PRIVACY POLICY
Last updated: 21 February 2026 V.01
1. DATA CONTROLLER
1.1. The controller responsible for the processing of your personal data is:
Foodpairing NV
Oktrooiplein 1, box 401, 9000 Ghent, Belgium
Crossroads Bank for Enterprises: 0818.030.890
Email: privacy@foodpairing.com
1.2. While Foodpairing has not appointed a dedicated Data Protection Officer, all privacy-related inquiries may be directed to the email address above. We will respond within 30 days, or within the period required by applicable law.
2. SCOPE AND APPLICATION
2.1. This Privacy Policy applies to all personal data collected and processed by Foodpairing in connection with the Inspire V3 platform (“Service”), as defined in the Terms of Service (“TOS”). It should be read in conjunction with the TOS (document FP-LEGAL-TOS-INSPIREV3), which contains additional provisions on data ownership and intellectual property rights.
2.2. This Privacy Policy does not cover: (a) personal data processing by third-party services linked from the Service; (b) cookie and tracking technologies, which are addressed in our separate Cookie Policy; or (c) data processing by the Payment Processor (Chargebee), which is governed by Chargebee’s own privacy policy.
3. PERSONAL DATA WE COLLECT
3.1. We collect the following categories of personal data:
| Category | Examples | Legal Basis | Retention | Portable? |
| Account Data | Name, email, password hash, country | Art. 6(1)(b) Contract | 30 days post-termination | Yes (GDPR Art. 20) |
| User Input | Uploaded recipes, ingredient lists, images | Art. 6(1)(b) Contract | 30 days post-termination | Yes (GDPR Art. 20) |
| Interaction Data | Search queries, clicks, session data, navigation | Art. 6(1)(f) Legit. Interest | Anonymized: indefinite | No (FP property) |
| Derived Data | Model weights, scores, embeddings, vectors | Art. 6(1)(f) Legit. Interest | Indefinite | No (FP IP) |
| Aggregated Insights | Usage trends, benchmarks, popularity rankings | Art. 6(1)(f) Legit. Interest | Indefinite | No (FP IP) |
| Flavor Profiles | Aroma analysis, compatibility scores, mappings | Art. 6(1)(f) Legit. Interest | Indefinite | No (FP IP) |
| Engagement Scores | Activity metrics, cohort labels, propensity scores | Art. 6(1)(f) Legit. Interest | Indefinite | No (FP IP) |
| Experimental Data | A/B test assignments, variant responses | Art. 6(1)(f) Legit. Interest | Indefinite | No (FP IP) |
| Community Pool | Voluntarily shared recipes | Art. 6(1)(a) Consent | Perpetual (license) | Original: Yes |
| Research Data | Anonymized data for academic use | Art. 6(1)(a) Consent | Per research agreement | No (anonymized) |
| Payment Data | Billing address, transaction IDs (card data held by Chargebee) | Art. 6(1)(b) Contract | 6 years (tax law) | Partial |
| Device/Technical | IP address, browser, OS, device ID | Art. 6(1)(f) Legit. Interest | 90 days (logs) | No |
3.2. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us immediately.
3.3. The distinction between personal data and non-personal data (such as anonymized or aggregated data) is governed by the GDPR. Where data has been irreversibly anonymized in accordance with Recital 26 GDPR, it falls outside the scope of data protection legislation and this Privacy Policy.
4. HOW WE COLLECT YOUR DATA
4.1. Directly from you: when you create an Account, upload User Input, use the Recipe Scan feature, contribute to the Community Recipe Pool, or opt in to research partnerships.
4.2. Automatically: when you use the Service, we collect Interaction Data, Device/Technical data, and Experimental Data through standard web technologies (server logs, analytics SDKs).
4.3. From third parties: payment confirmation data from our Payment Processor (Chargebee), and authentication data if you use third-party login providers (e.g., Google, Apple).
5. PURPOSES AND LEGAL BASIS FOR PROCESSING
5.1. Contract Performance (Art. 6(1)(b) GDPR)
We process Account Data, User Input, and Payment Data as necessary to perform our contract with you, specifically to: provide and maintain the Service; manage your Account and Subscription Plan; process payments and Credits; deliver AI-generated Outputs; and provide customer support.
