Privacy Policy

Last update: January 8, 2026

1. Introduction

This privacy policy describes how domya (hobby/personal project) collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller is the creator of this application (hobby/personal project). For any questions regarding your personal data, you can contact us via the contact email available in the legal notice.

3. Data Collected

We collect the following data:

  • Authentication data : Email, password (hashed), OAuth identifiers (Google)
  • User profile : Username, avatar, family membership
  • Created content : Recipes, shopping lists, ingredients, notes
  • Social relationships : Friends, family invitations
  • Images : Uploaded recipe photos
  • Technical data : Session cookies (necessary for operation)

4. Processing Purposes

Your data is used for:

  • Providing and improving the service (recipe management, shopping lists)
  • Authenticating users and managing sessions
  • Enabling content sharing between family members and friends
  • Ensuring security and preventing abuse

5. Legal Basis

The processing of your data is based on:

  • Contract performance : Data necessary to provide the service
  • Consent : For non-essential cookies (if applicable)
  • Legitimate interest : For security and fraud prevention

6. Data Retention

Data is retained:

  • Active accounts : For the entire duration of service use
  • Inactive accounts : Deletion after 3 years of inactivity
  • Expired invitations : Automatic deletion after expiration
  • Session data : Deletion upon logout

7. Your Rights

In accordance with GDPR, you have the following rights:

  • Right of access : You can request a copy of your personal data
  • Right to rectification : You can correct your data in settings
  • Right to erasure : You can delete your account and all your data
  • Right to data portability : You can export your data in JSON format
  • Right to object : You can object to the processing of your data
  • Right to restriction : You can request restriction of processing

To exercise these rights, use the features available in your account settings or contact us via the contact email.

8. Data Transfers

Your data is hosted by Supabase. Please check the hosting region of your Supabase instance. If data is hosted outside the EU, appropriate safeguards (Standard Contractual Clauses) are in place to ensure an adequate level of protection.

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Data encryption in transit (HTTPS)
  • Data encryption at rest (via Supabase)
  • Secure authentication (Supabase Auth)
  • Hashed passwords
  • Row Level Security (RLS) for data isolation

10. Cookies

We use only essential cookies necessary for the application to function (session cookies for authentication). These cookies cannot be disabled.

11. Modifications

This privacy policy may be modified. The date of last update is indicated at the top of this page. We encourage you to consult this page regularly.

12. Contact

For any questions regarding this privacy policy or your personal data, please consult the legal notice for contact details.

← Back to home