NeatDish

Legal

Privacy Policy

Last updated: March 27, 2026

Legal

This Privacy Policy describes how Pixel Reef, LLC ("Company," "we," "us," or "our") collects, uses, and shares information in connection with your use of NeatDish at neatdish.com ("the Service"). By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service immediately.

1. Information We Collect

a) Information You Provide

  • Ingredient Data: Ingredients you type, scan via barcode, or speak into the Service for recipe generation. This data is transmitted to our third-party AI provider (Straico) for processing. We do not permanently store ingredient data on our servers.
  • Dietary Preferences: Dietary filter selections (e.g., vegan, keto, gluten-free) that you choose within the Service. These selections are transmitted alongside ingredient data to customize AI recipe generation.
  • Contact Information: If you contact us via email, we collect your email address and message content.

b) Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service, referring URLs, and interaction patterns. Collected through Google Analytics and Vercel Analytics.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • IP Address: Collected for analytics, security, rate limiting, and human-verification purposes. IP addresses may be shared with Cloudflare for Turnstile verification.
  • Anonymous Session Identifier: A randomly generated session ID stored in an HTTP-only cookie (nd_sid) for rate limiting and abuse prevention. This identifier is not linked to any personal information.
  • Cookies and Local Storage: See our Cookie Policy for complete details on all cookies, local storage, and similar technologies we use.

c) Voice Input Data

If you use the voice input feature, audio is processed by your browser's built-in Web Speech API. We do not receive, store, or transmit your audio recordings. However, depending on your browser, audio may be transmitted to the browser vendor's servers (e.g., Google for Chrome, Apple for Safari) for speech-to-text conversion. Please consult your browser's privacy policy for details on how voice data is handled.

d) Barcode Scan Data

If you use the barcode scanning feature, your device's camera captures the barcode locally. The barcode number is sent to the Open Food Facts public API (world.openfoodfacts.org) to look up the product name. We do not store barcode data on our servers.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Process ingredient inputs and generate recipes via our third-party AI provider (Straico).
  • Analyze usage trends and optimize the user experience through Google Analytics and Vercel Analytics.
  • Detect and prevent abuse, fraud, automated bot activity, and security threats through rate limiting, Cloudflare Turnstile, and Vercel Bot Protection.
  • Comply with applicable legal obligations.
  • Respond to inquiries and support requests.

3. Third-Party Services

We integrate with the following third-party services, each of which may collect and process data according to its own privacy policy:

a) Straico (AI Provider)

Ingredient inputs, dietary preferences, locale, and rejected recipe names are sent to Straico's API for AI-powered recipe generation. Straico may process and temporarily store this data in accordance with its own privacy policy. We do not control Straico's data retention or processing practices.

b) Google Analytics

We use Google Analytics 4 (GA4) to collect anonymized usage data including pages visited, session duration, device type, geographic region, and traffic sources. Google Analytics uses cookies (_ga, _ga_*, _gid) as detailed in our Cookie Policy. Google may process this data on servers located in the United States. For more information, see the Google Privacy Policy and Google Analytics Terms of Service. You may opt out by installing the Google Analytics Opt-out Browser Add-on.

c) Vercel Analytics

We use Vercel Analytics for performance monitoring and page-view metrics. Vercel Analytics is designed to be privacy-friendly and generally does not use cookies. Data collected may include page views, web vitals, and referrer information. For details, see the Vercel Analytics Privacy Policy.

d) Cloudflare Turnstile

We use Cloudflare Turnstile for human verification to protect our API from automated abuse. When a challenge is required, Turnstile may collect your IP address and browser characteristics. See the Cloudflare Privacy Policy.

e) Vercel Bot Protection (BotID)

We use Vercel's bot detection service to classify requests to our recipe generation API. This service may analyze browser characteristics and request metadata to distinguish human users from automated bots.

f) Amazon Associates Program

NeatDish participates in the Amazon Services LLC Associates Program, an affiliate advertising program. When you click Amazon product links on the Service, you will be redirected to Amazon's website. Amazon may collect information about your visit and any subsequent purchases in accordance with Amazon's Privacy Notice. We receive aggregate commission data but do not receive personally identifiable purchase information from Amazon.

g) Open Food Facts

Barcode numbers are sent to the Open Food Facts public API for product identification. Open Food Facts is an open-source project; see the Open Food Facts Terms of Use for details.

4. Data Retention

  • No User Accounts: NeatDish does not require user registration or maintain user accounts.
  • Ingredient and Recipe Data: Ingredient lists and generated recipes are not permanently stored on our servers. They are stored locally on your device in browser local storage and may be cleared at any time by you.
  • Analytics Data: Google Analytics data is retained according to your GA4 property settings (default 14 months). Vercel Analytics data is retained according to Vercel's data retention policies.
  • Rate Limiting Data: Anonymous session and IP-based rate limiting data is held in server memory only and is automatically purged after 30 minutes of inactivity. This data is lost on server restart.
  • Contact Communications: If you email us, we may retain your correspondence for up to two years to support ongoing inquiries.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect the data we process, including HTTPS encryption for all data in transit, HTTP-only and secure cookie flags, Content Security Policy headers, and same-origin request validation. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your data may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have data protection laws that differ from your country of residence.

7. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us.

8. Your Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell.
  • Delete personal information we have collected from you, subject to certain exceptions.
  • Opt out of sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
  • Non-discrimination for exercising your privacy rights.
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.

European Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data ("right to be forgotten").
  • Restrict processing of your personal data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

Our legal bases for processing include: performance of the service you requested (contract), legitimate interests (analytics, security, abuse prevention), and consent (where applicable for analytics cookies).

Brazilian Residents (LGPD)

If you are a resident of Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD) including rights of access, correction, deletion, portability, and information about sharing. Contact us to exercise these rights.

Exercising Your Rights

To exercise any of the rights described above, contact us at info@pixelreef.org. We will respond to verifiable requests within the time frames required by applicable law (generally 30–45 days). We may request additional information to verify your identity before processing your request.

9. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for how websites should respond to DNT signals. At this time, the Service does not respond to DNT signals. You may opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

Pixel Reef, LLC
Email: info@pixelreef.org
State of Florida, United States