Privacy Policy for DishWish
Last Updated: February 10, 2026
1. Data Controller
DishWish is developed and operated by Nikita Fomichev.
Contact: dishwishai@gmail.com
2. Information We Collect
2.1 Account Information
- Email address — provided during registration, used for authentication and account recovery
- Display name — optionally provided, stored locally and in our cloud service
- Profile photo — optionally uploaded, stored in Firebase Storage
2.2 Recipe Data
- Recipes you generate and save — including title, ingredients, instructions, prep/cook times, and serving size
- Recipe images — sourced from Pexels or uploaded by you
- Photos for ingredient identification — when you use the Snap feature, your photo is sent to OpenAI's Vision API for analysis. The photo is processed in real-time and is not stored by DishWish beyond the API request.
2.3 Usage Data
- Daily API usage count — tracked locally to enforce fair-use limits
- Ad interaction data — managed by Google AdMob (see Section 5)
2.4 Information We Do NOT Collect
- Location data
- Contacts or address book
- Health or fitness data
- Financial or payment information (purchases are handled by Apple)
- Device sensor data
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
- Contract performance (Art. 6(1)(b)) — to provide the DishWish service, including account management, recipe generation, and cloud sync
- Legitimate interest (Art. 6(1)(f)) — to display advertisements and maintain service quality
- Consent (Art. 6(1)(a)) — for personalized advertising (EU/EEA users), obtained via Google's User Messaging Platform (UMP) consent framework
4. How We Use Your Information
- Authenticate your account and manage your profile
- Generate recipes based on the ingredients and preferences you provide
- Sync your saved recipes across devices via cloud storage
- Display advertisements (unless you have purchased ad removal)
- Enforce fair-use API limits
- Improve and maintain our service
5. Third-Party Services
We share limited data with the following service providers:
| Service | Data Shared | Purpose |
|---|
| Firebase (Google) | Email, recipes, profile photo | Authentication, cloud database, file storage |
| Google AdMob | Device identifiers, ad interactions | Advertising |
| OpenAI (Chat API) | Recipe input text (ingredients, preferences) | AI-powered recipe generation |
| OpenAI (Vision API) | Photos of food/ingredients | AI-powered ingredient identification from photos |
| Pexels | Search terms (dish names) | Recipe images |
Important: No personal account information (email, name) is sent to OpenAI or Pexels. Only recipe-related content (ingredients, dish names) and food photos are shared with these services. Photos sent to OpenAI Vision API are processed in real-time and not stored.
Each third-party service operates under its own privacy policy and data processing terms.
6. International Data Transfers
Your data may be transferred to and processed in the United States, where our third-party service providers (Google, OpenAI, Pexels) maintain servers. These transfers are protected by:
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- Each provider's compliance frameworks and certifications
- Technical security measures (encryption in transit and at rest)
7. Data Retention
- Account data — retained until you delete your account
- Recipes — retained until individually deleted or upon account deletion
- Usage data — reset daily, not retained long-term
- Ad consent preferences — retained until you change them or delete your account
- Profile photo — retained until you remove it or delete your account
Upon account deletion, all associated data is permanently removed from our systems.
8. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights:
- Right of Access (Art. 15) — download all your data via Profile > Download My Data
- Right to Rectification (Art. 16) — edit your profile via Profile > Edit Profile
- Right to Erasure (Art. 17) — delete your account and all data via Profile > Delete Account
- Right to Data Portability (Art. 20) — export your data as a JSON file via Profile > Download My Data
- Right to Object (Art. 21) — object to processing based on legitimate interest by contacting us
- Right to Withdraw Consent (Art. 7(3)) — change your ad consent via Profile > Privacy Settings > Manage Ad Preferences
To exercise any right not available through the app, contact us at dishwishai@gmail.com. We will respond within 30 days.
9. Children's Privacy
DishWish does not knowingly collect personal information from children under 16 years of age. If we learn that we have collected data from a child under 16 without verifiable parental consent, we will delete that information promptly.
If you believe a child under 16 has provided us with personal data, please contact us at dishwishai@gmail.com.
10. Security Measures
We implement industry-standard security measures to protect your data:
- All data is transmitted over HTTPS/TLS encryption
- Firebase Authentication with secure token management
- API keys stored securely and never exposed to end users
- Firestore security rules restrict access — users can only read and write their own data
- Cloud data encrypted at rest by Google Cloud
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will notify you through an in-app notice. Continued use of DishWish after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, data requests, or to exercise your rights:
Email: dishwishai@gmail.com
13. Supervisory Authority
If you are in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA).
A list of EU DPAs can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en