Privacy Policy
Effective Date: February 7, 2026 | Last Updated: June 28, 2026
Introduction
Bhansa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
Please read this privacy policy carefully. By using the app, you agree to the collection and use of information in accordance with this policy.
Information We Collect
1. Account Information
When you create an account, we collect:
- Email address (required for account identification)
- Name (when provided by your authentication provider)
- Profile picture (when provided by your authentication provider)
- Authentication provider ID (Google or Apple)
2. User Preferences
To personalize your experience, we collect:
- Dietary restrictions and allergies
- Cuisine preferences
- Flavor and taste preferences
- Cooking skill level and time preferences
- Household size
3. User-Generated Content
We store content you create:
- Pantry inventory (ingredients, quantities, expiration dates)
- Saved recipes and meal plans
- Shopping lists
- Recipe ratings and feedback
- Recipe modifications and notes. Edits you make to a saved recipe sync to your account so they are available across your devices and survive reinstalling the app.
When you join a shared household, the content shared into that household (such as a shared shopping list, pantry, ingredients-to-avoid list, and any expense entries) is visible to the other members of that household. Anyone in the household can view and change shared items.
4. Voice and AI Assistant Data
When you use Mira, our in-app assistant, or any voice feature (such as voice meal logging or adding ingredients by voice):
- Voice input may be transcribed in one of two ways depending on your device and the feature: on-device by your operating system's speech recognition, or by a cloud speech-to-text service. When cloud transcription is used, a short audio recording of your request is transmitted over an encrypted connection, transcribed, and then discarded. We do not retain your audio recordings or use them to train AI models.
- Text queries (typed, or transcribed from your voice) are sent to our server and forwarded to our AI processing providers (currently OpenAI and Google) for processing. Queries are not permanently stored; they are held in temporary server memory for the duration of your session and are cleared when you start a new recipe or the server restarts.
- Recipe and request context (such as the current recipe, step number, ingredients, or the meal you described) is shared with our AI providers alongside your query to provide relevant answers.
- We do not use Mira conversations or voice transcriptions to train AI models or for any purpose beyond providing you with an immediate response.
5. Usage Data
We automatically collect:
- Recipe searches and interactions
- Feature usage patterns
- Time of day and day of week usage patterns
- App performance metrics
6. Location Information
We collect coarse location only:
- Country and region (for seasonal recipe recommendations)
- Timezone (for meal timing suggestions)
We do NOT collect:
- Precise GPS coordinates
- City or street address
- IP address storage
7. Device Information
We collect limited device data:
- Device type (iOS/Android)
- Operating system version
- App version
- Anonymized device identifier (hashed)
8. Camera and Photos
- Camera and photos: Used for barcode scanning, receipt scanning, photographing your ingredients or pantry (to recognize what you have and suggest meals), photographing a dish or nutrition label (for nutrition information and a health grade), and capturing a screenshot of a social-media post you choose to import.
- How images are handled: For features that analyze a photo, the image is sent over an encrypted connection to a third-party AI vision service (OpenAI) to read its contents, and is then discarded. Images are not stored on our servers and are not used to train AI models.
9. Microphone
- The microphone is used only for voice features, such as talking to Mira, voice meal logging, and adding ingredients by voice. See "Voice and AI Assistant Data" above for how voice input is transcribed and handled.
10. Imported Recipe Content
When you import a recipe from a website or a social-media post (for example, Instagram, TikTok, Facebook, or Pinterest):
- We send the link you provide (or a screenshot you capture) to third-party content-extraction providers and to our AI processing providers (OpenAI and Google) so the recipe text can be read and structured.
- We keep the source link or attribution so the imported recipe can be credited back to its original source.
- A recipe you import is saved to your device. If you save it to your favorites, it syncs to your account like your other saved recipes so it is available across your devices.
11. Feature Requests
- If you submit a feature request or vote on one, the request title and description you write are stored and are publicly visible to other Bhansa users.
