Privacy Policy

The data controller for Recipal is {{LEGAL_ENTITY_NAME}}, located at {{REGISTERED_ADDRESS}}. Contact: {{CONTACT_EMAIL}}.

If a separate data protection contact is appointed, use {{DPO_CONTACT}}.

Recipal processes restaurant account data, ingredient records, recipe records, allergen verification history, and billing metadata required to operate the compliance workspace.

Customer-facing public menu pages are generated from the same underlying recipe and allergen records but are read-only and do not expose internal billing or user-account data.

The service uses this data to provide inspection-ready allergen documentation, maintain recipe-to-ingredient traceability, and support customer-facing allergen access through printable exports and QR links.

Billing and fraud-prevention data is processed only as needed to operate subscriptions and protect the platform.

Retention periods, hosting regions, and subprocessors must be completed before launch. Replace these placeholders with the final production list, lawful basis analysis, and data retention schedule.

This document should explicitly identify hosting, analytics, email, OCR, AI, and billing subprocessors before Recipal handles live customer data.