Privacy Policy

Last updated: May 29, 2026

Fridgepin is a small, independent product made by one person. This policy explains what data we collect, why, and what we do with it. It's deliberately short and tries to be honest rather than legally exhaustive. If you have any questions, email hello@fridgepin.com.

What we collect

Only what's needed to run the service:

• Your email address, when you sign in. We use it to send sign-in links, to identify your saved recipes, and (for paying subscribers) to send receipts and account-related notices.
• The recipes you save. When you click "Save to my cookbook," we store the parsed recipe in your account so you can find it later.
• The recipes you parse. When you paste a URL, we fetch and parse that page. We do not store the URL or the parsed result unless you choose to save it.
• Basic server logs. Standard web access logs (IP address, time, page requested). Kept up to 30 days for security and debugging, then rotated out.
• Tags you create. Free-form labels you put on your saved recipes.

We do not collect: your real name (unless you give it to us), your location, your contacts, browsing history outside Fridgepin, or any data we don't directly need.

What we don't do

• We don't sell your data. Ever. To anyone.
• We don't run ads. The product is funded by paying subscribers, not advertising.
• We don't use third-party analytics like Google Analytics, Facebook Pixel, or similar trackers. We rely on basic server logs.
• We don't share your saved recipes with anyone. They belong to you.

Who we share data with

Three companies process some of your data on our behalf, because we need them to run the service:

• Resend sends our emails (sign-in links, recipe cards you email yourself). They see the recipient address and the email content. Resend's privacy policy.
• Lemon Squeezy handles payments for Fridgepin Pro. If you subscribe, they handle your payment information directly. We never see your card details. Lemon Squeezy's privacy policy.
• DigitalOcean hosts our server. Your data physically lives on their infrastructure. DigitalOcean's privacy policy.

These companies are "data processors" acting on our behalf. They are not free to use your data for their own purposes.

Cookies

We use exactly one cookie: a session cookie that keeps you signed in after you click a magic-link email. It's a long random string, expires after 30 days, and contains no personal information beyond identifying your session. We don't use any tracking or analytics cookies.

How long we keep your data

• Saved recipes and tags: as long as your account exists.
• Account email: as long as your account exists.
• Sign-in tokens: 20 minutes (then automatically expire).
• Sessions: 30 days (then automatically expire).
• Server access logs: up to 30 days.
• Email send records (for rate-limiting "email this card"): up to 24 hours.
• Payment records: as required by tax law, usually 7 years. Kept by Lemon Squeezy, not us.

Your rights

Email hello@fridgepin.com for any of the following. We'll respond within 7 days, usually faster.

• Get a copy of your data. We'll send you everything we have on you.
• Delete your account and all data. Permanent and immediate. We will retain anonymized billing records as required by US tax law.
• Correct your data. If anything's wrong, tell us.
• Stop receiving emails. Sign-in links and account notices are required for the service to work; if you no longer want them, delete your account. We don't send marketing emails.

If you're in California, Virginia, Colorado, Connecticut, Utah, or another US state with consumer privacy laws, you have additional rights under those laws (right to know, right to delete, right to opt out of "sale" of data, etc.). Since we don't sell data, the opt-out right doesn't really apply to us, but the others do. Email us and we'll honor them.

If you're in the EU/UK, you have additional rights under GDPR or UK-GDPR. Email us; we'll honor them.

Where your data lives

Fridgepin's servers are hosted by DigitalOcean, primarily in North America. Your data may also briefly transit through Resend (United States) and Lemon Squeezy (United States) when emails or payments are processed.

Security

We use HTTPS for all connections, store passwords… actually we don't store passwords at all (we use magic-link sign-in, so there's no password to leak). API secrets and webhook signatures are verified cryptographically. Backups are encrypted in transit.

That said: no system is perfectly secure. If you become aware of a security issue with Fridgepin, please email hello@fridgepin.com before disclosing it publicly. We will investigate and respond promptly. In the event of a data breach affecting New York residents, we will provide notification in accordance with the New York SHIELD Act.

Children

Fridgepin is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe we have, contact us and we'll delete it.

Changes to this policy

If we make material changes to this policy, we'll email registered users before the changes take effect. Minor edits (typo fixes, clarifications) may be made without notice.

Contact

Fridgepin is operated by an individual sole proprietor based in New York, United States. For any privacy-related question, email hello@fridgepin.com.