Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how Marinaid ("we," "our," or "us") collects, uses, and protects your information when you use our recipe application and related services (collectively, the "App").

Marinaid is an account-based, subscription recipe app. Your content is synced across your devices using Apple iCloud (CloudKit). We collect only the data necessary to provide core functionality and operate the service.

1. Information We Collect

1.1 Information You Provide (Required)

Account information: iCloud account identifier, and subscription status.
User content: recipes you save or import, cooking notes, ratings, tags, grocery lists, meal plans, and cooking history.
Support communications: messages or feedback you send to us.

1.2 Subscription & Payments

Subscriptions are processed by Apple’s App Store.
We do not collect or store full payment or credit-card information.

1.3 Automatically Collected Information

Device information: device type, operating system version, app version.
Usage data: feature-usage and interaction events, only when optional first-party analytics are enabled for your build (see 1.4). We do not collect crash logs, performance traces, or other diagnostic data.

Usage data is collected only to improve the App. This data is not used for advertising or cross-app tracking.

1.4 First-party analytics (optional)

When enabled in a build, the App sends first-party analytics events to our secure HTTPS API at api.marinaid.app, hosted on Amazon Web Services (AWS) in the United States. We do not embed third-party advertising or cross-app analytics SDKs for this purpose.

To authenticate the App with our API we first perform a short challenge/response exchange that sends your pseudonymous CloudKit user record name and a client-side challenge response over HTTPS, and receive a short-lived access token in return. No password, email, or Apple ID is transmitted.

Every event carries:

A random event id (UUID) and an ISO-8601 timestamp
The event type (one of the categories below)
Your account pseudonym — a stable identifier derived from your iCloud / CloudKit user record name (it is not your Apple ID email)

The full list of event types we currently send, and the additional fields each event carries:

app_opened — UTC calendar date (sent at most once per day)
recipe_imported — the recipe's source URL, a hash of the recipe id, the recipe title, the canonical recipe page URL, and the recipe image URL
recipe_cooked — recipe id hash, recipe title, page URL, image URL
recipe_meal_planned — recipe id hash, recipe title, page URL, image URL, and the UTC date the meal is planned for
recipe_share_link_created — recipe id hash, recipe title, page URL, image URL, total share count
recipe_favorited — recipe id hash, favorite on/off
recipe_rated — recipe id hash, your 1–5 rating (0 if cleared)
recipe_viewed_engaged — recipe id hash and how many milliseconds it was visible
collection_created / recipe_added_to_collection — a SHA-256 hash of the folder id
grocery_items_added_from_recipe / grocery_synced_to_reminders / grocery_sent_to_instacart — item count only (no item names)
household_membership — your role (owner / member / none) and the number of other members
subscription_changed — whether the resulting state is Pro

Several events therefore include recipe titles, source URLs, and recipe image URLs (clearly identifiable user content). They do not include the full recipe body, your free-text notes, or your grocery item names. Cooking voice transcripts and on-device OCR results never leave the device.

Aggregate recipe snapshots: we maintain a separate database of information keyed only by recipe id hash (without your account id on those snapshot records) to power community-wide metrics and enrichment. Our servers may occasionally fetch public web pages (for example, the same recipe URL used for import) to fill in missing titles or preview images for those aggregates—subject to reasonable limits and only for operational purposes, not for advertising profiles.

If analytics are not configured for your build, or the App cannot obtain a short-lived access token, events remain on your device and are not transmitted.

1.5 Feedback you submit

When you tap a Send-feedback control inside the App, the message is delivered to the same api.marinaid.app service. The exact payload depends on the form:

Import-quality feedback — recipe id, recipe title, source URL, video URL (if any), one or more issue tags (ingredients / steps / times & servings / other), a severity level, and your free-text comment (up to 2,000 characters). Each submission also includes basic device info (app version, build number, iOS version, device model) so we can reproduce parsing problems.
Import-failure reports — the URL that failed to import (HTTPS only), the error message, and an error type label.
General app feedback — your free-text comment (up to 2,000 characters) and an optional context string.