- Please do not include personal, sensitive, or health information in a feature request. If you delete your account, your request is anonymized (your identity is removed) but the request text may remain visible to others.
12. Push Notification Tokens
- If you enable notifications, we collect your device's push notification token to deliver alerts such as shared-household updates and cooking or expiry reminders. You can turn notifications off at any time in your device settings.
Subscription and Payment Information
We use RevenueCat to manage subscriptions and Apple/Google to process payments.
- We do not collect or store your credit card number, billing address, or other payment details.
- Payment processing is handled entirely by Apple (App Store) or Google (Google Play).
- We receive only: subscription status, product identifier, expiration date, and a RevenueCat customer identifier.
How We Use Your Information
We use the information we collect to:
1. Provide Core Services
- Generate personalized recipe recommendations
- Create meal plans based on your preferences
- Manage your pantry and shopping lists
- Provide real-time cooking assistance via Mira
2. Personalization
- Learn your taste preferences over time
- Suggest recipes matching your dietary needs
- Recommend seasonal and regional dishes
3. Service Improvement
- Analyze usage patterns to improve features
- Fix bugs and optimize performance
- Develop new features
4. Communication
- Send service-related notifications
- Respond to support requests
- Provide account-related updates
Third-Party Services
We use the following third-party services:
OpenAI
- Purpose: Recipe generation, meal planning, nutrition estimation, and cooking assistance (Mira)
- Data Shared: Your ingredients, dietary preferences, allergy information, meal requirements, and cooking queries
- Data NOT Shared: Your email, name, account ID, or any personally identifiable information
- Nutrition and Health Data: Nutritional values (calories, protein, carbohydrates, fat, fiber, sugar, sodium, and selected micronutrients) and health grades (A-E) displayed in the app are produced either from a public nutrition database (USDA FoodData Central) or as AI-generated estimates by OpenAI. Values derived from a photo of a dish or label are visual estimates and may not match the actual food. These values should not be relied upon for medical or dietary decisions. Health grades are calculated using an algorithm based on the publicly available Nutri-Score system developed by Sante Publique France.
- Allergy and Dietary Information: When you provide allergy or dietary restriction information, it is sent to OpenAI to filter recipe recommendations. However, AI-generated allergy filtering is not guaranteed to be complete or accurate. Always independently verify ingredient lists for allergens before preparing or consuming any recipe.
- Retention: OpenAI processes data according to their Privacy Policy. We use the API with data not used for training.
- Privacy: OpenAI Privacy Policy
Google (Gemini)
- Purpose: Recipe generation and structuring, meal planning, reading recipe content you choose to import, and other AI-assisted features
- Data Shared: Your ingredients, dietary preferences, allergy information, meal requirements, the recipe content you import, and related queries
- Data NOT Shared: Your email, name, account ID, or any personally identifiable information
- Training: We use Google's paid Gemini API tier. Under that tier, Google does not use your prompts or responses to train or improve its models, and they are not reviewed by humans.
- Privacy: Google Privacy Policy
Content-Extraction Providers
- Purpose: Reading the caption, text, and images from a recipe website or social-media post you choose to import
- Data Shared: The link or screenshot you provide for the import. We do not share your email, name, or account ID.
- Note: We use third-party content-extraction providers for this feature. We may change providers over time without updating this policy, but the categories of data shared will remain as described above.
Nutrition Data (USDA FoodData Central)
- Purpose: Computing nutritional values for ingredients and recipes from a public, government-maintained nutrition database
- Data Shared: None. USDA FoodData Central is a reference dataset; we do not send your personal information to it.
