Recipe ManagerRecipe Manager

Privacy Policy

Last updated: June 23, 2025

1. Introduction

Sciometa ("we", "our", or "us") operates the Recipe Manager application ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

Sciometa
Email: support@sciometa.com

3. Information We Collect

We collect and process the following categories of personal data:

  • Account Data: Name, email address, and other contact information you provide when creating an account.
  • User Content: Recipes, documents, images, and other content you create, upload, or share through the Service.
  • Usage Data: Information about how you interact with the Service, including features used, pages visited, and actions taken.
  • Device and Technical Data: Browser type, operating system, IP address, device identifiers, and other technical information collected automatically through server logs.
  • Third-Party Authentication Data: If you sign in via Google or Apple, we receive basic profile information (name, email, profile picture) as permitted by your third-party account settings.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfill our obligations under the Terms of Service.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where such interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Where you have provided explicit consent, such as for optional communications. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws and regulations.

5. How We Use Your Information

  • To provide, operate, maintain, and improve the Service.
  • To create and manage your account and authenticate your identity.
  • To process and store your recipes, documents, and related data.
  • To facilitate sharing and collaboration features you choose to use.
  • To communicate with you about service updates, security alerts, and support.
  • To detect, prevent, and address technical issues, security threats, and fraud.
  • To comply with legal obligations and enforce our Terms of Service.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may disclose your data only in the following limited circumstances:

  • With Your Consent: When you direct us to share data (e.g., sharing recipes with team members or via public links).
  • Service Providers: With trusted third-party service providers who process data on our behalf to operate the Service (e.g., hosting, authentication, analytics). These providers are contractually bound to process data only as instructed and to maintain adequate security measures.
  • Legal Requirements: When required by law, legal process, or government request, or to protect the rights, property, or safety of Sciometa, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transfers to countries with an adequacy decision by the European Commission.
  • Other legally recognized transfer mechanisms under applicable data protection law.

8. Data Storage and Security

Your data is stored securely using industry-standard encryption and security measures. We use Supabase for data storage and authentication, which provides enterprise-grade security including encryption at rest and in transit. Documents may be additionally encrypted at rest for enhanced protection.

While we implement reasonable technical and organizational measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations (e.g., tax, accounting).
  • User Content: Retained until you delete it or your account, plus a reasonable backup retention period.
  • Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.

When data is no longer needed, it is securely deleted or anonymized.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data we hold.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17):Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Art. 18): Request restriction of processing of your data.
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority. The Finnish supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).

To exercise any of these rights, please contact us at support@sciometa.com. We will respond to your request within 30 days.

11. Cookies and Similar Technologies

We use strictly necessary cookies to maintain your authentication session and language preferences. These cookies are essential for the operation of the Service and cannot be disabled.

We do not use tracking, advertising, or analytics cookies. No third-party cookies are set by our Service.

12. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us at support@sciometa.com.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by GDPR Article 34.

14. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party services you access.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page and, when practicable, by providing notice through the Service. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acknowledgment of the changes.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your personal data, please contact us at:

Sciometa
Email: support@sciometa.com

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman or your local supervisory authority.

© 2026 Sciometa. All rights reserved.