Roux
<!-- DRAFT — pending legal review (ADR-0031/0032 require counsel sign-off before launch). Fill the [PLACEHOLDERS]: legal entity, registered address, contact emails, DPO/EU-UK rep if needed, and confirm retention periods + lawful bases with counsel. Grounded in docs/plans/pii-data-map.md. -->

Privacy Policy

Last updated: 2 July 2026

This policy explains what personal data Roux collects, why, how long we keep it, and the rights you have. Roux is a private, searchable recipe app for iOS and Android.

Who we are

Roux is operated by [LEGAL ENTITY NAME] ("Roux", "we", "us"), [REGISTERED ADDRESS]. We are the data controller for the personal data described here.

Where your data is stored

We host in the European Union / UK (Ireland/UK region). Your account and recipe data stay in that region. Where a supplier processes data outside the EU/UK, we rely on a valid transfer mechanism (see "Sharing and sub-processors").

What we collect and why

We minimise what we collect. The table below is our record of processing.

DataWhy we process itLawful basisRetention
Email addressAccount creation and passwordless (magic-link / one-time code) sign-inContractLife of your account; deleted within 30 days of erasure
Name (from Apple/Google sign-in)Display name on your accountContractLife of your account
Authentication identifiers (OAuth subject, passkey)Signing you in securelyContractLife of your account
Account IDKeying your data internallyContractLife of your account
IP addressSecurity, abuse prevention, and diagnostics in logsLegitimate interest30–90 days
Push notification tokenSending "your recipe is ready" and timer alertsContract / ConsentUntil it becomes invalid or you sign out
Household membershipSharing recipes with people you inviteContractLife of the account/household
Profile settings (language, units, theme)Personalising the appContractLife of your account
Saved recipes, notes, and source URLsThe core service — your libraryContractLife of your account
Photos you upload or share for parsingExtracting a recipe from an image (OCR)ContractLife of the recipe; location/EXIF metadata is stripped
Diet and allergen tagsFiltering and warnings you ask forContract (Consent if ever profiled)Life of your account
Cook sessions, pantry, grocery listsApp features you useContractLife of the account/household
Usage analyticsUnderstanding and improving the productConsent (in the EU/UK)Up to 14 months
Security and audit logsProtecting the serviceLegitimate interest30–90 days

We do not sell your personal data, and we do not use your recipes or content to advertise to you.

Special-category data

Diet and allergen information can imply health (e.g. medical diets) or religion (e.g. halal/kosher), which are "special categories" under the GDPR. We only store what you or the recipe source provide; we do not infer or assert anything about your health or beliefs, we do not use this data for profiling or targeting, and we keep it within your own household use. If we ever needed to process it beyond that, we would ask for your explicit consent first.

AI features and your content

Roux uses AI to parse recipes from links, text, photos, and videos, to scale recipes, and to power search. To do this, the relevant content is sent to our AI processors for the moment it takes to process it. Two things you should know:

Because parsing takes content from web pages you choose to save, it can occasionally include other people's personal data (for example, a name in a caption). We extract the recipe and discard surrounding personal data we don't need.

Sharing and sub-processors

We share data only with suppliers who help us run Roux, under contract and, where relevant, EU/UK data transfer safeguards (Standard Contractual Clauses / UK IDTA / EU–US Data Privacy Framework):

Sub-processorPurposeRegion
SupabaseDatabase, authentication, file storageEU/UK
OpenAI (or equivalent)Recipe parsing, transcription, OCR, embeddingsZero-retention; EU/DPA-covered
RevenueCatSubscription purchase validation and managementUS (transfer safeguards)
Expo / Apple (APNs) / Google (FCM)Push notification deliveryUS (transfer safeguards)
SentryError diagnostics (scrubbed of content, PII, and tokens)EU/US (transfer safeguards)
PostHogProduct analytics (consent-based)EU
Apple / GoogleApp distribution and in-app paymentsGlobal

Household sharing means people you invite to a household can see recipes and lists shared in it.

Your rights

You can, at any time:

To exercise these, use the in-app controls or email privacy@getroux.io. You also have the right to complain to your data protection authority — in the UK, the ICO; in the EU, your local supervisory authority.

Security

We encrypt data in transit and at rest, store authentication tokens in the device's secure keychain, scope every user's data with database row-level security, and strip location metadata from uploaded images.

Children

Roux is not directed at children and is not intended for anyone under [16 / 13 — confirm age with counsel]. We do not knowingly collect data from children.

Changes to this policy

We may update this policy. We'll post the new version here and update the date above; significant changes will be notified in the app.

Contact

[LEGAL ENTITY NAME]privacy@getroux.io[REGISTERED ADDRESS].