Security & data handling

Mintdish handles recipes you save, photos you upload, and your account information. This page summarises how that data is stored, who can see it, and how AI parsing and analytics work. The full legal version is in our Privacy Policy.

Where your data lives

• Recipes & account data are stored in a Postgres database hosted on Neon (EU region) and accessed only over TLS.
• Photos and generated hero images are stored in Vercel Blob with private access and served back to you only through an authenticated proxy.
• Authentication is handled by NextAuth.js with Google OAuth — Mintdish never sees your Google password.

How AI parsing works

• Recipe URLs, transcripts, and photos are sent to Google Gemini under Google's API terms purely for parsing and chat responses.
• Mintdish does not train any models of its own and does not share your library with third parties beyond what is required to deliver the service.
• Hero images generated by Gemini 2.5 Flash Image are watermarked "Generated with AI" so they cannot be confused with real photos.

Analytics & error tracking

• Analytics (Google Analytics, Vercel Analytics, Speed Insights) only run if you accept analytics cookies in the consent banner.
• Sentry is used for error tracking; user IDs and emails may appear in error reports to help debug issues.
• You can update or revoke analytics consent any time from the Cookie preferences page.

Account deletion

To delete your account and all associated data — recipes, photos, chat history, and waitlist email — email horia@mintdish.io from the address linked to your account and we will action it within seven days.

Reporting a vulnerability

If you believe you have found a security issue in Mintdish, please email horia@mintdish.io with details and steps to reproduce. We aim to acknowledge reports within two business days.