1. Introduction and Scope

Welcome to Forktastic. This Privacy Policy explains how Forktastic ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our products and services.

This policy applies to all Forktastic products, including:

Forktastic Browser Extension ("Extension") — available for Firefox and Chrome, used to detect and extract recipes from web pages
Forktastic Web Application ("Web App") — accessible at app.forktastic.com, used to manage your recipe collection, meal plans, and account
Forktastic Marketing Website — accessible at forktastic.com, used for product information and waitlist registration
Forktastic Mobile Applications ("Mobile App") — future iOS and Android applications for accessing your recipes on the go

Throughout this policy, we use the following terms:

"Service" refers to all Forktastic products collectively
"Personal Data" means any information that identifies or could identify you as an individual
"Processing" means any operation performed on your Personal Data

By using any Forktastic product, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

We collect different types of information depending on how you interact with our Service.

2.1 Account Information

When you create a Forktastic account, we collect:

Email address — used for account identification, login, and communications
Password — securely hashed using bcrypt via Supabase Auth; we never store your password in plain text
Authentication tokens — access tokens and refresh tokens generated upon login, used to maintain your authenticated session

2.2 Recipe Content

When you use Forktastic to extract and save recipes, we collect:

Full page HTML — the complete HTML content of the web page is transmitted to our server only when you explicitly click "Extract Recipe" (or when auto-extract is enabled in your settings)
Source URL — the web address of the page from which the recipe was extracted
Structured recipe data — title, ingredients, instructions, nutrition information, prep/cook times, and servings, as extracted by our AI
Recipe images — images associated with the recipe, converted to WebP format for storage

Important: The raw HTML is processed in memory, is NOT permanently stored, and is discarded after processing (typically within 30 seconds). Only the structured recipe data is saved to your account.

2.3 Browser Extension Data

The Forktastic browser extension operates in two distinct modes:

2.3.1 Passive Detection (Local Only)

When you browse the web with the extension installed, a content script scans each page for JSON-LD structured data (Recipe schema markup). This scanning happens entirely within your browser. During passive detection, no data is transmitted to our servers. We do not collect your browsing history, page content from non-recipe pages, or track the websites you visit. The extension icon simply updates to indicate whether a recipe was detected on the current page.

2.3.2 Active Extraction (User-Initiated)

When you explicitly click to extract a recipe (or have auto-extract enabled), the full HTML content of the current web page is transmitted to our server via an encrypted HTTPS connection. Our server uses AI to extract structured recipe data. The raw HTML is processed in memory, is NOT permanently stored, and is discarded after processing (typically within 30 seconds). Only the structured recipe data is saved.

2.3.3 Local Storage

The extension stores the following data locally on your device using chrome.storage.local:

Authentication tokens — access_token and refresh_token for maintaining your login session
User settings — your extension preferences (e.g., auto-extract toggle)
Recent recipe IDs — identifiers of recently extracted recipes for quick access

2.4 Subscription Information

We use RevenueCat to manage subscriptions. When you subscribe to Forktastic:

RevenueCat receives your anonymous user identifier and subscription purchase details
Subscription status (active, expired, trial) is synced with our system
We do not handle or store payment card information directly. All payment processing is handled by the app store (Apple App Store, Google Play) or browser payment platform (Stripe)

2.5 Usage and Analytics Data

We collect usage data to improve our Service:

Website (forktastic.com): We use Google Analytics 4 and Vercel Analytics to collect anonymized page views, user interactions, and web performance metrics
Extension: Feature usage counts and error reports to help us identify and fix issues. You can opt out of analytics data collection in extension settings

2.6 Device and Technical Information

We automatically collect certain technical information when you use our Service, including browser type and version, operating system, device type, language preferences, and referring URLs. This information helps us optimize our Service for different platforms and troubleshoot technical issues.

