Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how Pipiro (“Pipiro”, “the app”, “we”, “us”) collects, uses, and protects your personal data when you use the Pipiro mobile application and related services.

We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Lithuanian law.

1. Who is responsible for your data (Data Controller)

Pipiro is operated by an individual sole developer:

If you have any questions about this policy or how your data is handled, please get in touch via our contact form.

2. What data we collect

We only collect data that we need to provide the app’s features.

2.1 Account data

2.2 Content you create

2.3 Recipe import data

When you import a recipe from a social or web link, we process:

The fetched content is sent to our AI provider solely to extract structured recipe information (see Section 4).

2.4 Technical data

2.5 One-time codes

When you sign in by email, we store a hashed (irreversible) version of your one-time code temporarily (it expires within 10 minutes) to verify your login.

2.6 Usage analytics

To understand how the app is used - which features are used and which are not - and to guide improvements, we collect aggregated, privacy-preserving usage statistics: counts of actions such as recipes created, imported, or cooked, and whether key features are used. We also count new sign-ups, and to measure retention we record once per day that your account was active.

This analytics is first-party: it is generated by our own backend from the actions you take in the app and stored only in our own infrastructure (see Section 5). We do not use Google Analytics or any third-party analytics SDK, we do not use advertising or cross-app tracking identifiers, and we never include the content of your recipes, collections, or notes in these statistics - only counts and whether a feature was used. Because the statistics are aggregated and contain no tracking identifiers, they do not require a consent banner; we rely on our legitimate interest in operating and improving the app (Art. 6(1)(f)). The account activity used for retention is deleted when you delete your account.

When you import a recipe from a web link and the import fails, we temporarily store the link (URL) you tried to import together with the reason it failed, so we can reproduce the problem and fix our importer (different sites present recipes differently). These records are not linked to your account, are accessible only to us, are never used for advertising or shared with third parties, and are automatically deleted within 30 days. We rely on our legitimate interest in keeping the import feature working (Art. 6(1)(f)).

Basic error and diagnostic logs generated by our backend are covered under technical data (Section 2.4). We do not use third-party advertising SDKs, and we do not sell your personal data.

3. Device permissions

The app may ask for the following permissions. You can decline or revoke them in your device settings; some features will not work without them.

PurposeData usedLegal basis (GDPR)
Create and secure your account, sign you inEmail, auth identifiers, one-time codesPerformance of a contract (Art. 6(1)(b))
Store and sync your recipes and contentContent you createPerformance of a contract (Art. 6(1)(b))
Send sign-in / transactional emailsEmailPerformance of a contract (Art. 6(1)(b))
Import recipes from links you provideURL, page content, AI extractionPerformance of a contract (Art. 6(1)(b))
Understand usage and improve the appAggregated usage statistics; account active-day for retentionLegitimate interests (Art. 6(1)(f))
Keep the service secure and prevent abuseTechnical dataLegitimate interests (Art. 6(1)(f))
Comply with legal obligationsAs requiredLegal obligation (Art. 6(1)(c))

5. Service providers (sub-processors)

We use trusted third-party providers to run Pipiro. They process data only on our behalf and under appropriate data-protection terms:

Some providers may process data outside the European Economic Area. Where this happens, transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

6. How long we keep your data

7. How we protect your data

No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.

8. Your rights

Under the GDPR you have the right to:

You can delete your account and all associated data directly in the app at any time. To exercise any other right, get in touch via our contact form.

You also have the right to lodge a complaint with your data protection authority. In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, https://vdai.lrv.lt).

9. Children

Pipiro is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the app. Your continued use of Pipiro after changes take effect means you accept the updated policy.

11. Contact

Questions or requests regarding your privacy: get in touch via our contact form.