Legal
Privacy policy
Last updated: 2026-05-27.
What we collect
To run the Service we collect:
- Your email address (for the API key and billing receipts)
- Your Stripe customer ID (so we can match webhook events to the right key)
- Per-request metadata: timestamp, API key ID, endpoint hit, response status. We use this for rate limiting, quota tracking, and abuse detection. We do not retain individual request bodies.
We do not collect cookies on this marketing site. We do not run analytics scripts on this marketing site.
What we share
We use Stripe (payment processing) and Resend (transactional email). Stripe receives the data necessary to bill you; Resend receives your email address and the message we send. Neither shares it onwards.
We do not sell or rent customer information. We do not surface customer-identifying data through the API.
Recipe Kit network data
The "network contribution" inside trend scores aggregates engagement from food brands publishing through Recipe Kit. The data Recipe Pub exposes is aggregated at the topic/category level. No individual brand, no individual customer, no individual recipe URL is exposed by Recipe Pub.
GDPR / CCPA
You have the right to access, correct, export, and delete the personal data we hold about you. Email patrick@recipekit.com and we'll respond within 30 days. We act as the data controller for marketing-site and API-account data; Stripe and Resend are sub-processors.
Retention
API-key records persist until the subscription cancels, then for 90 days for billing reconciliation, then are deleted. Request logs are retained for 30 days for abuse detection, then purged.
Security
Data at rest sits on Cloudflare KV (API keys, request counters) and Cloudflare D1 (the trend data itself — no PII). Both encrypt at rest. Stripe and Resend handle their own security under their published policies.
Children's privacy
The Service is not intended for users under 18, and we do not knowingly collect data from them.
Contact
Privacy questions: patrick@recipekit.com.