Privacy Policy
Users must agree to PanPal’s Privacy Policy to use the PanPal application.
PanPal Privacy Policy
Last Updated: June 25, 2025
Introduction
This Privacy Policy describes how PanPal (referred to as “PanPal AI” “PanPal”, “we,” “us,” or “our”), operated by a solo proprietorship in the Netherlands, collects, uses, stores, shares, and protects your information when you use our mobile application, PanPal (also displayed as “PanPal” or “PanPal AI” on app stores). We are committed to protecting your privacy and handling your data in a transparent and secure manner, in full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using the PanPal application, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use our application.
1. Who We Are
PanPal is a mobile application developed and operated by, a solo proprietorship based in the Netherlands (KVK number 97480169). Our application allows users to create, share, and cook recipes with AI assistance, including features like LLM-generated content, user-generated content, and subscription services.
2. Information We Collect
We collect various types of information to provide and improve our Service. The categories of personal data we collect include:
2.1. Personal Data You Provide to Us
- Account Information: When you register for an account, we collect your email address, a unique user ID, and any profile picture you choose to upload.[1, 2]
- User-Generated Content (UGC): This includes all content you create, upload, or share within the app, such as recipe text, images, nutritional information, cooking steps, and any private recipes you choose to keep.[2]
- LLM Interactions/Queries: We collect the input you provide to our Large Language Models (LLMs) (e.g., your questions about recipe steps) and the AI-generated responses.[2]
- Payment Information: For paid subscriptions, we collect information related to your subscription ID, purchase history, and potentially billing address if processed directly by us (though often handled by app stores).[1, 2]
- Customer Support Data: If you contact our customer support, we collect the content of your communications with us to assist you with your inquiries.[2]
- Other Information: Any other information you voluntarily provide to us through the app.
2.2. Data Collected Automatically
- Usage Data: We collect information about your activity within the application, such as app launches, taps, clicks, scrolling information, product interaction, search history (for LLM questions), and other usage data for app optimization and performance analysis.[1, 2]
- Device Information: We collect data from which your device could be identified, such as your Internet Protocol (“IP”) address, device name, operating system, browser type, and crash data.[2, 3, 4] IP addresses are considered personal data under EU law.[5]
2.3. Information from Third Parties
We may receive information about you from third-party services integrated into PanPal AI, such as app stores (Apple App Store, Google Play Store) for payment processing and analytics providers. We ensure that any third-party services we use are compliant with GDPR.[1]
3. How We Use Your Information (Purpose and Lawful Basis)
We process your personal data only when we have a valid legal basis under GDPR. The purposes for which we collect and use your data, along with their corresponding lawful bases, are detailed below:
| Data Category | Purpose of Collection/Processing | Lawful Basis for Processing (GDPR Article 6) | Retention Period | Shared With |
|---|---|---|---|---|
| Account Information (Email, User ID, Profile Picture) | Account management, user identification, communication, personalization of your in-app experience. | Contractual Necessity (to provide the service) | Until account deletion + a reasonable grace period for legal/audit purposes. | Firebase |
| User-Generated Content (UGC) (Recipe Text, Images, Nutritional Info, Steps, Private Recipes) | Recipe creation, storage, public sharing (if opted), AI assistance, and for app optimization/AI training (for public data). | Contractual Necessity (for private content & core service); Legitimate Interest (for public content for app optimization & AI training, with balancing test and user rights considered).[5, 6, 7] | Until user deletion + a reasonable grace period for legal/audit purposes. | Firebase (all); Publicly (if shared by user) |
| LLM Interactions/Queries (User questions, AI responses) | Providing AI assistance, improving AI models (for public/anonymized data). | Contractual Necessity (to provide AI features); Legitimate Interest (for public/anonymized data for improvement).[5, 6, 7] | For duration of interaction; Anonymized/aggregated for longer-term AI training. | Firebase, LLM Provider (anonymized/pseudonymized where possible) |
| Payment Data (Subscription ID, Purchase History, Billing Address) | Processing subscriptions, billing, fraud prevention. | Contractual Necessity (to fulfill subscription agreement); Legal Obligation (for tax purposes); Legitimate Interest (fraud prevention).[5, 3] | As required by tax law/contractual obligation (e.g., 7 years for tax records). | Firebase, App Store Payment Processors |
