Privacy Policy

Version 1.4 · Last updated: 3 June 2026

Stoof is a personal recipe and weekly planning app for households. We care deeply about protecting your personal data and only process what is strictly necessary for the app to function.

1. Who are we?

Stoof is offered via getstoof.eu. For questions about this privacy policy you can reach us at info@getstoof.eu.

Stoof is self-hosted on our own server (Hetzner VPS, Europe). There is no external database provider — your data stays on our own infrastructure.

2. What data do we process?

2.1 Data stored on our server

AccountEmail address (lowercase), bcrypt password hash (cost 12), display name (optional, entered by the user), creation date, household ID
HouseholdHousehold name, list of members (user IDs), creation date
RecipesTitle, cuisine, difficulty, health score, servings, tags, ingredients, preparation steps, household ID, creation date. Recipes are publicly visible by default at a unique URL (getstoof.eu/recepten/[slug]). You can unpublish a recipe at any time via the app.
IngredientsName (NL/EN), category, unit, usage frequency — shared across all households, no personal link
Week menuDate, recipe reference, number of servings, household ID
Shopping listCheck status per ingredient, own list items (free text), household ID
InvitationsInvited email address, inviting user ID, household reference, security token (32 bytes), status, expiry date (7 days), creation date

2.2 Data processed temporarily (not stored)

  • IP addresses — only used for rate limiting in memory, never stored in the database
  • Recipe text and photo content — forwarded to the Anthropic Claude API for AI processing, not stored by Stoof
  • URL import content — when using the URL import feature, recipe content from the URL you provide is temporarily sent to the Anthropic Claude API for processing. The URL itself and the website content are not stored by Stoof.
  • Invitation content — sent via iCloud SMTP, not stored beyond the invitation record

2.3 Data stored on your device

onboardingCompleted — a simple boolean (yes/no) in the app's local storage, contains no personal data.

2.4 Authentication

After logging in you receive a JWT token valid for 7 days. This token contains your user ID and email address.

  • On web: stored as an HttpOnly cookie (not accessible via JavaScript)
  • On mobile (iOS/Android): stored in AsyncStorage

3. What do we explicitly not collect?

Stoof has no advertising model, no third-party analytics and no tracking. Our app is ad-free.

  • No analytics data, tracking pixels or advertising IDs
  • No device identifiers beyond what the JWT token contains
  • No location data
  • No payment data (Stoof currently does not process payments)

4. For what purposes do we use your data?

Account creation and authenticationPerformance of contract
Storing recipes and week menuPerformance of contract
Sharing household with familyPerformance of contract (on request)
Publishing recipes publiclyPerformance of contract
AI processing of recipesPerformance of contract
Sending invitation emailPerformance of contract (on request)
Rate limiting (abuse prevention)Legitimate interest

5. Third parties

AnthropicAI processing of recipes — recipe text and/or photo only (no personal data) — US
HetznerServer hosting (VPS) — all server data (own infrastructure) — EU (Germany)
AppleTransactional email via iCloud SMTP — recipient email address — US (SCCs)

The data sent to Anthropic (recipe text and food photos) contains no personal data, so no data processing agreement is required. With Apple we have concluded the necessary Standard Contractual Clauses for the transfer of email addresses outside the European Economic Area.

6. How long do we retain your data?

Account and recipesAs long as your account is active
Invitations7 days after creation, then automatically deleted
IP addresses (rate limiting)In memory only, disappears when server restarts
JWT tokens7-day validity, then invalid

Upon deletion of your account, all data linked to you is permanently deleted. You can delete your account via the app (About Stoof → Delete account) or via info@getstoof.eu.

7. Your rights

As a data subject you have the following rights under the GDPR:

  • Right of access — you can request what data we hold about you
  • Right to rectification — you can have incorrect data corrected
  • Right to erasure — you can request all your data to be deleted
  • Right to restriction of processing
  • Right to data portability — you can request a copy of your data
  • Right to object to processing based on legitimate interest

Send your request to info@getstoof.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Belgium: gegevensbeschermingsautoriteit.be.

8. Security

  • Passwords are hashed with bcrypt (cost factor 12) — never stored in readable form
  • Communication is exclusively via HTTPS (Let's Encrypt TLS)
  • JWT tokens on web are stored as HttpOnly cookies, protected against XSS attacks
  • Daily automatic database backups with 14-day retention
  • IP-based rate limiting protects against brute-force attacks

9. Cookies

Stoof uses only one cookie, which is strictly necessary for the app to function. Under the ePrivacy Directive, strictly necessary cookies do not require consent.

Nametoken
PurposeAuthentication — stores your logged-in session so you do not have to log in on every page
TypeStrictly necessary (functional)
Validity7 days
AccessHttpOnly — not accessible via JavaScript, protected against XSS attacks
ScopeOnly sent to getstoof.eu (SameSite=Lax)

No analytical, marketing or tracking cookies are used. There are no third-party cookies.

10. Changes to this policy

If we change this privacy policy, we will update the date at the top. For significant changes you will receive a notification by email.

11. Contact

For questions or requests about your privacy: info@getstoof.eu