RevenueCat
- Purpose: Subscription management and purchase validation
- Data Shared: Anonymous user identifier, purchase receipts
- Privacy: RevenueCat Privacy Policy
Sentry
- Purpose: Error tracking and crash reporting
- Data Shared: Anonymous error logs, device type, app version
- Privacy: No personally identifiable information is shared
Authentication Providers
- Google Sign-In: We receive your email, name, and profile picture
- Apple Sign-In: We receive your email and name (if you choose to share)
International Data Transfers
Bhansa is operated from, and its servers are located in, the United States. In addition, some of the service providers we use to process your data — including our AI processing providers (OpenAI and Google) and our other subprocessors — process data in the United States and potentially other countries. This means that when you use the App, information described in this policy is transferred to, stored in, and processed in the United States and may be subject to the laws of those jurisdictions.
Where we transfer the personal data of users located in the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an "adequacy" decision, we rely on appropriate safeguards to protect that data, including:
- The EU-US Data Privacy Framework (and the UK Extension and Swiss-US framework), where the receiving provider is certified; and/or
- Standard Contractual Clauses approved by the European Commission (and the UK International Data Transfer Addendum), entered into with our service providers.
We also apply supplementary measures, including encrypting data in transit, minimizing the data sent (we do not send your email, name, or account identifiers to our AI providers), and contracting with providers on terms that prohibit using your data to train their models. You may request more information about these safeguards, or a copy of the relevant clauses, by contacting us at privacy@bhansa.app.
Subprocessors
We share data with the following categories of service providers (subprocessors) to operate the App:
- OpenAI — AI recipe generation, meal planning, nutrition estimation, image recognition, and cooking assistance (United States)
- Google (Gemini) — AI recipe generation and structuring, meal planning, and import content extraction (United States)
- Content-extraction providers — reading recipe content you choose to import
- RevenueCat — subscription management (United States)
- Sentry — error and crash reporting (United States)
- Cloud hosting and database providers — hosting our servers and databases (United States)
Data Storage and Security
Storage
- Your data is stored in secure PostgreSQL databases
- We use Redis caching for performance optimization
- Data is stored on secured servers
Security Measures
- All data transmission uses HTTPS encryption
- Authentication uses industry-standard OAuth 2.0
- Device identifiers are hashed before storage
- Sensitive information is redacted from logs
- Regular security audits and updates
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| User preferences | Until account deletion |
| Saved content (recipes, meal plans, recipe edits) | Until you delete them or account deletion |
| Imported recipes | On your device; synced copies until you delete them or account deletion |
| Shared household content | Until removed or the household is deleted |
| Feature requests and votes | Retained; author anonymized on account deletion |
| Push notification tokens | Until you disable notifications or account deletion |
| Voice recordings | Not retained (discarded after transcription) |
| Photos (scans and imports) | Not retained (discarded after processing) |
| Mira conversations | Session only (not permanently stored) |
| Subscription records | Until account deletion |
| Usage analytics | 1 year |
| Search history | 90 days |
| Anonymous analytics | 30 days |
Your Privacy Rights
For All Users
You have the right to:
- Access your personal data
- Export your data in a portable format
- Delete your account and all associated data
- Update your preferences and consent settings
- Opt-out of analytics and personalization
GDPR Rights (EU Users)
Under GDPR, you have additional rights:
- Right to rectification
- Right to restrict processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority
CCPA Rights (California Users)
Under CCPA, you have the right to:
- Know what personal information is collected
- Know whether your data is sold or disclosed
- Opt-out of the sale of personal information
- Access your personal information
- Request deletion of your data
- Non-discrimination for exercising your rights
We do not sell your personal information.
Managing Your Privacy
In the App
- Go to Settings > Privacy to manage your preferences
- Export your data at any time
- Delete your account and all data
Consent Settings
You can control:
- Analytics: Usage data collection
- Personalization: Taste learning and recommendations
- Marketing: Promotional communications (off by default)
Children's Privacy
Our app is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the app
- Updating the "Last Updated" date
- Sending a notification for significant changes
Contact Us
If you have questions about this Privacy Policy or your data:
- Email: privacy@bhansa.app
- In-App: Settings > Help > Privacy Inquiry
Data Protection Officer
For GDPR-related inquiries:
- Email: dpo@bhansa.app
This privacy policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.