Last updated: May 25, 2026
Your privacy is important to Fennli (https://fennli.ai). This policy explains how we collect, use, and protect your information when you use the Fennli website and web app (collectively, the “Service”).
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
Information We Collect
Account Data
When you sign up for Fennli, we collect your email address, username, and password.
Conversation Data
We store all messages you exchange with Fennli, including text messages, links you share, and photos you send (such as images of recipes or ingredients). This conversation history is used to provide contextual, personalized cooking assistance.
Recipe and Cooking Data
We store recipes you save to your collection, and also any notes, modifications and reflections you add to them.
Pantry and Shopping Data
We store information about ingredients you add to your pantry, shopping lists you create, and any reminders you set through the Service.
Dietary Preferences and Restrictions
We collect dietary preferences, food allergies, intolerances, and other dietary restrictions you share with Fennli. This information may be considered health-related data under certain privacy laws (see the “Dietary and Health-Related Data” section below). We collect this information solely to personalize your cooking assistance and ensure suggestions respect your dietary needs.
Usage and Device Data
We automatically collect usage data as you interact with the Service. This may include your device’s IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, and other diagnostic data. This data is used for analytics purposes to help us understand how the Service is used and to improve it.
Cookies
We use cookies and similar tracking technologies on our website and web dashboard to enhance your experience and analyze site traffic.
Analytics (PostHog): We use PostHog for product analytics. We collect anonymized usage data (page views, button clicks, device type) to understand how the site is used and improve it. This data is sent to PostHog’s EU servers (eu.posthog.com) and is not linked to a persistent identity unless you consent. PostHog cookies (prefixed with ph_) are only set if you accept analytics cookies via our consent banner. If you decline, no cookies are set but anonymized, non-persistent analytics data is still collected. You can review PostHog’s Privacy Policy.
You can also manage or disable cookies through your browser settings.
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service, including generating AI-powered cooking assistance.
- Personalize your experience based on your preferences, dietary needs, pantry contents, and cooking history.
- Process your transactions (handled by our Merchant of Record, Creem).
- Communicate with you about your account, updates to the Service, and (with your consent) occasional product updates.
- Analyze usage patterns to improve the Service.
- Detect, prevent, and address technical issues, abuse, or fraud.
AI Data Processing
Fennli uses third-party artificial intelligence services to generate its cooking assistance. When you send a message to Fennli, the content of your message — along with relevant context such as your dietary preferences, pantry contents, and relevant conversation history — is sent to the following AI provider for processing:
- OpenAI (GPT API)
We send only the data necessary to generate a helpful response. We do not send your email address, payment information, or account credentials to AI providers.
OpenAI processes your data according to its own privacy policy and data processing terms. Under our API agreement with OpenAI, your data is not used to train their AI models. We encourage you to review their privacy policy:
Dietary and Health-Related Data
Dietary preferences, food allergies, and intolerances may be considered health-related or “special category” data under certain privacy regulations, including the EU General Data Protection Regulation (GDPR).
We process this data based on your explicit consent, which you provide when you voluntarily share dietary restrictions with Fennli. You may withdraw this consent at any time by removing your dietary information from your account or by contacting us at [email protected].
This data is used solely to personalize your cooking assistance. We do not share your dietary or health-related data with third parties except as necessary for AI processing as described above.
Sharing of Data
We do not sell, trade, or rent your personal data to third parties. We share your data only with the following categories of service providers, and only as necessary to provide and improve the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Creem | Payment processing (Merchant of Record) | Email, name, billing address, payment details, and order/subscription details. Creem’s underlying payment processor (Stripe) handles all card data via hosted checkout — we never see or store your credit card information. |
| OpenAI | AI response generation | Message content, relevant conversation context, dietary preferences, pantry data |
| PostHog | Product analytics | Anonymized usage events, device information, IP address |
| LangSmith | AI tracing and monitoring | Message content, conversation context, AI model inputs and outputs |
| Sentry | Error tracking and monitoring | Error logs, device information, anonymized session data |
| Resend | Transactional and marketing emails | Email address |
| Cloud hosting provider | Cloud hosting | All data is hosted on our cloud hosting provider’s infrastructure |
We may also share data if required by law, to protect our rights, or to prevent fraud or abuse.
