Your privacy
What we collect, how we use it, who can see it, and how to get a copy of everything we have on you — short, plain, honest.
Last updated 4 June 2026
What we collect
When you sign in we store your email, display name, and (optionally) profile photo, which come from your Google account. Any recipes, comments, ratings, collections, grocery lists, meal plans, journey logs, and group memberships you create are stored against your account so we can show them back to you. Photos you attach to recipes (cover image, step photos) are uploaded to Firebase Cloud Storage under your account. If you opt into the newsletter, we also store your subscription state. Email addresses are temporarily logged for a couple of hours when you submit the newsletter form so we can rate-limit abuse; these short-lived records are deleted automatically.
How we use it
Your data powers the features of the site — personalised collections, your grocery list, your meal plan, your comments. We send transactional emails when something happens that you care about (a comment on your recipe, someone cooked your recipe, an achievement unlocked, the weekly digest if you opted in, and a 30-day warning if you've requested account deletion). Scheduled background jobs run the weekly digest and the hard-delete cron. We don't sell your data, and we don't share it with third parties for advertising.
Who can see what
Private recipes and personal lists are visible only to you. Comments and published community recipes are visible to other approved members. Published recipes also generate public link-preview cards (the image you see when a recipe URL is shared on social media or messaging apps); private recipes never appear in those previews. The site admin can view all recipes, comments, profiles, group chats, feedback submissions, and journey logs for moderation, and can delete accounts (which triggers the cascade deletion described below).
Cookies & analytics
The site runs on Vercel (Next.js hosting) and uses Firebase (Google) for Authentication, Cloud Firestore (the database), Cloud Storage (photos), and Hosting for the sign-in subdomain auth.loveandbutter.co. Transactional emails are delivered via Google Workspace SMTP. Session cookies set by Firebase Auth are strictly necessary to keep you signed in. We don't set any third-party advertising or tracking cookies.
Your rights
You can update your profile, delete your recipes, and remove comments at any time from the in-app settings. If you ask to delete your account (from Settings → Privacy & Security, or by emailing us), we mark your account for deletion and warn you 30 days ahead. During that 30-day window you can cancel by signing in. After the window closes a cascade deletion removes your profile, recipes, photos, comments, ratings, friendships, group memberships, journey logs, and notifications. Newsletter unsubscribe is one click from any newsletter email, or from Settings → Preferences. To exercise these rights, contact hello@loveandbutter.co.
Contact
Questions about this policy? Reach us at hello@loveandbutter.co.