Privacy Policy
Effective date: March 26, 2026 · Last updated: March 26, 2026
Taste The Lens ("we," "our," or "us") is operated by Eight Gates LLC, a Texas limited liability company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website at tastethelens.com (collectively, the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.
1. Data Controller
The data controller responsible for your personal information is:
Eight Gates LLC
Email: tastethelens@outlook.com
For EU/EEA inquiries, you may contact us at the same address. We will respond within the timeframes required by applicable law.
2. Information We Collect
2.1 Information You Provide
- Account information: Email address and full name when you join our waitlist or create an account (via Apple Sign-In or email/password).
- Photos: Images you capture for recipe generation. Photos are transmitted to our backend services for processing. If you are signed in, your inspiration photos and generated dish images are stored in your account on our servers.
- Preferences: Dietary restrictions, cooking skill level, and chef personality selection — used to personalize recipe generation and synced to your account when signed in.
- Payment information: All purchases are processed securely through Apple's In-App Purchase system. We receive a cryptographically signed transaction receipt from Apple solely to validate and grant your purchased credits. We do not collect, process, or store credit card numbers, bank account details, or other financial information.
- Communications: Any correspondence you send to us (support requests, feedback).
2.2 Information Collected Automatically
- Usage data: Features used, number of recipes generated, app interactions, and recipe generation events (including provider used and cost metrics). This data is linked to your account when you are signed in.
- Device information: Device model, operating system version, app version, language settings, and time zone.
- Push notification identifiers: Your device's APNs token and Firebase Cloud Messaging (FCM) token, used solely to deliver push notifications. Linked to your account when signed in.
- Identifiers: We do not use Apple's IDFA or perform cross-app tracking.
2.3 Information We Do NOT Collect
- Biometric data: We do not extract, analyze, or store biometric identifiers (facial geometry, fingerprints, retina scans) from your photos. Our AI analyzes visual elements such as color, texture, composition, and subject matter — not biometric characteristics.
- Precise location: We do not collect GPS coordinates or precise geolocation data.
- Contacts, calendars, or health data: We do not access these device features.
3. Legal Basis for Processing (GDPR)
If you are located in the EU/EEA/UK, we process your data under the following legal bases:
| Data Type | Legal Basis |
|---|---|
| Photos (recipe generation) | Consent — you actively choose to capture/upload each photo |
| Email (waitlist/account) | Consent — explicit opt-in at sign-up |
| Purchase data | Contract performance — necessary to fulfill your subscription |
| Usage & device data | Legitimate interest — improving and securing the Service |
| Preferences (dietary, skill level, chef) | Consent — you actively set these in the app |
You may withdraw consent at any time by discontinuing use of the feature or contacting us. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
4. How We Use Your Information
- Recipe generation: Process your photos through AI services to generate recipes and food photography.
- Service delivery: Manage your account, process purchases, and deliver credits.
- Service improvement: Analyze usage data (recipe generation events, provider performance, cost metrics) to improve features and performance. When you are signed in, this data is associated with your account.
- Communications: Send service-related notices (account confirmations, security alerts, policy changes). We do not send marketing emails without your explicit consent.
- Safety & security: Detect and prevent fraud, abuse, and security incidents.
5. AI Processing & Photo Data
When you generate a recipe, your photo is transmitted to third-party AI services for processing. Here is exactly what happens:
5.1 How Photos Are Processed
- Your photo is sent over an encrypted connection (TLS 1.2+) to our backend (Supabase), which securely proxies it to Google's Gemini API. Gemini analyzes visual elements (color, texture, composition, mood, subject matter) and generates a recipe in structured format. Your photo is never sent directly from the app to Google.
- A text description of the generated dish is sent from our backend to an image generation service (defaulting to Google Imagen 4; Fal.ai Flux Pro is available as an alternative) to create a food photograph. No photo is sent to the image generation step — only a text prompt.
- All AI services process data in real time and return results through our backend to your device.
5.2 Photo Retention
- If you are using the app as a guest (not signed in), photos are processed in real time and not stored on our servers beyond the generation session.
- If you are signed in, your inspiration photos and generated dish images are stored in your account on our servers (Supabase Storage) so your recipe collection is available across devices.
- Third-party AI providers (Google, Fal.ai) may retain data temporarily for abuse monitoring per their own policies (see Section 6).
- Generated recipes and food images are also cached locally on your device using Apple's SwiftData framework for offline access.
5.3 AI Training
- We do not use your photos to train AI models.
- When using the Gemini API with a paid API key, Google states that API data is not used to train their models. Fal.ai processes images on-demand without using them for model training. We encourage you to review their current policies for the latest information.
5.4 AI-Generated Content Disclosure
All food photography images displayed alongside recipes are AI-generated — they are not photographs of real dishes. Recipe text is also AI-generated and has not been reviewed by human chefs or nutritionists.
