1. Who is responsible
The controller responsible for processing your personal data is Artur Ferreira Cruz, Switzerland. For any privacy question or to exercise your rights, contact privacy@tevori.app.
2. What data we process
We process the following categories of data:
- Account data: name, email address, and authentication identifiers, handled by our authentication provider (Clerk).
- Household content: inventory items, shopping lists, recipes, and household membership — the data you create by using the product.
- Usage & device data: pages viewed, features used, approximate interactions, browser/device type, and similar technical signals (only if analytics are enabled — see section 5).
- Communications: household invitation emails and messages you send us for support.
- Beta and feedback data: application email, household size, selected problem, optional application note, invitation state, activation milestones, consent versions, and feedback you submit.
- Food-related data: product, recipe, expiry, allergy, and nutrition information you choose to enter. This can reveal sensitive preferences, so household members should only add information they are entitled to share.
3. Why we process it (purposes & legal bases)
- To provide the service and your account — performance of a contract.
- To import a recipe from a URL you submit — performance of a contract.
- To send household invitations you request — performance of a contract.
- To keep the service secure, prevent abuse, and improve it — legitimate interest.
- To review beta applications, send a one-time invitation, and operate the beta — steps requested before and performance of the beta agreement.
- To send optional product marketing — consent. Declining has no effect on your application.
- To understand product usage via PostHog — explicit consent only.
4. AI processing
When a recipe page does not contain usable structured recipe data, the page content and source URL may be sent through OpenRouter to extract the recipe you requested. We do not send your household inventory with that request. Always review an imported recipe before saving or cooking it.
5. Analytics
Tevori uses a PostHog Cloud US project only after you explicitly allow analytics. Autocapture and session replay are disabled. We use opaque internal user and household identifiers and a small allow-listed event catalogue. We do not send names, emails, household names, products, shopping contents, recipe URLs, barcodes, written feedback, query strings, or invitation tokens to PostHog.
You can withdraw consent at any time. Withdrawal resets the local analytics identity and prevents further event capture.
Current choice: not chosen
6. Service providers (processors)
We rely on the following categories of providers, who process data on our behalf under appropriate agreements:
- Authentication & identity (Clerk)
- Application database & backend hosting (Convex)
- Application hosting and delivery (Vercel)
- Product gateway and response cache (Cloudflare)
- Recipe import processing (OpenRouter)
- Transactional email (Resend)
- Consent-based product analytics in the United States (PostHog)
- Product reference data (Open Food Facts) — used to look up product information; this involves product barcodes/names, not your identity.
7. International transfers
Some providers may process data outside Switzerland or the EU/EEA. Where this happens, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) to protect your data. PostHog analytics are processed in its US cloud region; analytics remain optional and use only the limited event data described above.
8. Retention
- Pending, declined, and expired beta applications: up to 90 days after the final decision or beta end.
- Accepted applications, legal acceptances, account, and household content: while the account is active, then deleted or anonymised within 30 days after a verified deletion request unless a legal duty requires longer retention.
- Written beta feedback: until 180 days after the beta ends, then deleted or anonymised.
- Security and operational logs: normally up to 30 days, longer only when needed to investigate an incident.
- PostHog event data: no longer than 12 months; it remains subject to the consent choice above.
- Marketing consent records: until withdrawal plus the minimum record needed to prove that withdrawal was honored.
9. Your rights
Subject to applicable law, you have the right to access, rectify, delete, and restrict processing of your personal data, to data portability, and to object to certain processing. You may also withdraw consent at any time without affecting prior processing. To exercise any right, contact privacy@tevori.app. You also have the right to lodge a complaint with your competent data protection authority (in Switzerland, the FDPIC; in the EU, your national authority).
10. Cookies & local storage
We use strictly necessary cookies and local storage to keep you signed in and to remember preferences (for example your theme). Where analytics are enabled, additional identifiers may be set as described above.
11. Changes to this policy
We may update this policy as the product evolves or legal requirements change. Material changes will be reflected by updating the date at the top of this page.
12. Access, export, deletion, and incidents
Send a request from your account email to privacy@tevori.app. We may request proportionate identity verification. We aim to acknowledge requests promptly and complete ordinary access, export, correction, or deletion requests within 30 days, subject to applicable law.
Suspected personal-data incidents are documented, contained, assessed, and notified to affected people and authorities where the applicable law requires it.