Policy

Your privacy

What we collect, how we use it, who can see it, and how to get a copy of everything we have on you — short, plain, honest.

Last updated 28 May 2026

What we collect

When you sign in we store your email, display name, and (optionally) profile photo, which come from your Google account. Any recipes, comments, ratings, collections, grocery lists, meal plans, journey logs, and group memberships you create are stored against your account so we can show them back to you. Photos you attach to recipes (cover image, step photos) are uploaded to Firebase Cloud Storage under your account. If you opt into the newsletter, we also store your subscription state. Email addresses are temporarily logged for a couple of hours when you submit the newsletter form so we can rate-limit abuse; these short-lived records are deleted automatically.

How we use it

Your data powers the features of the site — personalised collections, your grocery list, your meal plan, your comments. We send transactional emails when something happens that you care about (a comment on your recipe, someone cooked your recipe, an achievement unlocked, the weekly digest if you opted in, and a 30-day warning if you've requested account deletion). Scheduled background jobs run the weekly digest and the hard-delete cron. We don't sell your data, and we don't share it with third parties for advertising.

Who can see what

Private recipes and personal lists are visible only to you. Comments and published community recipes are visible to other approved members. Published recipes also generate public link-preview cards (the image you see when a recipe URL is shared on social media or messaging apps); private recipes never appear in those previews. The site admin can view all recipes, comments, profiles, group chats, feedback submissions, and journey logs for moderation, and can delete accounts (which triggers the cascade deletion described below).

Cookies, hosting & diagnostics

The site runs on Vercel (Next.js hosting) and uses Firebase (Google) for Authentication, Cloud Firestore (the database), Cloud Storage (photos), and Hosting for the sign-in subdomain auth.loveandbutter.co. Transactional emails are delivered via Google Workspace SMTP. Session cookies set by Firebase Auth are strictly necessary to keep you signed in. To find and fix bugs we use Sentry for error monitoring and session replay: a sample of sessions — and any session in which an error occurs — is recorded to help us diagnose problems. To protect your privacy these replays are masked — the text on screen and anything you type into forms (your recipes, comments, messages, and any details you enter) are hidden, so a replay captures only the general page layout, your clicks, and an approximate location derived from your IP address — never the actual content. Replays are used only for debugging, never for advertising. Error reports are also scrubbed of personal identifiers before they are sent. We do not set third-party advertising or tracking cookies, and we never sell your data.

Your rights

You can update your profile, delete your recipes, and remove comments at any time from the in-app settings. If you ask to delete your account (from Settings → Privacy & Security, or by emailing us), we mark your account for deletion and warn you 30 days ahead. During that 30-day window you can cancel by signing in. After the window closes a cascade deletion removes your profile, recipes, photos, comments, ratings, friendships, group memberships, journey logs, and notifications. Newsletter unsubscribe is one click from any newsletter email, or from Settings → Preferences. To exercise these rights, contact hello@loveandbutter.co.

Contact

Questions about this policy? Reach us at hello@loveandbutter.co.