3. Browser Extension Permissions Explained

The Forktastic browser extension requests specific permissions to function. Here is a detailed explanation of each permission and why it is needed:

Permission	Why It's Needed
<all_urls>	Recipes are published across millions of websites. To detect recipe markup on any page, our content script requires this permission. The script scans for JSON-LD structured data locally within your browser. During detection, no data is transmitted. We do not collect browsing history, page content from non-recipe pages, or track the websites you visit.
activeTab	Allows access to the content of the current tab only when you interact with the extension (e.g., clicking the extension icon or the "Extract Recipe" button). This is used to read the page HTML for recipe extraction.
storage	Stores your authentication tokens, extension preferences, and recent recipe identifiers locally on your device. This data never leaves your browser unless you initiate an action.
scripting	Injects the content script that performs local JSON-LD recipe detection on web pages. The script runs passively and only communicates with the extension's background service worker.
tabs	Updates the extension icon badge and state based on whether a recipe was detected on the current page. Also used for navigation to the web app when needed.
host_permissions (api.revenuecat.com)	Allows the extension to check your subscription status with RevenueCat. Only your anonymous user identifier and subscription status are transmitted.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To provide, maintain, and improve the Forktastic Service, including recipe extraction, storage, meal planning, and recipe management
Authentication: To verify your identity and maintain secure access to your account across the extension and web app
Subscription Management: To manage your subscription status, entitlements, and billing through RevenueCat
Analytics and Improvement: To understand how our Service is used, identify issues, and improve the user experience
Communications: To send you service-related updates, security alerts, and (with your consent) marketing communications about new features
Legal Compliance: To comply with applicable laws, regulations, and legal processes

We process your information only for the purposes described in this policy. We do not use your recipe content to train AI models or for any purpose other than providing the Service to you.

5. How We Process Recipe Data

Here is a detailed explanation of how recipe data flows through our system:

Step 1: On-Device Detection

The extension's content script scans the current page for JSON-LD Recipe schema markup. This happens entirely in your browser with no network calls. If recipe markup is found, the extension icon updates to indicate a recipe is available.

Step 2: Server-Side Extraction

When you click "Extract Recipe," the full page HTML is sent to our API server (api.forktastic.com) over an encrypted HTTPS connection. Our server passes the HTML to AWS Bedrock (AI service) which extracts structured recipe data including title, ingredients, instructions, nutrition, and timing information. The raw HTML is processed in memory and discarded within approximately 30 seconds. It is never written to permanent storage.

Step 3: Image Processing

Recipe images are converted to WebP format and stored on Cloudflare R2 via presigned URLs generated by Supabase Edge Functions. Images are associated with your recipe and accessible only through your authenticated account.

Step 4: Recipe Storage

The structured recipe data (title, ingredients, instructions, nutrition, source URL, and image URLs) is stored in our Supabase PostgreSQL database, linked to your user account. You can view, edit, organize, and delete your saved recipes at any time through the web app or extension.

6. Data Sharing and Third-Party Services

We do NOT sell your personal data. We share information with third-party services only as necessary to provide the Forktastic Service. Below is a comprehensive list of third-party services we use:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Authentication, database, edge functions	Email, hashed password, recipes, user ID	supabase.com/privacy
AWS (Bedrock, Lambda, API Gateway)	AI recipe extraction, API hosting	Page HTML (during extraction only), email (waitlist)	aws.amazon.com/privacy
RevenueCat	Subscription management	Anonymous user ID, subscription status	revenuecat.com/privacy
Cloudflare R2	Recipe image storage	Recipe images (WebP format)	cloudflare.com/privacypolicy
Google Analytics 4	Website analytics	Anonymized page views, events, device info	policies.google.com/privacy
Vercel	Website hosting, analytics	Web vitals, performance metrics	vercel.com/legal/privacy-policy

We may also share information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

7. Authentication and Security

We take the security of your data seriously and implement the following measures:

7.1 Authentication

Account authentication is managed through Supabase Auth using email and password
Passwords are hashed using bcrypt before storage; we never store plain-text passwords
Upon login, access tokens and refresh tokens are generated and stored locally in the browser extension via chrome.storage.local

7.2 Auth Bridge

When you sign in through the web app (app.forktastic.com), the extension uses an auth bridge mechanism to synchronize your login state. A content script on app.forktastic.com securely forwards authentication tokens to the extension's background service worker via the browser's internal messaging API. This communication stays within your browser and does not transmit tokens to any external server.

