Leftover Lab

Last updated: July 12, 2025

1. Introduction

Welcome to Leftover Lab. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, use our AI-powered recipe generation application, or interact with our services. It also describes your privacy rights and how privacy laws protect you.

Please read this Privacy Policy carefully before using our Service. By using our Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Data We Collect

We collect, use, store, and transfer different kinds of personal data about you. We have grouped this data into the following categories:

Identity Data: includes first name, last name, username, unique user identifier, admin status, and subscription preferences.
Contact Data: includes email address, which we use for account creation, authentication, and essential service communications.
Technical Data: includes internet protocol (IP) address, browser type and version, device identifiers, operating system and platform, referring website, pages visited, time spent on pages, and other technical information about the devices and network you use to access our Service.
Usage Data: includes information about how you use our Service, such as features accessed, recipes generated, images processed, search queries, subscription usage patterns, weekly usage limits, and interaction patterns with our AI services.
User Content: includes recipes you save, dietary preferences, ingredient lists, and other content you create or store in your account. Note: We do not permanently store ingredient images you upload - these are processed temporarily for AI analysis and then discarded.
Preference Data: includes your dietary restrictions, cuisine preferences, cooking skill level, language settings, notification preferences, and other customization settings that help personalize your experience and improve our AI recommendations.

3. How We Collect Your Data

We collect data from and about you through various methods, including:

Direct interactions: You directly provide us with Identity and Contact Data when you create an account, update your profile, subscribe to our services, contact us for support, or interact with our customer service team.
Automated technologies or interactions: includes data collected through cookies, server logs, session tokens, analytics tools (when you consent), error tracking, performance monitoring, and other technologies as you navigate and interact with our Service.
User content uploads: When you upload ingredient images or save recipes, we process this information to provide our AI-powered services. Uploaded images are temporarily processed and immediately forwarded to OpenAI for ingredient recognition - we do not permanently store these images. We only store recipe data when you explicitly choose to save recipes to your account.

4. How We Use Your Data

We process your personal data only when we have a legal basis to do so under applicable data protection laws. We will use your personal data in the following circumstances:

To create and manage your user account, authenticate your identity, and provide you with access to our Service.
To provide our core services including AI-powered recipe generation, ingredient recognition, subscription management, customer support, and to continuously improve our Service based on usage patterns.
To personalize your experience, tailor AI-generated recipes to your dietary preferences and restrictions, and deliver content and recommendations relevant to your cooking interests and usage patterns.
To manage our relationship with you, including sending essential service communications, notifying you about changes to our terms or privacy policy, and processing subscription and billing-related communications.
To administer and protect our business and Service, including fraud prevention, security monitoring, rate limiting, abuse detection, legal compliance, and responding to legal requests.
To analyze usage patterns and performance metrics to improve our Service, enhance user experience, optimize our AI models, and develop new features (only with your consent for non-essential analytics).

5. Data Sharing and Third Parties

We may share your personal data with the following categories of third parties under specific circumstances and with appropriate safeguards:

Service Providers: We share your information with trusted service providers who perform essential services on our behalf, including Supabase (database and authentication), Cloudflare (hosting and security), and Stripe (payment processing). These providers are contractually bound to protect your data.
AI and Technology Partners: We use OpenAI's services for AI-powered recipe generation and ingredient recognition. When you upload ingredient images or request recipes, this data is securely transmitted to OpenAI for processing according to their usage policies. Images are not permanently stored by us or OpenAI. Generated recipes are only stored in your account if you choose to save them.
Analytics Providers: We share anonymized and aggregated usage data with analytics providers (such as Google Analytics, only with your consent) to help us understand user behavior and improve our Service. This data cannot be used to identify individual users.

We require all third-party service providers to maintain appropriate security measures, respect the privacy of your personal data, and comply with applicable data protection laws. We have contractual agreements that prohibit them from using your personal data for their own purposes and require them to process your data only for the specific purposes we authorize and according to our instructions.