| App Usage Data (App Launches, Clicks, Scrolling, Timer Usage, Search History) | App optimization, performance analysis, feature improvement, understanding user behavior. | Legitimate Interest (improving app functionality, security, and user experience).[5, 3] | Aggregated/anonymized for long-term analysis; Raw data for shorter periods (e.g., 1-2 years). | Firebase, Analytics Providers (e.g., Google Analytics for Firebase) |
| Device Information (IP Address, Device Name, OS, Crash Data) | App security, fraud prevention, diagnostics, performance monitoring, ensuring app stability. | Legitimate Interest (security, app stability, preventing misuse).[5, 3] | Short-term for diagnostics (e.g., 90 days); Aggregated/anonymized for longer-term trends. | Firebase, Crash Reporting Tools |
| Customer Support Data (Content of Communications) | Providing user support, resolving issues, improving our support services. | Contractual Necessity (to provide support); Legitimate Interest (service improvement). | As long as necessary to resolve issue + reasonable archive period. | Firebase, Support Tool Providers |
We adhere to the principle of data minimization, collecting only the personal data that is absolutely necessary for the stated purposes.[1, 5, 6] We do not reuse personal data for unrelated tasks without obtaining further consent or establishing a new lawful basis.[6]
4. How We Store and Protect Your Information
All user data, including private recipes, is stored using Firebase, a development platform provided by Google. Data stored within Google Cloud Platform (GCP), which underpins Firebase services, is encrypted at rest by default using the Advanced Encryption Standard (AES) algorithm, specifically AES-256.[8, 9, 10, 11, 12] This encryption applies to data on disks, flash drives, indexes, and backups, without requiring any additional action from you.[9] Data transmitted to and from Firebase/GCP is encrypted in transit using Transport Layer Security (TLS), commonly known as HTTPS.[11, 12]
Firebase services have successfully completed ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation processes, and GCP utilizes FIPS 140-2 validated encryption modules.[8, 9]
While Google Cloud/Firebase provides robust server-side encryption, PanPal AI is responsible for implementing and maintaining strong Firebase Security Rules and application logic to ensure that private recipes and other sensitive user data are not accessible to unauthorized users.[13] This means the application’s configuration is paramount for maintaining data confidentiality and access control.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.[1, 5, 6]
5. Your Data Protection Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right to Information: You have the right to be informed about the collection and use of your personal data.[5] This Privacy Policy serves to fulfill this right.
- Right of Access: You can request a copy of the personal data we hold about you.[5]
- Right to Rectification: You have the right to request that inaccurate personal data be corrected or incomplete data be completed.[5]
- Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data under certain conditions, for example, if the data is no longer necessary for the purposes for which it was collected.[5, 8]
- Right to Restriction of Processing: You can request that the processing of your personal data be restricted under certain conditions.[5]
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.[5, 8]
- Right to Object: You can object to the processing of your personal data, particularly when based on legitimate interests or for direct marketing purposes.[5]
- Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.[5, 6]
To exercise any of these rights, please contact us using the contact details provided in Section 9 of this Privacy Policy. We will respond to your request in accordance with applicable data protection laws.
6. Children’s Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary actions.[4]
7. Third-Party Services and Links
Our application may contain links to other sites or integrate services not operated by us. If you click on a third-party link, you will be directed to that site. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the Privacy Policy of every site you visit.[4]
8. Changes to This Privacy Policy
We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy within the application or on our website, and updating the “Last Updated” date at the top of this policy. We encourage you to review this Privacy Policy periodically for any changes.[14, 4]
9. Contact Us
If you have any questions or suggestions about our Privacy Policy, or if you wish to exercise any of your data protection rights, please do not hesitate to contact us:
- By Email: info@panpalapp.com
- By Visiting this page on our website: https://panpalapp/contact