Privacy Policy

MealBake · Last Modified: March 18, 2026

Overview

MealBake (“we”, “us”, or “our”) operates mealbake.com and related subdomains, and provides a recipe content platform, an AI-powered recipe generation tool, and a blogging platform for food creators. This Privacy Policy explains how we collect, use, share, store, and protect your information when you use our services, and explains your choices regarding your information.

MealBake is committed to protecting your privacy and complying with all applicable laws, including the General Data Protection Regulation (GDPR) for EU/EEA users and applicable US state privacy laws including the California Consumer Privacy Act (CCPA).

Our services contain links to third-party websites and integrations. Information collected by those third parties is governed by their own privacy policies. We are not responsible for the privacy practices of third-party sites or platforms.

1. What Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from third-party sources.

1a. Information You Provide Directly

  • Contact information — your name and email address, collected during registration
  • Account credentials — username and password if you register with email
  • OAuth profile data — when you sign in with Google or Facebook, we receive your name, email address, and profile picture from those providers
  • Recipe inputs — ideas, ingredients, descriptions, and other content you submit to generate recipes
  • Uploaded images — photos you upload to accompany your recipes, which are subject to automated content moderation
  • Payment information — billing details collected by Stripe when you purchase credits. MealBake does not store your card details
  • Communications — any messages or feedback you send us via email or support channels

1b. Information Collected Automatically

When you use MealBake, we automatically collect certain technical and usage information including:

  • Log data — IP address, browser type and version, operating system, pages visited, time and date of visits, referring URLs
  • Device information — hardware model, screen resolution, and device identifiers
  • Usage data — features used, recipes generated, credits consumed, blog posts published, clicks, and other interactions with the platform
  • Session data — login times, session duration, and navigation patterns

This information is collected using cookies and similar technologies as described in Section 4, and via Cloudflare Web Analytics.

1c. Information From Third Parties

We may receive information about you from third-party sources including:

  • Google and Facebook — profile data when you authenticate via OAuth
  • Stripe — payment confirmation and transaction status (not card details)
  • AWS Rekognition — automated content moderation results for uploaded images

2. How We Use Your Information

We use your information for the following purposes:

2a. To Provide the Service

  • Create and manage your account
  • Authenticate you when you log in
  • Process your recipe generation requests via OpenAI API
  • Generate AI food images via Replicate
  • Publish and host your blog at username.mealbake.com
  • Process payments and manage your credit balance via Stripe
  • Moderate uploaded content via AWS Rekognition

2b. To Communicate With You

  • Send service updates, security alerts, and administrative messages
  • Respond to your support requests and inquiries
  • Notify you of changes to the platform or these policies

We will not send you marketing emails without your explicit consent. You can opt out of any non-essential communications at any time by contacting [email protected].

2c. To Improve the Platform

  • Analyze usage patterns to improve features and user experience
  • Monitor platform performance and fix technical issues
  • Detect and prevent fraud, abuse, and unauthorized access

We use only anonymized and aggregated data for platform improvement. We do not use your personal recipe inputs or generated content to train AI models without your explicit consent.

2d. For Legal and Compliance Purposes

  • Comply with applicable laws, regulations, and legal processes
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of MealBake, its users, and the public

3. AI-Specific Data Processing

MealBake processes certain data through AI services. You should be aware of the following:

  • Recipe generation — your input prompts and recipe ideas are sent to OpenAI API for processing. These inputs may be retained by OpenAI in accordance with their privacy policy
  • AI image generation — your recipe titles and descriptions may be used as prompts for Replicate image generation models
  • Image moderation — images you upload are scanned by AWS Rekognition for prohibited content. Rekognition processes image data but does not retain it beyond the moderation request
  • Translations — recipe content may be processed by AI translation models to generate multilingual versions

We recommend reviewing the privacy policies of OpenAI (openai.com/privacy), Replicate (replicate.com/privacy), and AWS (aws.amazon.com/privacy) to understand how they handle data submitted through their APIs.

4. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service.

4a. Necessary Cookies

These are required for the Service to function. They enable core features such as authentication, session management, and security. These cannot be disabled without breaking the Service.

4b. Functional Cookies

These remember your preferences such as language, locale, and display settings, and help us personalize your experience on the platform.

4c. Analytics

We use Cloudflare Web Analytics to understand how visitors interact with our site. Cloudflare Web Analytics does not use cookies and does not track individuals across sites — it provides only aggregated, privacy-respecting analytics data.

4d. Managing Cookies

You can configure your browser to refuse or delete cookies at any time. However, disabling necessary cookies will prevent you from logging in and using the Service. MealBake does not currently respond to browser “Do Not Track” signals.

5. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

5a. With Service Providers

We share information with trusted third-party service providers who help us operate the platform, under strict contractual obligations to protect your data:

  • Stripe — payment processing
  • Google — OAuth authentication
  • Facebook / Meta — OAuth authentication
  • OpenAI — AI recipe generation (input prompts processed)
  • Replicate — AI image generation (recipe titles/descriptions processed)
  • AWS (Amazon Web Services) — image content moderation via Rekognition
  • Cloudflare — infrastructure, DDoS protection, CDN, and privacy-respecting analytics

Each provider is required to handle your data only as necessary to provide their specific service and in compliance with applicable privacy laws.

5b. For Legal Reasons

We may disclose your information if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or government request
  • Enforce our Terms of Service or protect our legal rights
  • Protect the safety or security of our users or the public
  • Investigate or prevent fraud or security incidents

5c. Business Transactions

If MealBake is involved in a merger, acquisition, asset sale, or similar business transaction, your information may be transferred to the relevant third party as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

5d. With Your Consent

We may share your information with third parties when you explicitly direct us to do so or provide your consent.

6. Data Storage and Security

MealBake stores your data on servers located in the United States. If you are located in the EU/EEA, your data is transferred to and processed in the United States. We rely on standard contractual clauses and other appropriate safeguards for international data transfers as required by GDPR.

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), access controls, and security monitoring. However, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the security of your account credentials and logging out after each session.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law. See our Terms of Service Section 9 for details on what happens to your content upon account deletion.

8. Your Rights — EEA / UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data (“right to be forgotten”)
  • Right to data portability — request your data in a commonly used machine-readable format
  • Right to restriction — request that we limit how we process your data
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time
  • Right to lodge a complaint — file a complaint with your local data protection authority (e.g., ICO in the UK, or your national DPA in the EU)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Response time may be extended by up to two additional months for complex requests.

9. Your Rights — US Residents (CCPA / State Privacy Laws)

If you are a resident of California or another US state with applicable privacy legislation, you may have the following rights:

  • Right to know — request the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties we share it with
  • Right to delete — request deletion of your personal information, subject to certain exceptions
  • Right to correct — request correction of inaccurate personal information
  • Right to opt out of sale — MealBake does not sell your personal information
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

10. MealBake as a Data Processor

When MealBake acts as a tool for food bloggers — processing recipe inputs and publishing content to personal blog subdomains — MealBake may act as a “data processor” on behalf of those bloggers who are the “data controllers” for their own blog audience and content. In these circumstances, MealBake processes data only as directed by the blogger’s use of the Service.

Bloggers using MealBake to publish content are themselves responsible for complying with applicable privacy laws with respect to their blog readers, including GDPR obligations if their blog serves EU users.

11. Children's Privacy

MealBake is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information promptly. If you believe we have collected information from a child under 13, please contact us immediately at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page with a revised date at the top. For material changes, we will provide more prominent notice via email or a notice on the platform. Continued use of MealBake after changes become effective constitutes your acceptance of the revised policy. If you disagree with any changes, you must stop using the Service.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

MealBake

Email: [email protected]

Website: mealbake.com