7.3 Data Protection

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
At Rest: Data stored in our databases and storage services is encrypted using AES-256 encryption
Access Controls: Access to user data is restricted to authorized personnel and automated systems on a need-to-know basis

8. Data Storage and Retention

We retain your data only for as long as necessary to provide the Service and fulfill the purposes described in this policy.

Data Type	Retention Period
Raw page HTML	Discarded immediately after processing (~30 seconds)
Authentication tokens	Until logout or token expiry
Recipes and images	Until user deletes them or account is deleted
Waitlist email addresses	Until unsubscribe or 2 years, whichever comes first
Contact form submissions	1 year after resolution
Google Analytics data	14 months (GA4 default retention)
Extension local storage	Until extension uninstall or logout

Account Deletion: When you request account deletion, all associated data (recipes, images, account information) is permanently purged from our systems within 30 days of your request. Local extension data is cleared upon logout or extension uninstall.

9. Your Rights and Choices

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data and account
Export: Request a copy of your recipe data in JSON format
Opt-Out of Analytics: Disable analytics data collection in extension settings
Uninstall Extension: Removing the extension clears all local data (tokens, settings, cached recipe IDs)
Withdraw Consent: Opt out of marketing communications at any time

To exercise any of these rights, contact us at privacy@forktastic.com. We will respond to your request within 30 days.

11. CCPA/CPRA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

Identifiers: Email address, user ID, authentication tokens
Internet or Network Activity: Browsing interactions with our Service, feature usage, analytics data
Commercial Information: Subscription status and purchase history

Your California Privacy Rights

Right to Know: Request what personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale or sharing of your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

To exercise your rights, contact us at privacy@forktastic.com. We will respond within 45 days of receiving your verifiable request.

12. Children's Privacy

Forktastic is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to promptly delete that information.

If you believe a child has provided us with personal data, please contact us at privacy@forktastic.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by:

Sending an email to the address associated with your account
Posting a prominent notice on our website or within the extension
Updating the "Last Updated" date at the top of this policy

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@forktastic.com
Data Deletion Requests: privacy@forktastic.com
General Support: support@forktastic.com
Legal Inquiries: legal@forktastic.com

1. Introduction and Scope

Welcome to Forktastic. This Privacy Policy explains how Forktastic ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our products and services.

This policy applies to all Forktastic products, including:

Forktastic Browser Extension ("Extension") — available for Firefox and Chrome, used to detect and extract recipes from web pages
Forktastic Web Application ("Web App") — accessible at app.forktastic.com, used to manage your recipe collection, meal plans, and account
Forktastic Marketing Website — accessible at forktastic.com, used for product information and waitlist registration
Forktastic Mobile Applications ("Mobile App") — future iOS and Android applications for accessing your recipes on the go

Throughout this policy, we use the following terms:

"Service" refers to all Forktastic products collectively
"Personal Data" means any information that identifies or could identify you as an individual
"Processing" means any operation performed on your Personal Data

By using any Forktastic product, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

We collect different types of information depending on how you interact with our Service.

2.1 Account Information

When you create a Forktastic account, we collect:

Email address — used for account identification, login, and communications
Password — securely hashed using bcrypt via Supabase Auth; we never store your password in plain text
Authentication tokens — access tokens and refresh tokens generated upon login, used to maintain your authenticated session

2.2 Recipe Content

When you use Forktastic to extract and save recipes, we collect:

Full page HTML — the complete HTML content of the web page is transmitted to our server only when you explicitly click "Extract Recipe" (or when auto-extract is enabled in your settings)
Source URL — the web address of the page from which the recipe was extracted
Structured recipe data — title, ingredients, instructions, nutrition information, prep/cook times, and servings, as extracted by our AI
Recipe images — images associated with the recipe, converted to WebP format for storage

2.3 Browser Extension Data

The Forktastic browser extension operates in two distinct modes:

2.3.1 Passive Detection (Local Only)

2.3.2 Active Extraction (User-Initiated)

2.3.3 Local Storage

The extension stores the following data locally on your device using chrome.storage.local:

Authentication tokens — access_token and refresh_token for maintaining your login session
User settings — your extension preferences (e.g., auto-extract toggle)
Recent recipe IDs — identifiers of recently extracted recipes for quick access

2.4 Subscription Information

We use RevenueCat to manage subscriptions. When you subscribe to Forktastic:

RevenueCat receives your anonymous user identifier and subscription purchase details
Subscription status (active, expired, trial) is synced with our system
We do not handle or store payment card information directly. All payment processing is handled by the app store (Apple App Store, Google Play) or browser payment platform (Stripe)

2.5 Usage and Analytics Data

We collect usage data to improve our Service:

Website (forktastic.com): We use Google Analytics 4 and Vercel Analytics to collect anonymized page views, user interactions, and web performance metrics
Extension: Feature usage counts and error reports to help us identify and fix issues. You can opt out of analytics data collection in extension settings

2.6 Device and Technical Information

3. Browser Extension Permissions Explained

The Forktastic browser extension requests specific permissions to function. Here is a detailed explanation of each permission and why it is needed:

Permission	Why It's Needed
<all_urls>	Recipes are published across millions of websites. To detect recipe markup on any page, our content script requires this permission. The script scans for JSON-LD structured data locally within your browser. During detection, no data is transmitted. We do not collect browsing history, page content from non-recipe pages, or track the websites you visit.
activeTab	Allows access to the content of the current tab only when you interact with the extension (e.g., clicking the extension icon or the "Extract Recipe" button). This is used to read the page HTML for recipe extraction.
storage	Stores your authentication tokens, extension preferences, and recent recipe identifiers locally on your device. This data never leaves your browser unless you initiate an action.
scripting	Injects the content script that performs local JSON-LD recipe detection on web pages. The script runs passively and only communicates with the extension's background service worker.
tabs	Updates the extension icon badge and state based on whether a recipe was detected on the current page. Also used for navigation to the web app when needed.
host_permissions (api.revenuecat.com)	Allows the extension to check your subscription status with RevenueCat. Only your anonymous user identifier and subscription status are transmitted.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To provide, maintain, and improve the Forktastic Service, including recipe extraction, storage, meal planning, and recipe management
Authentication: To verify your identity and maintain secure access to your account across the extension and web app
Subscription Management: To manage your subscription status, entitlements, and billing through RevenueCat
Analytics and Improvement: To understand how our Service is used, identify issues, and improve the user experience
Communications: To send you service-related updates, security alerts, and (with your consent) marketing communications about new features
Legal Compliance: To comply with applicable laws, regulations, and legal processes

We process your information only for the purposes described in this policy. We do not use your recipe content to train AI models or for any purpose other than providing the Service to you.

5. How We Process Recipe Data

Here is a detailed explanation of how recipe data flows through our system:

Step 1: On-Device Detection

Step 2: Server-Side Extraction

Step 3: Image Processing

Step 4: Recipe Storage

6. Data Sharing and Third-Party Services

Service	Purpose	Data Shared	Privacy Policy
Supabase	Authentication, database, edge functions	Email, hashed password, recipes, user ID	supabase.com/privacy
AWS (Bedrock, Lambda, API Gateway)	AI recipe extraction, API hosting	Page HTML (during extraction only), email (waitlist)	aws.amazon.com/privacy
RevenueCat	Subscription management	Anonymous user ID, subscription status	revenuecat.com/privacy
Cloudflare R2	Recipe image storage	Recipe images (WebP format)	cloudflare.com/privacypolicy
Google Analytics 4	Website analytics	Anonymized page views, events, device info	policies.google.com/privacy
Vercel	Website hosting, analytics	Web vitals, performance metrics	vercel.com/legal/privacy-policy

We may also share information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

7. Authentication and Security

We take the security of your data seriously and implement the following measures:

7.1 Authentication

Account authentication is managed through Supabase Auth using email and password
Passwords are hashed using bcrypt before storage; we never store plain-text passwords
Upon login, access tokens and refresh tokens are generated and stored locally in the browser extension via chrome.storage.local

7.2 Auth Bridge

7.3 Data Protection

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
At Rest: Data stored in our databases and storage services is encrypted using AES-256 encryption
Access Controls: Access to user data is restricted to authorized personnel and automated systems on a need-to-know basis

8. Data Storage and Retention

We retain your data only for as long as necessary to provide the Service and fulfill the purposes described in this policy.

