Privacy Policy

The MySousChef web application ("Service") is operated by:

BZR Szoftverfejlesztő Kft. is the data controller for personal data processed in connection with the Service, within the meaning of the EU General Data Protection Regulation (GDPR – Regulation 2016/679) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

Account Data

When you register or sign in, we collect:

• Email address
• Display name (first and last name, if provided via Google)
• Profile picture URL (if provided via Google Sign-In)
• Password hash (for email/password accounts — we never store plaintext passwords)

Content Data

Data you create while using the Service:

• Recipes you save, import, or create (including images and text)
• Meal plans and shopping lists
• Cookbooks and collections
• Photos you upload for recipe scanning

Usage Data

We may automatically collect certain technical information when you use the Service, including your IP address, browser type and version, pages visited, time and date of access, and session duration. This data is used solely for diagnosing technical issues and improving the Service.

Cookies and Session Tokens

We use strictly necessary cookies and session tokens to authenticate your account and keep you signed in. These are essential for the Service to function and do not require your consent under GDPR Recital 47 and the Hungarian ePrivacy rules. We do not use advertising or tracking cookies.

We process your personal data under the following legal bases (GDPR Article 6):

• Performance of a contract (Art. 6(1)(b)) — processing your account data and content data is necessary to provide the Service you registered for.
• Legitimate interests (Art. 6(1)(f)) — usage data is processed to maintain service security, prevent fraud, and improve the Service. Our legitimate interests are not overridden by your rights and freedoms.
• Compliance with a legal obligation (Art. 6(1)(c)) — retaining billing and invoicing records as required by Hungarian accounting law (Act C of 2000).

We use the data we collect for the following purposes:

• To create and manage your account
• To provide, operate, and maintain the Service
• To process subscription payments and issue invoices
• To sync meal plans with Google Calendar (when you connect your Google account)
• To process recipe photos using AI image recognition (Pro/Expert plans)
• To notify you about material changes to the Service or these policies
• To detect and prevent fraud, abuse, and security incidents
• To comply with applicable legal obligations

We do not use your data for targeted advertising, and we do not sell your personal data to third parties.

We engage the following trusted third-party service providers who may process your personal data on our behalf, bound by data processing agreements (DPAs) ensuring GDPR compliance:

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred outside the EEA, we ensure adequate safeguards are in place in accordance with GDPR Chapter V, specifically:

• Standard Contractual Clauses (SCCs) adopted by the European Commission
• The EU–US Data Privacy Framework where applicable

By using the Service, you acknowledge that your data may be transferred to and processed in countries outside the EEA with equivalent protections as described above.

We retain your personal data only for as long as necessary for the purposes described in this policy:

• Account data — retained for the duration of your account. Deleted within 30 days of account deletion.
• Content data (recipes, meal plans) — deleted immediately upon account deletion, except where shared to the public recipe library (which may persist in anonymised form).
• Billing records — retained for 8 years as required by Hungarian accounting law (Act C of 2000, §169).
• Usage and log data — retained for up to 90 days for security and diagnostic purposes.

As a data subject under the GDPR, you have the following rights, which you may exercise free of charge by contacting us at bzr.software.kft@gmail.com:

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18) — request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

We will respond to your request within 30 days. If we cannot comply, we will explain why. You also have the right to lodge a complaint with the Hungarian supervisory authority:

MySousChef uses only strictly necessary cookies required to operate the Service. We do not use advertising, analytics, or tracking cookies.

Because these cookies are strictly necessary for the Service to function, they are set without requiring separate consent under GDPR Recital 47 and the Hungarian Electronic Communications Act (Act C of 2003, §155).

If you choose to connect your Google account to sync meal plans with Google Calendar, we request only the minimum necessary OAuth scopes (calendar event creation and deletion). We do not read, store, or share the contents of your existing calendar events. You can revoke this access at any time from your Google account settings or from your MySousChef account settings.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), hashed passwords, and role-based access controls.

No method of transmission over the internet or electronic storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the NAIH within 72 hours and, where required, notify you without undue delay, in accordance with GDPR Articles 33–34.

The Service is not directed at persons under the age of 16. We do not knowingly collect personal data from anyone under 16, in accordance with GDPR Article 8 and its Hungarian implementation. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at bzr.software.kft@gmail.com and we will delete the data promptly.

The Service may contain links to third-party websites (for example, recipe sources you import from). We have no control over the content or privacy practices of those sites and assume no responsibility for them. We encourage you to review the privacy policy of any third-party site you visit.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or in-app notification at least 15 days before the change takes effect, and update the effective date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you do not accept the updated policy, you may delete your account before the effective date.

For any questions, requests, or complaints regarding this Privacy Policy or how we handle your personal data, please contact us:

You may also lodge a complaint with the Hungarian supervisory authority (NAIH) at any time — see Section 8 for details.