5.2. Legitimate Interest (Art. 6(1)(f) GDPR)
We process Interaction Data, Device/Technical data, Derived Data, Aggregated Insights, Flavor Profiles, Engagement Scores, and Experimental Data based on our legitimate interests, specifically to:
(a) Improve and optimize the Service, including personalization and recommendation algorithms;
(b) Train, develop, and improve AI Systems and machine learning models;
(c) Generate Aggregated Insights for internal analytics, industry reports, and commercial data products;
(d) Conduct A/B tests and experiments to evaluate feature effectiveness;
(e) Calculate Engagement Scores for internal product decisions;
(f) Ensure the security and integrity of the Service, including fraud detection;
(g) Enforce our Terms of Service, including detecting anti-extraction violations.
We have conducted a Legitimate Interest Assessment (LIA) for each of these purposes and have documented our balancing of interests. You may request a copy of our LIA by contacting us at privacy@foodpairing.com.
5.3. Compatible Purposes (Art. 6(4) GDPR)
As described in Section 10.5 of the TOS, we may process personal data and Interaction Data for the following compatible purposes without requiring additional consent: product development and improvement; service optimization; research and statistical analysis using anonymized or pseudonymized data; and security and fraud prevention. We have conducted and documented a compatibility assessment under Art. 6(4) GDPR and a Data Protection Impact Assessment (DPIA) for these extended purposes.
5.4. Consent (Art. 6(1)(a) GDPR)
We process data based on your explicit consent for: (a) contributions to the Community Recipe Pool (TOS §6.7); (b) participation in Research Partnerships (TOS §6.8); and (c) use of User Input for AI training where not anonymized (TOS §6.3(b)). You may withdraw consent at any time through your Account settings or by contacting us. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
5.5. Legal Obligation (Art. 6(1)(c) GDPR)
We process certain data (particularly Payment Data and Account Data) to comply with our legal obligations, including tax and accounting requirements under Belgian law, anti-money laundering regulations, and responses to lawful requests from public authorities.
6. DATA RECIPIENTS AND INTERNATIONAL TRANSFERS
6.1. We may share personal data with the following categories of recipients:
(a) Payment Processor: Chargebee Inc. and its integrated payment gateway partners, for billing and payment processing.
(b) Cloud infrastructure providers: for hosting and data storage (EU-based data centers preferred).
(c) Analytics providers: for aggregated usage analytics (anonymized data only where possible).
(d) Research partners: universities and research institutions, but only anonymized Research Data and only where the User has opted in (TOS §6.8).
(e) Professional advisors: legal, accounting, and audit advisors as necessary.
(f) Law enforcement or regulators: where required by applicable law or regulation.
6.2. International Transfers. Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through: (a) European Commission adequacy decisions (e.g., EU-US Data Privacy Framework); (b) Standard Contractual Clauses approved by the European Commission; or (c) other safeguards permitted under Chapter V GDPR. You may request information about the safeguards in place by contacting us.
7. DATA RETENTION
7.1. We retain personal data only as long as necessary for the purposes for which it was collected. Specific retention periods are set out in the table in Section 3 above.
7.2. Account Data and User Input. Retained for the duration of your Account. Upon termination, personal Account Data and User Input are deleted within 30 days, subject to a data export period (TOS §14.4–14.5).
7.3. Anonymized and Aggregated Data. As described in TOS §14.7, data that has been irreversibly anonymized and aggregated is retained indefinitely. This includes Derived Data, Aggregated Insights, anonymized Interaction Data, Engagement Scores, Experimental Data, Community Recipe Pool contributions (under perpetual license), and Research Data. Such data falls outside the scope of GDPR (Recital 26) and is not subject to deletion requests.
7.4. Payment Data. Retained for a minimum of 6 years following the last transaction, as required by Belgian tax and accounting legislation.
7.5. Technical Logs. Server logs containing IP addresses and device data are retained for 90 days for security and debugging purposes, then deleted or anonymized.
