Privacy Policy

Last updated: March 29, 2026

1. Overview

Braisery (“we,” “us,” or “our”) operates the braisery.com website and the Braisery mobile application (together, the “Service”). This Privacy Policy explains what data we collect, how we use it, and the choices you have. By using the Service, you agree to the practices described here.

2. Data We Collect

Account Information

When you create an account, we collect your email address, username, and password (stored as a one-way hash — we never store your actual password). You may also provide a display name, bio, avatar image, and unit preference (metric or imperial).

OAuth Sign-In

If you sign in with Google or Apple, we receive a limited authentication token and your email address from the provider. We do not receive or store your Google or Apple password.

Content You Create

We store all content you publish on the Service, including recipes (titles, descriptions, ingredients, steps, and associated media), cookbooks, ratings, review comments, review photos, and saved/bookmarked recipes.

Social Data

We record who you follow and who follows you. Your public profile (display name, username, avatar, bio, recipe count, and follower/following counts) is visible to other users.

Subscription & Billing Data

We store your subscription plan, status, and billing period dates. Payment processing is handled by Stripe — we do not store your credit card number, bank account details, or other payment instrument data on our servers.

AI Usage Data

When you use AI recipe adaptation, we log the action type, the source recipe, token usage counts, the AI model used, and the timestamp.

3. How We Use Your Data

Provide the Service — display your recipes, power search and discovery, show your feed, and manage your account.
Process payments — manage subscriptions, apply coupons, and generate billing history.
Communicate with you — send transactional emails such as password reset codes. We do not currently send marketing emails.
Improve the Service — diagnose errors, monitor performance, and understand how features are used.
Enforce our Terms — detect and address abuse, fraud, or violations of our Terms of Service.

4. Legal Bases for Processing

Contract — processing necessary to provide the Service you signed up for.
Legitimate interest — improving the Service, preventing abuse, and ensuring security.
Consent — where you opt in to optional features such as AI recipe adaptation.
Legal obligation — where we are required to retain or disclose data by law.

5. Third-Party Services

We share data with the following third-party services only as needed to operate the Service. We do not sell your personal data.

Service	Purpose	Data Shared
Cloudflare R2	Image & media storage	Uploaded images
Sentry	Error tracking & performance monitoring	Error context, user ID (no personally identifiable information by default)
Resend	Transactional email delivery	Email address, email content
Anthropic	AI recipe adaptation	Recipe text submitted for processing
Google	OAuth sign-in	Authentication token verification
Apple	OAuth sign-in	Authentication token verification
Stripe	Payment processing	Subscription and billing information
Gravatar	Default avatar	Hashed email address

6. Cookies & Local Storage

We use a single httpOnly cookie (braisery_refresh) to securely store your authentication refresh token on the web. This cookie is essential for keeping you signed in and cannot be disabled while using the Service.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies. We do not use pixels or similar tracking technologies.

7. Data Retention

We retain your account data and content for as long as your account is active. If you delete your account, we will delete your personal data and content within 30 days, except where we are required to retain it by law.

Some data may persist in encrypted backups for a limited period after deletion. Anonymized or aggregated data that can no longer identify you may be retained indefinitely for analytical purposes.

8. Data Security

We protect your data through multiple measures, including:

Passwords hashed with bcrypt (12 rounds).
Authentication tokens stored in httpOnly, secure cookies.
Short-lived access tokens (15 minutes) with separate refresh tokens.
Rate limiting on all API endpoints to prevent abuse.
CORS policies restricting cross-origin access.
Input validation on all data submitted to the Service.

While we take reasonable precautions, no system is completely secure. We cannot guarantee the absolute security of your data.

9. Children's Privacy

Braisery is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@braisery.com.

10. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data via your account settings.
Delete your account and associated data.
Export your data in a portable format.
Object to processing based on legitimate interest.
Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@braisery.com. We will respond within 30 days.

11. AI Feature Data

When you use AI recipe adaptation, the text of the recipe you are adapting is sent to Anthropic's API for processing. We log usage metadata (token counts, timestamps, and the model used) to enforce daily limits and monitor the feature.

Recipe text sent to Anthropic is processed under Anthropic's commercial API terms and is not used to train AI models on Braisery's behalf. We do not share your identity with Anthropic — only recipe text is transmitted.

12. Images & Media

Images you upload are processed into multiple sizes and converted to WebP format for performance. Processed images are stored on Cloudflare R2 and served via CDN with long-duration cache headers (up to 1 year).

If you delete a recipe or your account, associated images are removed from storage. Cached copies on the CDN may persist until the cache expires.

13. International Users

Braisery is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We will handle your data in accordance with this Privacy Policy regardless of where it is processed.

14. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal data:

The right to know what personal data we collect and how we use it.
The right to request deletion of your personal data.
The right to opt out of the sale of personal data. We do not sell personal data.
The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at support@braisery.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or by email. The “Last updated” date at the top of this page reflects when the policy was last revised. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at support@braisery.com.