Privacy Policy

Last updated: April 21, 2026

simmr ("we", "our", "the app") is committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it.

1. What we collect

• Account info — Email address and name from Sign in with Apple or Google Sign-In, used solely for authentication.
• Instagram reel URLs — The URLs you share with simmr. We use these to extract recipes and wisdom summaries.
• Push notification token — Your device's push token, used only to notify you when your recipe is ready.
• Extracted content — Recipes, wisdom summaries, and metadata generated from reels you share. Stored in your account until you delete it.
• Purchase receipts — When you buy credits or a subscription, the App Store/Play Store receipt is sent to our server to grant credits. No card details pass through simmr.

2. What we don't collect

• We don't access your Instagram account or credentials.
• We don't collect your contacts, photos, location, or browsing history.
• We don't sell, share, or trade your data with third parties for advertising.
• We don't use tracking SDKs, analytics pixels, or ad networks.

3. How we use your data

• Authentication — Sign in with Apple or Google Sign-In to create and secure your account.
• Recipe extraction — When you share an Instagram reel URL, our backend fetches the reel's public audio and caption and sends them to a third-party AI provider (Google Gemini or Groq) to produce a structured recipe or summary. The extracted text is returned to you and stored in your account; audio files are discarded after processing.
• Push notifications — To notify you when your recipe is ready.
• Reel caching — Extracted content is cached so that the same reel shared by multiple users doesn't need to be re-processed.

4. Third-party services

• Google Gemini — Reel audio and caption are sent to Google's Gemini API for recipe extraction. No account identifiers or personal data are attached to the request. See Gemini API terms.
• Groq — For some extractions we use Groq's transcription + language models instead of Gemini. Same scope: reel audio and caption only, no personal data. See Groq privacy policy.
• Sign in with Apple — Authentication via Apple. See Apple privacy policy.
• Google Sign-In — Authentication via Google OAuth. See Google privacy policy.
• Supabase — Authentication session storage and issuing of JWT access tokens. See Supabase privacy policy.
• Expo Push Notifications — Push tokens are sent via Expo/Apple (APNs) and Google (FCM). See Expo privacy policy.
• Railway — Our backend and PostgreSQL database are hosted on Railway (EU region).

5. Data storage and security

Your data is stored in a PostgreSQL database hosted on Railway. We use HTTPS for all API communication and JWT tokens for authentication. We do not store Instagram passwords or access tokens.

6. Data retention & account deletion

Your recipes and account data are retained as long as your account is active. You can delete individual recipes at any time from within the app. To delete your entire account and all associated data (recipes, shopping list, pantry, purchase history), open simmr and go to Account → Delete Account. Deletion is immediate and permanent. We retain a one-way hashed identifier after deletion solely to prevent abuse of our signup credit system; no personal information is retained.

7. Children's privacy

simmr is not intended for children under 13. We do not knowingly collect data from children.

8. Changes to this policy

We may update this policy from time to time. Changes will be reflected on this page with an updated date.

9. Contact

If you have questions about this privacy policy or need help with data deletion, email us at [email protected].