8. YOUR RIGHTS UNDER GDPR
8.1. If you are located in the EEA or the UK, you have the following rights under the GDPR:
| Your Right | What It Means | How to Exercise |
| Access (Art. 15) | Obtain a copy of personal data we hold about you | Email privacy@foodpairing.com |
| Rectification (Art. 16) | Correct inaccurate personal data | Account settings or email us |
| Erasure (Art. 17) | Request deletion of personal data (with exceptions) | Email privacy@foodpairing.com |
| Restriction (Art. 18) | Limit processing while a dispute is resolved | Email privacy@foodpairing.com |
| Data Portability (Art. 20) | Receive User Input in machine-readable format | Account settings > Export |
| Object (Art. 21) | Object to processing based on legitimate interest | Email privacy@foodpairing.com |
| Withdraw Consent (Art. 7) | Withdraw consent at any time (does not affect prior processing) | Account settings or email us |
| Lodge Complaint | File complaint with supervisory authority | Belgian DPA (gegevensbeschermingsautoriteit.be) |
8.2. Data Portability Limitations. In accordance with TOS §14.5, the right to data portability under Art. 20 GDPR applies only to data “provided by” you (i.e., User Input and Account Data). It does not extend to Derived Data, Aggregated Insights, Flavor Profiles, Interaction Data, Engagement Scores, Experimental Data, or the Pairing Database, as these are either generated by Foodpairing or constitute Foodpairing’s intellectual property.
8.3. Right to Erasure Limitations. While you may request deletion of your personal data, please note that: (a) we may retain data where we have a legal obligation to do so; (b) anonymized and aggregated data that can no longer identify you is not subject to erasure requests; (c) data contributed to the Community Recipe Pool that has been accessed by other Users or incorporated into the Service may not be fully reversible; and (d) Research Data already shared with research partners in anonymized form cannot be recalled.
8.4. Response Time. We will respond to your request within 30 days. If the request is complex or we receive a large number of requests, we may extend this period by a further 60 days, and will inform you of any such extension within the initial 30-day period.
9. DATA SECURITY
9.1. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
(a) Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
(b) Access controls and authentication mechanisms;
(c) Regular security assessments and penetration testing;
(d) Employee training on data protection;
(e) Incident response procedures and breach notification processes.
9.2. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority within 72 hours and will notify affected individuals without undue delay where the breach is likely to result in a high risk, in accordance with Articles 33 and 34 GDPR.
10. AI-SPECIFIC TRANSPARENCY
10.1. Automated Decision-Making. The Service uses AI Systems to generate Outputs, including recipe suggestions, ingredient pairings, and flavor profiles. These outputs are provided for informational and inspirational purposes and do not constitute automated decisions that produce legal effects or similarly significantly affect you within the meaning of Article 22 GDPR.
10.2. Engagement Scores and Personalization. Foodpairing calculates Engagement Scores based on your Interaction Data to personalize the Service, optimize features, and inform internal product decisions. Engagement Scores do not produce legal effects or significantly affect your rights. You are not subject to decisions based solely on automated processing that produce legal effects.
10.3. Output Fingerprinting. As described in TOS §7.11, Foodpairing may embed provenance-tracking metadata in Outputs. This processing is based on our legitimate interest in protecting our intellectual property and enforcing our Terms of Service. Fingerprinting does not involve the collection or processing of additional personal data.
10.4. Model Training. Foodpairing trains its AI models using anonymized and aggregated data. User Input is not used for AI training unless: (a) it has been irreversibly anonymized; or (b) you have provided explicit opt-in consent (TOS §6.3). You may withdraw training consent at any time without affecting Service access.
11. CHILDREN’S PRIVACY
11.1. The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided personal data, we will take steps to delete such data promptly.
11.2. Users between 16 and 18 years of age may use the Service with parental consent, as described in TOS §4.2.
12. CHANGES TO THIS PRIVACY POLICY
12.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: (a) posting the updated Privacy Policy on the Service; (b) updating the “Last updated” date; and (c) sending an email notification for material changes.
12.2. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
13. CONTACT INFORMATION
13.1. For any questions, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact:
Foodpairing NV
Attn: Privacy Inquiries
Oktrooiplein 1, box 401
9000 Ghent, Belgium
Email: privacy@foodpairing.com
13.2. Belgian Supervisory Authority. You have the right to lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels, Belgium
https://www.gegevensbeschermingsautoriteit.be
Email: contact@apd-gba.be
13.3. If you reside outside Belgium, you may also lodge a complaint with the supervisory authority of your country of residence.
14. RELATED DOCUMENTS
This Privacy Policy should be read in conjunction with:
(a) Terms of Service
(b) Cookie Policy