6. Data Security

We implement comprehensive security measures to protect your personal data from unauthorized access, use, alteration, or disclosure. These measures include encryption of data in transit and at rest, secure authentication systems, access controls, regular security audits, and employee training. We limit access to your personal data to authorized personnel who have a legitimate business need to know.

We have established incident response procedures to detect, investigate, and respond to any suspected personal data breaches. In the event of a breach that poses a risk to your rights and freedoms, we will notify you and applicable regulatory authorities within the timeframes required by law, typically within 72 hours of becoming aware of the breach.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing our Service, complying with legal obligations, resolving disputes, and enforcing our agreements. Different types of data have different retention periods based on their purpose and legal requirements.

We determine appropriate retention periods by considering: the amount, nature, and sensitivity of personal data; potential risks from unauthorized use or disclosure; the purposes for processing and whether we can achieve those purposes through other means; your relationship with us; applicable legal, regulatory, tax, accounting, or reporting requirements; and legitimate business interests such as fraud prevention.

You have the right to request deletion of your personal data in certain circumstances. For Pro subscribers, account deletion may be scheduled for the end of your billing period to ensure you receive the full benefit of your subscription. See the "Your Rights" section below for detailed information about your data deletion rights.

8. Your Rights

Under applicable data protection laws (including GDPR, CCPA, and other privacy regulations), you have the following rights regarding your personal data:

Access: Request access to your personal data and receive information about how we process it, including the purposes, categories of data, recipients, and retention periods.
Correction: Request correction or update of your personal data if it is inaccurate, incomplete, or outdated.
Erasure: Request erasure (deletion) of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when it has been unlawfully processed.
Object to processing: Object to processing of your personal data in certain circumstances, particularly for direct marketing or when processing is based on legitimate interests.
Restriction: Request restriction of processing your personal data in specific circumstances, such as when you contest the accuracy of the data or object to processing.
Data portability: Request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format where technically feasible.
Withdraw consent: Withdraw consent at any time where we are relying on consent to process your personal data, such as for analytics cookies or marketing communications.

To exercise any of these rights, please contact us at info@leftover-lab.com with your specific request. We will respond within the timeframes required by applicable law (typically 30 days). You may also lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, provide functionality, and analyze usage patterns. Essential cookies are necessary for the Service to function properly and cannot be disabled. Analytics cookies are only used with your explicit consent through our cookie banner.

You can control cookie preferences through our cookie banner or your browser settings. Note that disabling essential cookies may affect the functionality of our Service. You can withdraw consent for analytics cookies at any time through your browser settings or by contacting us.

We use the following types of cookies: (1) Essential cookies for authentication and basic functionality, (2) Preference cookies to remember your language and settings, (3) Analytics cookies to understand usage patterns (with consent), and (4) Security cookies to prevent fraud and ensure Service security.

10. Legal Basis for Processing

We process your personal data to perform our contract with you, including providing our AI-powered recipe service, managing your subscription, and delivering customer support.

We process certain data based on your explicit consent, such as analytics cookies and optional marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

We process data based on our legitimate interests, including fraud prevention, security monitoring, service improvement, and business analytics, provided such interests are not overridden by your privacy rights.

We may process your data to comply with legal obligations, such as tax reporting, responding to lawful requests from authorities, and maintaining records as required by law.

11. Children's Privacy

Our Service is not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we discover that we have collected personal data from a child under 18 without verifiable parental consent, we will take immediate steps to delete that information from our systems.

12. International Transfers

Your personal data may be transferred to and processed in countries outside of your state, province, or country, including the United States where our service providers (OpenAI, Stripe, Google, Cloudflare) operate. These countries may have different data protection laws than your jurisdiction.

By using our Service, you acknowledge and consent to the transfer of your personal data to countries where our service providers operate. We ensure that appropriate safeguards are in place for international transfers, such as contractual protections and compliance with applicable data transfer regulations.

13. Changes to These Terms

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website, updating the "Last Updated" date, and may also notify you via email or through our Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or your privacy rights, please contact us at info@leftover-lab.com. We will respond to privacy-related inquiries in a timely manner.