Privacy Policy

Effective date: 17 May 2026 App: Mise Contact: [email protected]

This Privacy Policy explains how the Mise iOS application ("Mise", "we", "us") collects, uses, and protects your information when you use the app. Please read it carefully. By using Mise you agree to this Policy.

1. Information we collect

We collect the minimum information needed to operate the app.

1.1 Account information (via Sign in with Apple)

When you sign in with Apple, Apple shares with us:

• Your Apple ID identifier (an opaque identifier that does not reveal your real Apple ID).
• Optionally — your full name and email address, only on the first sign-in and only if you do not choose to hide them via Apple's "Hide My Email" feature.

We do not collect your Apple ID password.

1.2 Content you submit

• Public URLs to short cooking videos (Instagram Reels, TikTok, YouTube) that you choose to import.
• Star ratings (1–5) that you submit for recipes you have viewed.
• Shopping-list items you add — either pulled from a recipe's ingredients or typed manually — stored under your account.

1.3 Generated content

When you import a recipe, our backend uses Google's Gemini model to analyse the video and produce a structured recipe (title, ingredients, steps) along with AI-generated step photos. The resulting recipe is stored under a deterministic ID derived from the source URL.

1.4 Device information

• A Firebase Cloud Messaging (FCM) device token, used to deliver push notifications when a recipe is ready.
• Crash diagnostics collected by Firebase Crashlytics, which may include device model, OS version, and a stack trace.

1.5 Subscription information

If you purchase a Pro or Ultra subscription, the purchase is processed by Apple (App Store) and managed through RevenueCat. We receive your subscription status (tier and expiry) and an anonymized purchase identifier — not your payment card or full Apple account details.

1.6 What we do not collect

• We do not collect your contacts, photos, location, microphone or camera data.
• We do not use third-party advertising SDKs.
• We do not collect data for behavioural advertising.

2. How we use the information

We use the information to:

• Authenticate you and let you save recipes to your personal library.
• Process the videos you submit and deliver the resulting recipes.
• Send a single push notification per imported recipe to tell you it is ready.
• Diagnose crashes and improve stability.

We do not sell, rent, or trade your personal information.

3. Third-party services

We rely on the following service providers, each of whom processes data under their own privacy terms:

Provider	Purpose	Data shared
Apple (Sign in with Apple)	Authentication	Apple identifier, optional name/email
Firebase Authentication (Google LLC)	User accounts	Apple identifier, derived UID
Firebase Firestore (Google LLC)	Storing recipes, your saved-recipe list and shopping list	Submitted URLs, recipe content, saved-recipe IDs, shopping-list items, ratings
Firebase Cloud Storage (Google LLC)	Storing AI-generated recipe images	Image files
Firebase Cloud Messaging (Google LLC)	Push notifications	FCM token, notification payload
Firebase Crashlytics (Google LLC)	Crash diagnostics	Device + crash metadata
Google Gemini API (Google LLC)	Recipe extraction and image generation	The video file you submit, recipe text
RevenueCat (RevenueCat, Inc.)	Subscription management	Anonymized purchase identifier, subscription status
Railway (Railway Corp.)	Hosting the backend	Network requests

4. Data retention

• Recipes you save: kept until you delete them or delete your account.
• Cached AI-generated recipes: kept indefinitely for performance, but can no longer be associated with you once you delete your account.
• Crash reports: per Firebase Crashlytics' standard retention (currently 90 days).
• FCM token: deleted when you log out or delete your account.

5. Your rights

Depending on where you live (GDPR, CCPA, or similar) you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data ("right to be forgotten").
• Export your data in a portable format.

You can delete your account directly from inside the app (Settings → Delete Account). This removes your Firebase Auth record, your saved-recipe list, your shopping list, and your FCM token immediately. For any other request, email [email protected] — we will respond within 30 days.

6. Children

Mise is not directed to children under 13 (or under 16 in the EU/EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

7. Security

We use HTTPS for all network communication. Firebase service-account credentials are stored as environment variables on Railway, not in source code. We rotate keys when needed. No system is perfectly secure — please report security concerns to [email protected].

8. International transfers

Our service providers (Google, Apple, Railway) may process data outside your country of residence. By using Mise you consent to such transfers, subject to applicable safeguards.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" above and, where appropriate, prompt you inside the app. Continued use after a change constitutes acceptance.

10. Contact

Questions, requests, or complaints: [email protected].