6. Third-Party Services
We use the following third-party services to operate the Service. Each operates under its own privacy policy:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend, authentication, data storage, and edge functions | Email, full name, recipes, photos (if signed in), dietary preferences, device tokens, analytics events, purchase receipts — linked to your account |
| Google Gemini API | Image analysis & recipe generation (via Supabase, server-to-server) | Photos (proxied via our backend, not sent directly from device) |
| Google Imagen 4 | Food image generation — default provider (via Supabase, server-to-server) | Text prompts only (no photos) |
| Fal.ai (Flux Pro / Schnell) | Alternative food image generation (via Supabase, server-to-server) | Text prompts only (no photos) |
| Firebase (Google) | Push notifications (FCM) | Device APNs token; FCM token linked to your account when signed in |
| Apple In-App Purchase | Payment processing | Managed entirely by Apple; we receive a signed receipt only |
| Google Fonts | Website typography (landing page only) | IP address (per Google's policy) |
We encourage you to review the privacy policies of these services. We select providers that maintain appropriate security and data handling practices.
7. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We do not share data for cross-context behavioral advertising. We may disclose data only in the following limited circumstances:
- AI service providers: As described in Section 5, solely for recipe generation.
- Legal obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
- Safety & rights protection: To protect the rights, property, or safety of Eight Gates LLC, our users, or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets. We will notify you before your data is transferred to a new entity and becomes subject to a different privacy policy.
8. International Data Transfers
Your data may be transferred to and processed in the United States, where our servers and third-party service providers are located. If you are located in the EU/EEA/UK:
- Transfers are conducted pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.
- By using the Service, you acknowledge that your data will be processed in the United States, which may not offer the same level of data protection as your home country.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Photos submitted for processing (guest users) | Not stored — processed in real time and discarded |
| Photos submitted for processing (signed-in users) | Stored in your account on our servers; deleted when you delete the recipe or your account |
| Generated recipes & food images | Cached locally on your device until you delete them; also stored in your account on our servers when signed in |
| Account data (email) | Retained while your account is active; deleted within 30 days of account deletion request |
| Waitlist emails | Retained until you unsubscribe or we complete the waitlist program |
| Usage & analytics data | Retained in anonymized/aggregated form for up to 24 months |
| Purchase records | Retained as required for tax and legal compliance (typically 7 years) |
| Support communications | Retained for up to 24 months after resolution |
10. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit: All data transmitted between your device and our services uses TLS 1.2 or higher.
- On-device caching: Recipes and images are cached locally on your device for fast, offline access. Signed-in users also have their data synced to our secure backend so it's available across devices.
- Secure API key management: API credentials are stored securely and never exposed in client-side code.
- Access controls: Access to backend systems is restricted to authorized personnel on a need-to-know basis.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to tastethelens@outlook.com.
11. Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify affected users without unreasonable delay and in accordance with applicable state and federal laws.
- Notify applicable regulatory authorities as required (e.g., within 72 hours for GDPR-covered individuals).
- Provide information about the nature of the breach, the data involved, and steps you can take to protect yourself.
12. Your Rights
12.1 All Users
Regardless of your location, you may:
- Request access to the personal data we hold about you.
- Request deletion of your account and associated data.
- Unsubscribe from waitlist or marketing communications at any time.
- Export your locally stored recipe data from within the app.
12.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
- Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (if any) for purposes permitted under CPRA.
- Right to Non-Discrimination: We will not penalize you for exercising your privacy rights.
To exercise these rights, contact tastethelens@outlook.com. We will verify your identity and respond within 45 days.
12.3 EU/EEA/UK Residents (GDPR)
If you are located in the EU/EEA/UK, you have the following rights:
- Right of Access (Art. 15) — obtain a copy of your personal data.
- Right to Rectification (Art. 16) — correct inaccurate data.
- Right to Erasure (Art. 17) — request deletion ("right to be forgotten").
- Right to Restriction of Processing (Art. 18) — limit how we process your data.
- Right to Data Portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to Object (Art. 21) — object to processing based on legitimate interest.
- Right Regarding Automated Decision-Making (Art. 22) — our AI processing generates creative content (recipes) and does not produce decisions with legal or similarly significant effects on you. You may contact us with questions about how AI processes your photos.
To exercise these rights, contact tastethelens@outlook.com. You also have the right to lodge a complaint with your local data protection supervisory authority.
13. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete that data and terminate the associated account.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at tastethelens@outlook.com.
Users between 13 and 18 must have parental or guardian consent to use the Service.
14. Cookies & Tracking Technologies
Our landing page website (tastethelens.com) uses the following:
- Essential functionality: The website uses minimal JavaScript for animations and waitlist form submission. No cookies are set by our code.
- Third-party resources: We load fonts from Google Fonts, which may record your IP address per Google's privacy policy.
- No analytics cookies: We do not currently use Google Analytics, Facebook Pixel, or similar tracking technologies on the landing page.
If we add analytics or tracking technologies in the future, we will update this policy and implement appropriate consent mechanisms for EU/EEA visitors.
Our iOS app does not use cookies. It does not perform cross-app tracking and does not use Apple's IDFA (Identifier for Advertisers).
15. "Do Not Track" Signals
We honor Do Not Track (DNT) browser signals. Since we do not engage in cross-site tracking, our practices remain the same regardless of your DNT setting.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify registered users via email or in-app notification for material changes.
- For changes requiring renewed consent under GDPR, we will request your consent before applying new data practices.
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, please discontinue use and contact us to delete your account.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Eight Gates LLC
Email: tastethelens@outlook.com
Security issues: tastethelens@outlook.com
We will respond to all privacy inquiries within 30 days (or sooner as required by applicable law).