If we add new service providers that process your personal data, we will update this policy accordingly.
Data Security
We take reasonable steps to protect your data from unauthorized access, disclosure, or misuse. This includes encryption in transit (HTTPS/TLS), access controls on our database and infrastructure, and secure authentication practices.
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Payment processing is handled by our Merchant of Record, Creem, and its underlying payment processor, Stripe, which complies with the Payment Card Industry Data Security Standard (PCI DSS). Card details are entered directly into Stripe’s hosted checkout and never touch our servers. We do not process or store your payment card information.
Data Retention
We retain your data as follows:
- Account data (email, username): Retained for as long as your account is active, plus 30 days after account deletion to allow for recovery.
- Conversation history, recipes, pantry, shopping lists, and preferences: Retained for as long as your account is active. Deleted within 30 days of account deletion.
- Usage and analytics data: Retained for up to 3 years.
- Error logs (Sentry): Retained for up to 90 days.
If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain certain information.
User Rights
You can update or delete your account from within the Service. You may also request to access, modify, or delete your personal data at any time by contacting us at [email protected].
You can opt out of marketing communications by clicking “Unsubscribe” in any marketing email.
GDPR Rights (EEA Residents)
If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:
- Right to access your personal data.
- Right to rectification of inaccurate data.
- Right to erasure (“right to be forgotten”).
- Right to restrict processing.
- Right to data portability.
- Right to object to processing.
- Right to withdraw consent (for dietary/health-related data and marketing communications).
- Right to lodge a complaint with your local data protection authority.
Our legal bases for processing your data are: contract performance (providing the Service), explicit consent (dietary/health-related data, marketing), and legitimate interest (analytics, security, service improvement).
CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know what personal data we collect and how it is used.
- Request deletion of your personal data.
- Opt out of the sale of personal data. However, we do not sell personal data.
- Non-discrimination for exercising your rights.
To exercise any of these rights, contact us at [email protected].
International Data Transfers
Your information may be transferred to and processed in countries outside of your jurisdiction, including the United States. We work with service providers that offer GDPR-compliant data processing terms for cross-border transfers. Our AI provider (OpenAI) may process data in the United States and other jurisdictions; their data transfer practices are governed by their own privacy policy and data processing agreement.
Children’s Privacy
The Service is restricted to users who are 18 years and older. We do not knowingly collect personal data from children under 18. If we discover that a minor has provided us with personal data, we will take immediate steps to delete such information. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected].
Third-Party Links
The Service may contain links to third-party websites or services that are not operated by us, including recipe sources, external cooking resources, and grocery delivery services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.
Updates to This Privacy Policy
We may update this policy from time to time. We will notify you of material changes by email or through the Service. The “Last updated” date at the top of this page indicates when the policy was last revised.
Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you do not agree to the updated policy, please stop using the Service and delete your account.
Deleting Your Data
You can delete your account from within the Service. When you delete your account:
- Your personal data (email, username) will be deleted within 30 days.
- Your conversation history, saved recipes, pantry data, shopping lists, preferences, and notes will be deleted within 30 days.
- Your email address may be retained if you have a separate newsletter subscription, unless you also unsubscribe from the newsletter.
- Usage and analytics data that has already been anonymized cannot be tied back to you and will be retained per our standard analytics retention periods.
Please note that we cannot delete data held by third parties (AI providers, Creem) — you should contact those services directly regarding their data retention.
You may also request data deletion by contacting us at [email protected].
Dispute Resolution
Any disputes related to data privacy or this Privacy Policy shall be resolved through the dispute resolution process described in our Terms and Conditions.
Contact Us
If you have any questions about this Privacy Policy, you can contact us at [email protected].