Free-text comments may include any information you choose to type. Please do not include sensitive personal data.

1.6 Information We Do Not Collect

Precise location data
Contact lists
Photos or media outside content you explicitly import
Health-profile fields you enter to personalize nutritional goals (age, sex, height, weight, activity level, goal). These are stored only in your private Apple CloudKit container and on your device. They are never sent to our servers, included in analytics events, or shared with third parties.
Cooking voice transcripts — speech recognition runs on-device and audio is not retained
OCR text from photos you scan — text extraction runs on-device

2. How We Use Your Information

Provide and operate the App
Authenticate accounts and manage subscriptions
Sync data across your devices
Improve features and performance
Compute aggregate statistics and trends (for example, product metrics) when you participate in optional analytics
Respond to support requests

We do not sell personal information or use it for targeted advertising.

3. Data Storage & Processing

Marinaid is an iCloud-based service and requires an Apple ID with iCloud enabled.

Your data is stored in your private Apple iCloud account via CloudKit and is associated with your Apple ID. A local database on your device provides offline access and is synced automatically with iCloud.

Optional analytics events and aggregate snapshot data may be stored in AWS (for example, DynamoDB) in the United States, separately from your iCloud recipe library. Raw analytics events are associated with your pseudonymous analytics subject id; aggregate snapshot rows keyed by recipe id hash are designed not to include that subject id.

Data is used solely for:

Core App functionality
Cross-device sync via iCloud
Backup and recovery
Subscription entitlement verification

Your data is private, stored in your personal iCloud container, and not visible to other users.

4. Sharing of Information

We do not share your personal information except:

When required by law
To comply with legal obligations
To protect the rights, safety, or security of users or the App

Any service providers we use are contractually bound to protect your data.

5. Third-Party Services

Marinaid integrates the following third-party services:

Apple iCloud (CloudKit) — cloud sync and storage of your recipes, grocery lists, meal plans, cooking history, and profile. Data is stored in your private iCloud container (or, for shared households, a shared CloudKit zone) and governed by Apple's Privacy Policy.
Amazon Web Services (AWS) — hosts our marketing site, static recipe-site catalog, and optional first-party analytics + feedback API infrastructure (United States). Data processed on AWS is covered by this policy and AWS's role as a processor under our configuration.
RevenueCat — subscription management and purchase verification (United States). Receives your anonymous user identifier and App Store subscription transaction data. We do not send custom user attributes. Governed by RevenueCat's Privacy Policy.
Instacart — when you tap "Send to Instacart" from a grocery list, we POST your item names, quantities, and units to Instacart's product-link API so they can build a shopping cart for you. We do not send your name, account id, or any other recipe context. Governed by Instacart's Privacy Policy.
Google Favicons API — retrieves website icons for display alongside recipe sources. Only the source website's hostname is sent; standard HTTP request data (your IP address, user agent) reaches Google. No account or recipe identifiers are sent.
Recipe source websites — when you import a recipe from a URL, the App fetches that public web page directly from its host (for example, NYT Cooking, an Instagram post, a TikTok video URL). Standard HTTP request data (your IP address, user agent) reaches that site; we do not send your account information.

We do not use third-party in-app analytics SDKs, crash-reporting SDKs, or advertising frameworks. Optional analytics are sent to our own API, not to a separate ad-tech network.

Third-party services are not permitted to use your data for advertising or their own independent purposes.

6. Social Features (Public CloudKit Database)

Marinaid includes opt-in social features that let you publish content to a public Marinaid profile so other users can discover and follow you. This content is stored in Apple's public CloudKit database (separate from your private library). Publishing is per-item and requires an explicit action; nothing is published by default.

If you choose to publish, the following may appear in the public database:

Profile: handle, optional bio, optional profile photo (downsized)
Recipes: title, ingredients, steps, source URL, video URL, up to four images, author, cuisine, category, and a compressed full-recipe payload
Folders: folder name and the list of recipe ids it contains
Meal plans: weekly plan entries
Cook logs: which recipe you cooked, when, and your rating
Follow graph: who you follow and who follows you

You can stop publishing any item, or wipe your entire public profile and social graph, from Account → Privacy → Delete my public data. See "Data Retention & Deletion" below for details.

