Privacy Policy
Effective: 10 June 2026 · Last updated: 10 June 2026
LM Doorstep Ventures Limited ("we," "us," "our") operates the 15-Minute Recipes mobile application and the website at 15minuterecipes.app (together, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and what rights you have.
We are a private company limited by shares, registered in Kenya. We process personal data in accordance with the Kenya Data Protection Act, 2019, and — where applicable — the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws.
1. Information we collect
1.1 Information you provide
- Account information: your name, email address, and password (which we store as a one-way hash, never in plaintext).
- Social sign-in identifiers: if you sign in with Apple or Google, we receive your verified email address and a stable user identifier from the provider. We do not receive your social account password.
- Profile information: any optional profile data you add — display name, country, avatar emoji.
- Recipe and pantry data: ingredients you add to your pantry, recipes you save, favorite, share, or generate.
- Dietary preferences: dietary restrictions, skill level, preferred appliances, cuisine preferences, time budget.
- Waitlist email: if you join our pre-launch waitlist via the website, we store the email address you submit.
- Communications: emails you send to hello@15minuterecipes.app or other support channels.
1.2 Information we collect automatically
- Device and diagnostic data: operating system, app version, device model, language, time zone, and crash logs (collected via Firebase Crashlytics).
- Usage data: features used, screens visited, errors encountered. Used to improve the Service and diagnose problems.
- Subscription status: whether you have an active Pro subscription, the product purchased, and the renewal date. We do not receive your card or payment details — those are handled by Apple or Google.
- IP address: received for every request to our servers. Used for rate-limiting and abuse prevention, then discarded from request logs after a short retention window.
1.3 We do not collect
- Payment card numbers or bank details (Apple and Google handle all payments).
- Precise location (GPS, etc.).
- Contact list, photos library, microphone, or camera (the app never requests these permissions).
- Sensitive special-category data (race, religion, health, biometrics, etc.).
2. How we use your information
- To create and maintain your account, authenticate you, and let you sign in.
- To generate personalized recipes from the ingredients and preferences you provide.
- To send transactional emails (account verification, password reset, important service updates).
- To process and verify subscriptions via Apple App Store / Google Play / RevenueCat.
- To diagnose crashes and improve the Service.
- To detect, prevent, and respond to abuse, fraud, and security incidents.
- To comply with our legal obligations.
We do not sell your personal data. We do not use it for third-party advertising. We do not profile you for marketing.
3. Legal basis for processing (GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar legislation, we process your personal data under one or more of these legal bases:
- Contract: to provide the Service you signed up for.
- Legitimate interests: security, fraud prevention, service improvement.
- Consent: for optional features you opt into (e.g., marketing emails — currently we don't send any).
- Legal obligation: to comply with applicable laws.
4. Third-party services we use
We share personal data with the following providers only to the extent needed to run the Service. Each is bound by its own privacy policy:
- Cloudflare — hosting, DNS, CDN, and our application database. Privacy policy.
- Firebase (Google) — Crashlytics: crash diagnostics and stability monitoring. Privacy policy.
- RevenueCat — subscription management. Privacy policy.
- Apple App Store / Google Play — IAP processing, receipts, billing. Apple's and Google's privacy policies apply to those interactions.
- Apple Sign in with Apple / Google Sign-In — authentication.
- Zoho Mail — transactional email delivery (verification, password reset).
- Cloudflare Workers AI — generates recipe suggestions. Your ingredient list and dietary preferences are sent for each generation request. The model providers do not retain prompts beyond the immediate request.
5. Where your data is processed
We process data primarily in Cloudflare's global edge network. Your data may be processed in or transferred to countries outside your country of residence, including the United States, the European Union, and Kenya. Wherever processed, we apply the protections described in this policy.
6. Data retention
- Account data: retained for as long as your account is active, then deleted within 30 days of account deletion (recipes you publicly shared may be anonymized but retained so existing community links don't break — see the in-app account deletion flow for full detail).
- Crash logs: 90 days, then automatically purged by Firebase Crashlytics.
- Server logs: rotated within 7 days unless retained longer for an active security investigation.
- Waitlist emails: retained until you ask us to remove them or until 6 months after launch, whichever comes first.
7. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated data. You can do this from inside the app (Profile → Account → Delete Account) or by emailing us.
- Export your data in a portable format.
- Object to certain processing, or withdraw consent where we rely on it.
- Lodge a complaint with the Office of the Data Protection Commissioner of Kenya (odpc.go.ke) or your local supervisory authority.
To exercise any of these rights, email hello@15minuterecipes.app. We respond within 30 days.
8. Children's privacy
The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have, we will delete it. If you believe a child has provided us with personal data, please contact us.
9. Cookies on the website
Our marketing website (this site) does not use tracking cookies. We may set a small number of strictly-necessary cookies needed for the site to function (e.g., a CSRF token). We do not use third-party advertising cookies, analytics cookies, or tracking pixels.
The mobile app does not use cookies. Authentication uses tokens stored in your device's secure storage (iOS Keychain / Android EncryptedSharedPreferences).
10. Security
We use industry-standard measures to protect your data, including TLS in transit, encryption at rest where supported by our providers, hashed passwords (bcrypt), short-lived access tokens with rotating refresh tokens, and rate-limiting on auth endpoints. No system is 100% secure — if a breach occurs that affects your data, we will notify affected users within the timeframes required by applicable law.
11. Changes to this policy
We may update this Privacy Policy as the Service evolves. We'll always post the new version here with an updated "Last updated" date. For material changes that affect your rights, we'll give you advance notice via email or in the app.
12. Contact us
Questions, concerns, or requests:
LM Doorstep Ventures Limited
Email: hello@15minuterecipes.app
Address: Nairobi, Kenya