Skip to main content
BiteFlow
Sign in
BiteFlow
HomeRecipe FlowRecipe BooksMessagesProfileCreate recipe
Sign inCreate account
HomeFlowBooksProfile

Privacy Policy

Last updated: 1 January 2024

Who we are

BiteFlow is a recipe discovery platform operated in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, BiteFlow is the data controller for personal data collected through this service.

To contact us about your data, email privacy@biteflow.app.

What data we collect

We collect the following categories of personal data:

  • Account data — email address, display name, and password hash when you register.
  • Content — recipes, comments, and any other content you create.
  • Usage data — pages visited, recipes viewed, and search queries (see Analytics below).
  • Technical data — IP address, browser type, and device information collected automatically.

Why we collect it and our lawful basis

PurposeLawful basis
Providing the service (login, recipes, feed)Contract
Security and fraud preventionLegitimate interests
Tier 1 analytics (page views, recipe views)Legitimate interests
Personalisation and Tier 2 analyticsConsent
Responding to legal requestsLegal obligation

Analytics

We operate a two-tier analytics system in compliance with PECR 2003:

  • Tier 1 (legitimate interests) — page views, recipe views, feed interactions, and search queries. These fire without your consent and cannot be individually disabled, but we process the minimum data necessary.
  • Tier 2 (consent required) — detailed behavioural data used to personalise your feed. These only fire after you explicitly opt in via our cookie banner. You can withdraw consent at any time in your account settings.

How long we keep your data

We keep your personal data for as long as your account is active.

When you request account deletion, we soft-delete your account immediately (hiding it from other users) and permanently erase your personal data within 30 days, except where we are required to retain it by law (e.g. for fraud prevention or tax records).

Security audit logs are retained for 12 months then deleted automatically.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict how we process your data
  • Receive a copy of your data in a portable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)

You can exercise most of these rights from your account settings. For anything else, email privacy@biteflow.app. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Cookies

We use cookies for authentication (essential) and analytics (see above). See our Cookie Policy for full details.

Changes to this policy

We may update this policy when we add new features or our legal obligations change. When we make material changes, we will notify you by email and ask you to re-accept the updated policy on your next login.