Privacy Policy
Last updated: 4 June 2026 · Effective: 4 June 2026
This Privacy Policy explains how Recipal ("Recipal", "we", "our", "us"), operated by Core Interactive, collects, uses, discloses, and protects information about you when you use our mobile application, web application, and related services (collectively, the "Service").
By using Recipal, you agree to the practices described below. If you do not agree, please do not use the Service.
1. Who we are
Recipal is a recipe-saving and meal-planning app published by Core Interactive. The data controller for the purposes of applicable privacy laws (including the EU/UK GDPR and India's Digital Personal Data Protection Act, 2023) is:
Core Interactive
Email: support@coreinteractive.live
2. Information we collect
Information you give us
- Account info — your name, email address, and (optionally) profile picture when you sign up with email/password or Google Sign-In.
- Recipe content — recipes you save, import (from URLs, photos, voice notes, or AI), edit, or mark public; ingredients, steps, notes, cook times, photos.
- Preferences — diet (vegan/vegetarian/eggetarian/pescatarian/non-veg), cuisines you favourite, country, notification preferences.
- Social activity — follows/followers, public profile, ratings or reactions, reports/feedback you submit.
- Support correspondence — messages you send to support@coreinteractive.live.
Information we collect automatically
- Device & app info — device model, OS version, app version, language, locale, time zone, and crash logs.
- Usage data — features used (e.g. "AI extraction", "voice import"), session duration, and counts toward your monthly AI quota.
- Push token — a Firebase Cloud Messaging (FCM) token tied to your install, used only to deliver notifications you've enabled.
- Country — derived from your device locale to show region-relevant recipes and price subscriptions in your local currency. We do not collect precise location (GPS).
Payment information
If you subscribe to Recipal Plus, your payment is processed by Google Play Billing. Recipal never sees or stores your card number, UPI ID, or full payment details. We receive only an opaque purchase token and product ID from Google so we can activate your subscription.
3. How we use your information
| Purpose | Legal basis |
|---|---|
| Provide the Service — sync your recipes, run AI extraction, send notifications you enabled | Contract |
| Authenticate you and keep your account secure | Contract, legitimate interests |
| Process subscriptions and referrals | Contract |
| Improve the app, debug crashes, measure feature usage in aggregate | Legitimate interests |
| Respond to support requests and feedback | Legitimate interests |
| Send transactional emails (verify email, password reset, receipts) | Contract |
| Send optional promotional emails or push | Consent (you can opt out anytime) |
| Comply with legal obligations, prevent fraud and abuse | Legal obligation, legitimate interests |
4. AI features
When you use Recipal's AI features (e.g. extract a recipe from an Instagram link, photo, or voice note; generate steps; generate ingredient lists), the relevant input (a URL, image, transcribed audio, or text prompt) is sent to OpenAI via our backend. OpenAI processes the input solely to return the extracted recipe to Recipal. We do not use your personal account information in these prompts beyond what is strictly necessary. AI-generated recipe images shipped with the app were pre-generated using Leonardo.ai during development and are baked into the app bundle — no per-user image generation calls are made at runtime.
5. Who we share information with
We share personal information only with the third parties listed below, and only as needed to run the Service. We do not sell your personal information.
| Recipient | What we share | Why |
|---|---|---|
| Google (Firebase) — Auth, Firestore, Cloud Functions, Cloud Messaging, Analytics, Crashlytics | Account, recipes, push tokens, crash logs | Authentication, storage, push delivery, crash reporting |
| Google Play Billing | Purchase tokens (no card data) | Process and validate subscriptions |
| OpenAI | Recipe text/image/URL when you use AI features | Power the AI extraction features you invoke |
| Other Recipal users | Content you choose to make public (public recipes, name, profile picture) | Discover & follow other cooks |
| Law enforcement or regulators | Only what is legally required | Comply with valid legal process |
6. Data retention
- Account & recipes — kept while your account is active. Delete your account from Profile → Account to remove them.
- Crash logs — up to 90 days.
- Support correspondence — up to 24 months.
- Billing receipts — as required by applicable tax/accounting law (typically up to 7 years).
7. Your rights
Depending on where you live, you may have the right to:
- Access a copy of the personal data we hold about you.
- Correct or update inaccurate data (most fields are editable in-app at Profile → Account).
- Delete your account and personal data (Profile → Account → Delete account).
- Object to or restrict certain processing.
- Export your data in a portable format.
- Withdraw consent for optional processing (e.g. marketing emails).
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, email support@coreinteractive.live from the address tied to your account. We respond within 30 days.
8. Account deletion
You can delete your Recipal account at any time from Profile → Account → Delete account in the app. Deletion removes your profile, recipes, preferences, follow graph, and push token from our active systems within 7 days. Backups containing your data may persist for up to 30 days before being permanently overwritten. Anonymised, aggregate analytics may be retained.
You can also request deletion by emailing support@coreinteractive.live from the address on your account.
9. Children
Recipal is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact support@coreinteractive.live and we will delete it.
10. Security
We use industry-standard encryption in transit (HTTPS/TLS) and at rest (Google Cloud encryption). Access to production systems is restricted and logged. No system is perfectly secure — please use a strong, unique password and enable two-factor authentication on your Google account if you sign in with Google.
11. International transfers
Recipal is operated from India. Some of our service providers (Google, OpenAI) process data in the United States and other countries. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
12. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app and by email to your registered address before they take effect. The "Last updated" date at the top reflects the latest revision.
13. Contact
Questions, complaints, or rights requests? Email us at support@coreinteractive.live.