Privacy Policy
Last updated: 2 July 2026
This policy explains what personal data Roux collects, why, how long we keep it, and the rights you have. Roux is a private, searchable recipe app for iOS and Android.
Who we are
Roux is operated by [LEGAL ENTITY NAME] ("Roux", "we", "us"), [REGISTERED ADDRESS]. We are the data controller for the personal data described here.
- Privacy enquiries and data-rights requests: privacy@getroux.io
- General support: support@getroux.io
Where your data is stored
We host in the European Union / UK (Ireland/UK region). Your account and recipe data stay in that region. Where a supplier processes data outside the EU/UK, we rely on a valid transfer mechanism (see "Sharing and sub-processors").
What we collect and why
We minimise what we collect. The table below is our record of processing.
| Data | Why we process it | Lawful basis | Retention |
|---|---|---|---|
| Email address | Account creation and passwordless (magic-link / one-time code) sign-in | Contract | Life of your account; deleted within 30 days of erasure |
| Name (from Apple/Google sign-in) | Display name on your account | Contract | Life of your account |
| Authentication identifiers (OAuth subject, passkey) | Signing you in securely | Contract | Life of your account |
| Account ID | Keying your data internally | Contract | Life of your account |
| IP address | Security, abuse prevention, and diagnostics in logs | Legitimate interest | 30–90 days |
| Push notification token | Sending "your recipe is ready" and timer alerts | Contract / Consent | Until it becomes invalid or you sign out |
| Household membership | Sharing recipes with people you invite | Contract | Life of the account/household |
| Profile settings (language, units, theme) | Personalising the app | Contract | Life of your account |
| Saved recipes, notes, and source URLs | The core service — your library | Contract | Life of your account |
| Photos you upload or share for parsing | Extracting a recipe from an image (OCR) | Contract | Life of the recipe; location/EXIF metadata is stripped |
| Diet and allergen tags | Filtering and warnings you ask for | Contract (Consent if ever profiled) | Life of your account |
| Cook sessions, pantry, grocery lists | App features you use | Contract | Life of the account/household |
| Usage analytics | Understanding and improving the product | Consent (in the EU/UK) | Up to 14 months |
| Security and audit logs | Protecting the service | Legitimate interest | 30–90 days |
We do not sell your personal data, and we do not use your recipes or content to advertise to you.
Special-category data
Diet and allergen information can imply health (e.g. medical diets) or religion (e.g. halal/kosher), which are "special categories" under the GDPR. We only store what you or the recipe source provide; we do not infer or assert anything about your health or beliefs, we do not use this data for profiling or targeting, and we keep it within your own household use. If we ever needed to process it beyond that, we would ask for your explicit consent first.
AI features and your content
Roux uses AI to parse recipes from links, text, photos, and videos, to scale recipes, and to power search. To do this, the relevant content is sent to our AI processors for the moment it takes to process it. Two things you should know:
- Transparency: content that Roux parses or generates is AI-produced and may contain mistakes. Always review it — especially quantities, steps, and any allergen or dietary information.
- Minimisation and retention: we send only what's needed to process your request, and our AI processors operate under zero-retention terms — they do not store your content after processing and do not use it to train their models.
Because parsing takes content from web pages you choose to save, it can occasionally include other people's personal data (for example, a name in a caption). We extract the recipe and discard surrounding personal data we don't need.
Sharing and sub-processors
We share data only with suppliers who help us run Roux, under contract and, where relevant, EU/UK data transfer safeguards (Standard Contractual Clauses / UK IDTA / EU–US Data Privacy Framework):
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, file storage | EU/UK |
| OpenAI (or equivalent) | Recipe parsing, transcription, OCR, embeddings | Zero-retention; EU/DPA-covered |
| RevenueCat | Subscription purchase validation and management | US (transfer safeguards) |
| Expo / Apple (APNs) / Google (FCM) | Push notification delivery | US (transfer safeguards) |
| Sentry | Error diagnostics (scrubbed of content, PII, and tokens) | EU/US (transfer safeguards) |
| PostHog | Product analytics (consent-based) | EU |
| Apple / Google | App distribution and in-app payments | Global |
Household sharing means people you invite to a household can see recipes and lists shared in it.
Your rights
You can, at any time:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and data — from Settings → Delete account & data in the app, or at getroux.io/delete-account. Deletion cascades to derived data (search embeddings, cached images, scaled copies) and completes within 30 days.
- Export your recipes and lists in a portable format.
- Object to or restrict certain processing, and withdraw consent (e.g. analytics) where we rely on it.
To exercise these, use the in-app controls or email privacy@getroux.io. You also have the right to complain to your data protection authority — in the UK, the ICO; in the EU, your local supervisory authority.
Security
We encrypt data in transit and at rest, store authentication tokens in the device's secure keychain, scope every user's data with database row-level security, and strip location metadata from uploaded images.
Children
Roux is not directed at children and is not intended for anyone under [16 / 13 — confirm age with counsel]. We do not knowingly collect data from children.
Changes to this policy
We may update this policy. We'll post the new version here and update the date above; significant changes will be notified in the app.
Contact
[LEGAL ENTITY NAME] — privacy@getroux.io — [REGISTERED ADDRESS].