7. Data Retention & Deletion

We retain your data only for as long as your account is active or as needed to provide the App.

You may delete your data at any time by:

Deleting content within the App
Requesting account deletion

Upon account deletion, your personal data is permanently removed from our systems within a reasonable timeframe, unless retention is required by law.

Public profile data (Social features): if you have opted in to a public Marinaid profile and shared recipes, folders, meal plans, or cooking history with followers, that content is stored in Apple's public CloudKit database. We cannot guarantee server-side deletion if you uninstall the App without first turning off your profile. To remove all of your public-profile data — including followers and following lists — tap Account → Privacy → Delete my public data in the App before uninstalling. This action wipes your public profile, every record you have published, and your social graph, while leaving your private library and household data intact.

Analytics events stored on our servers may be retained for operational and statistical purposes. If you wish to inquire about deletion of analytics data associated with your use of the App, contact us at support@marinaid.app. Aggregate statistics that do not reasonably identify you may be retained (for example, community-wide counts or recipe-hash summaries).

8. Your Rights (GDPR & CCPA)

European Economic Area (GDPR)

If you are located in the EEA, you have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data ("right to be forgotten")
Restrict or object to processing
Request data portability

California (CCPA / CPRA)

California residents have the right to:

Know what personal information is collected
Request deletion of personal information
Opt out of the sale or sharing of personal information

Marinaid does not sell or share personal information for cross-context behavioral advertising.

You may exercise your rights by contacting us.

9. Children’s Privacy

Marinaid is rated 13+ on the App Store and is not intended for children under 13 (or the higher minimum age set by your jurisdiction — for example, 16 in some EEA countries). Marinaid includes opt-in social features (public profiles, follow graphs, recipe and meal-plan publishing) that involve user-to-user discovery, which is why we set the floor at 13.

We do not knowingly collect personal information from children under that minimum age. If you believe a child has provided us with personal information, contact us at support@marinaid.app and we will delete it.

10. Security

We use industry-standard administrative, technical, and organizational safeguards to protect your data.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated within the App or through appropriate notice.

Changelog

May 14, 2026 (revised) — Strengthened §9 to state the App Store 13+ rating explicitly and tie it to the social-feature surface.
May 14, 2026 — Enumerated each first-party analytics event type and the fields it carries; added a dedicated section for in-App feedback submissions and the free-text comments they include; documented the Instacart grocery hand-off, opt-in social / public-CloudKit publishing, and recipe-source page fetches; clarified that health-profile fields (age, sex, height, weight, activity level, goal) stay in private CloudKit and are never transmitted to us; clarified that cooking voice transcripts and photo OCR run on-device.
April 10, 2026 — Initial published version.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@marinaid.app
Developer: Polpis LLC

Apple App Store Privacy Summary (Informational)

For App Store transparency purposes, Marinaid may collect:

Identifiers: pseudonymous account id derived from your iCloud user record name (linked to user; shared with RevenueCat for subscription management).
User Content: recipe titles, source URLs, and image URLs in analytics events; free-text comments in feedback submissions; grocery item names, quantities, and units when you send a list to Instacart; whatever you choose to publish via opt-in social features (linked to user).
Purchase History: subscription transactions (managed via App Store and RevenueCat).
Diagnostics: app version, build number, iOS version, device model, and event counts / dwell times in analytics (linked to user).
Usage Data: app interaction events from first-party analytics (linked to user; not used for advertising or cross-app tracking).

Health & Fitness data is not collected by the developer. The age, sex, height, weight, activity level, and goal you optionally enter to personalize nutrition targets are stored only in your private Apple CloudKit container and never reach our servers.

Data is used strictly for App functionality, analytics, and subscription management and is not used for advertising or tracking across apps or websites.