Privacy Notice

Last updated: June 15, 2026

1. Who we are

Radish is operated by Elara Stratagem ("Elara Stratagem", "Radish", "we", "us"). Elara Stratagem is the data controller for personal data processed through the Radish app and website.

2. Personal data we collect

• Account data: email address, name, password hash, authentication identifiers.
• Profile preferences: dietary preferences, allergies, cuisines, household size, cooking goals.
• Usage data: recipes viewed/saved/cooked, pantry items, grocery lists, meal-plan history, feature usage.
• Device and technical data: push-notification subscription tokens, locale, browser/device identifiers, IP address, error logs.
• Support communications: messages you send us by email or in-app.

3. How we use your data and legal bases

• Provide the service (account creation, sign-in, storing your pantry/cookbook/grocery list, generating recommendations) — performance of a contract.
• Security and fraud prevention (rate limiting, abuse detection, error logging) — legitimate interests.
• Improving the product (anonymized analytics, aggregate metrics) — legitimate interests.
• Customer support (responding to your messages) — performance of a contract and legitimate interests.
• Push notifications and marketing (meal reminders, product updates) — consent, which you can withdraw at any time.
• Legal compliance (tax, accounting, responding to lawful requests) — legal obligation.

4. AI features

Recommendations and recipe images are produced by AI models accessed through the Lovable AI Gateway. Prompts contain dish names and dietary preferences; no payment data or account credentials are shared with model providers.

5. Sharing your data

We do not sell your personal data. We share it only with the following categories of recipients:

• Infrastructure and service providers (subprocessors): Lovable Cloud / Supabase (hosting, database, authentication), AI model providers (via the Lovable AI Gateway), web-push delivery services, email delivery providers.
• Merchant of Record — Paddle: Paddle.com Market Limited acts as our reseller and Merchant of Record. Paddle processes your payment, manages your subscription, handles tax and invoicing, and provides billing-related customer service. Paddle processes your data under its own privacy policy.
• Professional advisers (legal, accounting, auditors), where necessary.
• Authorities, where required by law or to protect our rights.

6. International transfers

Some of our providers process data outside your country, including in the United States and the European Union. Where required, transfers rely on Standard Contractual Clauses or adequacy decisions to protect your data.

7. Data retention

• Account, profile, and content data are kept while your account is active.
• After you delete your account, account data is removed promptly; aggregated, anonymized usage data may be retained for analytics.
• Payment and tax records held by Paddle are retained as required by law (typically 6–10 years depending on jurisdiction).
• Error logs and security records are retained for up to 12 months.
• Support communications are retained for up to 24 months.

8. Your rights

Subject to local law, you have the right to access, rectify, erase, restrict, or port your personal data, to object to certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection supervisory authority. Most of these can be exercised directly in Account → Privacy (export, delete); for anything else, contact us at the address below. We aim to respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest for databases, role-based access controls, row-level security on user data, audit logging, and least-privilege access for our team and contractors. No system is fully secure; we will notify you and the relevant authorities of any data breach where required by law.

10. Cookies

We use a minimal set of essential cookies and similar storage technologies to keep you signed in and to remember preferences. We do not set marketing cookies. Privacy-friendly analytics may be used without cookies; where they require consent in your jurisdiction, we ask before setting them.

11. Children

Radish is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can delete it.

12. Changes

We may update this Privacy Notice. Material changes will be communicated through the app or by email.

13. Contact

Privacy questions: hello@radishai.co (Elara Stratagem).

← Back to Radish