Data Type	Retention Period
Raw page HTML	Discarded immediately after processing (~30 seconds)
Authentication tokens	Until logout or token expiry
Recipes and images	Until user deletes them or account is deleted
Waitlist email addresses	Until unsubscribe or 2 years, whichever comes first
Contact form submissions	1 year after resolution
Google Analytics data	14 months (GA4 default retention)
Extension local storage	Until extension uninstall or logout

9. Your Rights and Choices

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data and account
Export: Request a copy of your recipe data in JSON format
Opt-Out of Analytics: Disable analytics data collection in extension settings
Uninstall Extension: Removing the extension clears all local data (tokens, settings, cached recipe IDs)
Withdraw Consent: Opt out of marketing communications at any time

To exercise any of these rights, contact us at privacy@forktastic.com. We will respond to your request within 30 days.

11. CCPA/CPRA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

Identifiers: Email address, user ID, authentication tokens
Internet or Network Activity: Browsing interactions with our Service, feature usage, analytics data
Commercial Information: Subscription status and purchase history

Your California Privacy Rights

Right to Know: Request what personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale or sharing of your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

To exercise your rights, contact us at privacy@forktastic.com. We will respond within 45 days of receiving your verifiable request.

12. Children's Privacy

If you believe a child has provided us with personal data, please contact us at privacy@forktastic.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by:

Sending an email to the address associated with your account
Posting a prominent notice on our website or within the extension
Updating the "Last Updated" date at the top of this policy

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@forktastic.com
Data Deletion Requests: privacy@forktastic.com
General Support: support@forktastic.com
Legal Inquiries: legal@forktastic.com

Privacy Policy

1. Introduction and Scope

2. Information We Collect

2.1 Account Information

2.2 Recipe Content

2.3 Browser Extension Data

2.3.1 Passive Detection (Local Only)

2.3.2 Active Extraction (User-Initiated)

2.3.3 Local Storage

2.4 Subscription Information

2.5 Usage and Analytics Data

2.6 Device and Technical Information

3. Browser Extension Permissions Explained

4. How We Use Your Information

5. How We Process Recipe Data

Step 1: On-Device Detection

Step 2: Server-Side Extraction

Step 3: Image Processing

Step 4: Recipe Storage

6. Data Sharing and Third-Party Services

7. Authentication and Security

7.1 Authentication

7.2 Auth Bridge

7.3 Data Protection

8. Data Storage and Retention

9. Your Rights and Choices

10. GDPR Compliance (EU/EEA Users)

Your GDPR Rights

International Data Transfers

11. CCPA/CPRA Compliance (California Residents)

Categories of Personal Information Collected

Your California Privacy Rights

12. Children's Privacy

13. Changes to This Policy

14. Contact Information

Privacy Policy

1. Introduction and Scope

2. Information We Collect

2.1 Account Information

2.2 Recipe Content

2.3 Browser Extension Data

2.3.1 Passive Detection (Local Only)

2.3.2 Active Extraction (User-Initiated)

2.3.3 Local Storage

2.4 Subscription Information

2.5 Usage and Analytics Data

2.6 Device and Technical Information

3. Browser Extension Permissions Explained

4. How We Use Your Information

5. How We Process Recipe Data

Step 1: On-Device Detection

Step 2: Server-Side Extraction

Step 3: Image Processing

Step 4: Recipe Storage

6. Data Sharing and Third-Party Services

7. Authentication and Security

7.1 Authentication

7.2 Auth Bridge

7.3 Data Protection

8. Data Storage and Retention

9. Your Rights and Choices

10. GDPR Compliance (EU/EEA Users)

Your GDPR Rights

International Data Transfers

11. CCPA/CPRA Compliance (California Residents)

Categories of Personal Information Collected

Your California Privacy Rights

12. Children's Privacy

13. Changes to This Policy

14. Contact Information