Privacy Policy

We are committed to protecting your personal data and complying with the GDPR.

Data Controller

Sole proprietor (micro‑enterprise / EI). Identification: Full name – Professional address or domiciliation: to complete – SIREN/SIRET: to complete – RCS or RM (if applicable): to complete or write “not applicable (liberal activity)” – EU VAT: write “VAT not applicable, French ‘franchise en base’, Art. 293 B CGI” or your EU VAT number if applicable – Contact email: to complete

DPO / Data Protection Contact

Data protection contact: to complete

Data we collect

• Identity & contact: email and, if provided, name.
• Usage data: recipes, inventory, planning history.
• Technical data: session identifiers, logs, browser/OS information.
• Billing references handled by Stripe (customer/subscription IDs). Card details never transit through Ti Food.

Purposes

• Provide the service (account, recipes, inventory, planning).
• Send transactional emails (signup, verification, reset, notifications).
• Handle billing and subscriptions (via Stripe).
• Protect the platform (fraud prevention, logging).
• Support and continuous improvement.

Legal bases (GDPR, Art. 6)

• Contract performance (6‑1‑b): account operations, core features, transactional emails.
• Legitimate interest (6‑1‑f) and/or contract (6‑1‑b): platform security, fraud prevention, billing operations.
• Legitimate interest (6‑1‑f): support and product improvement.

Recipients / processors

We rely on service providers processing data on our behalf:

• Vercel (application hosting) — https://vercel.com
• Neon (PostgreSQL) — https://neon.tech
• Stripe (payments) — https://stripe.com — card data is never stored by Ti Food
• Transactional email provider — to complete (name and URL)

International transfers

Transfers outside the EU/EEA may occur (e.g., Vercel/Stripe). They rely on the European Commission’s Standard Contractual Clauses and, where appropriate, supplementary measures.

Security

• TLS in transit; hashed passwords.
• Access controls and logging.
• Backups and redundancy managed by providers.
• Data minimization and regular updates.

Retention

• Account and content: as long as the account is active; deletion upon request; backups purged within 30 days.
• Billing/accounting records (Stripe, invoices): up to 10 years (statutory).
• Technical/security logs: up to 12 months.
• Auth sessions/cookies: session duration or up to 30 days with “remember me”.

Hosting locations

App: Vercel; Database: Neon (EU region when configured).

Access to data is strictly limited to service and support needs.

Cookies

• Essential authentication cookies.
• Language preference cookie.
• Stripe cookies during checkout (security/flow).
• No advertising cookies. If non‑essential analytics are added, a consent banner will be displayed.

Your rights

Exercise your rights (access, rectification, erasure, restriction, objection, portability) at: to complete.

• Contact email: to complete
• You may lodge a complaint with your data protection authority (France: CNIL — https://www.cnil.fr).

Minors

Ti Food is not intended for children under 15.

Updates

This policy may change. For material changes, we will inform users appropriately.

Last updated: 02/09/2026