories of recipients to whom your data has been or will be disclosed; the intended duration of storage, or the criteria used to determine that duration; your additional rights listed below; if the data was not collected directly from you, all available information about its source; and the existence of any automated decision-making, including profiling, and where applicable, further relevant details.
You also have the right to be informed of any appropriate safeguards in place pursuant to Art. 46 GDPR for transfers of your data to a third country or international organisation.
12.2 Right to Rectification
You have the right to request the correction of any inaccurate or incomplete personal data we hold about you, without undue delay.
12.3 Right to Erasure (Right to be Forgotten)
You have the right to request that we delete your personal data without undue delay where one of the following applies: the data is no longer necessary for the purpose it was collected; you withdraw your consent and there is no other legal basis for processing; you object to the processing (see below); the data was unlawfully processed; deletion is required to comply with an obligation under EU or Member State law; or the data was collected in relation to a child.
12.4 Right to Restriction of Processing
You have the right to request that we restrict our processing of your personal data when: you contest the accuracy of the data; the processing is unlawful but you prefer restriction over deletion; we no longer need the data but you require it to establish, exercise, or defend legal claims; or you have objected to processing and it is not yet determined whether our legitimate interests override yours.
12.5 Right to Notification
Where you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed, unless this is impossible or involves a disproportionate effort. You have the right to be informed of those recipients upon request.
12.6 Right to Data Portability
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on your consent or a contract and is carried out by automated means. Where technically feasible, you may also request that we transfer your data directly to another controller, provided this does not infringe on the rights and freedoms of others.
12.7 Right to Object
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, where the processing is based on our legitimate interests or those of a third party. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary to establish, exercise, or defend legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time, including to any related profiling. You also have the right to object to processing for scientific, historical research, or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for a task carried out in the public interest.
12.8 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time with future effect. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal. To withdraw your consent, simply contact us at [email protected].
12.9 Right to Lodge a Complaint
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a supervisory authority — in particular in the EU or EEA member state of your habitual residence, your place of work, or the location of the alleged infringement. This does not affect any other administrative or judicial remedies available to you.
13. Data Protection Officer
Foryoueats has appointed an individual responsible for privacy and data protection matters. If you have any questions about your personal information, wish to make a comment, or wish to make a complaint, you may contact the person responsible for ensuring compliance with this Privacy Policy at:
Email: [email protected]
Or write to:
9489-8558 Quebec Inc. (Foryoueats)
Montreal, Québec
Canada
If you are located in the EU or EEA, the following applies:
- 9489-8558 Quebec Inc. is the Controller for the processing of data on our online service pursuant to the General Data Protection Regulation (GDPR).