Privacy Policy

Last updated: April 2, 2026

Your privacy is important to Fennli (https://fennli.ai). This policy explains how we collect, use, and protect your information when you use the Fennli website, the Fennli Telegram bot, and the Fennli web dashboard (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Account Data

When you sign up for Fennli, we collect your email address, username, and password. When you connect the Fennli Telegram bot, we also receive your Telegram user ID and Telegram username from the Telegram platform.

Conversation Data

We store all messages you exchange with the Fennli bot, including text messages, links you share, and photos you send (such as images of recipes or ingredients). This conversation history is used to provide contextual, personalized cooking assistance.

Recipe and Cooking Data

We store recipes you save to your collection, notes and modifications you add to recipes, and any ratings or reflections you record.

Pantry and Shopping Data

We store information about ingredients you add to your pantry, shopping lists you create, and any reminders you set through the Service.

Dietary Preferences and Restrictions

We collect dietary preferences, food allergies, intolerances, and other dietary restrictions you share with Fennli. This information may be considered health-related data under certain privacy laws (see the “Dietary and Health-Related Data” section below). We collect this information solely to personalize your cooking assistance and ensure suggestions respect your dietary needs.

Usage and Device Data

We automatically collect usage data as you interact with the Service. This may include your device’s IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, and other diagnostic data. This data is used for analytics purposes to help us understand how the Service is used and to improve it.

Cookies

We use cookies and similar tracking technologies on our website and web dashboard to enhance your experience and analyze site traffic.

Analytics (PostHog): We use PostHog for product analytics. We collect anonymized usage data (page views, button clicks, device type) to understand how the site is used and improve it. This data is sent to PostHog’s EU servers (eu.posthog.com) and is not linked to a persistent identity unless you consent. PostHog cookies (prefixed with ph_) are only set if you accept analytics cookies via our consent banner. If you decline, no cookies are set but anonymized, non-persistent analytics data is still collected. You can review PostHog’s Privacy Policy.

You can also manage or disable cookies through your browser settings.

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service, including generating AI-powered cooking assistance.
Personalize your experience based on your preferences, dietary needs, pantry contents, and cooking history.
Process your transactions (handled by our Merchant of Record, Paddle).
Communicate with you about your account, updates to the Service, and (with your consent) occasional product updates.
Analyze usage patterns to improve the Service.
Detect, prevent, and address technical issues, abuse, or fraud.

AI Data Processing

Fennli uses third-party artificial intelligence services to generate its cooking assistance. When you send a message to the Fennli bot, the content of your message — along with relevant context such as your dietary preferences, pantry contents, and relevant conversation history — is sent to the following AI provider for processing:

OpenAI (GPT API)

We send only the data necessary to generate a helpful response. We do not send your email address, payment information, or account credentials to AI providers.

OpenAI processes your data according to its own privacy policy and data processing terms. Under our API agreement with OpenAI, your data is not used to train their AI models. We encourage you to review their privacy policy:

OpenAI Privacy Policy

Dietary preferences, food allergies, and intolerances may be considered health-related or “special category” data under certain privacy regulations, including the EU General Data Protection Regulation (GDPR).

We process this data based on your explicit consent, which you provide when you voluntarily share dietary restrictions with Fennli. You may withdraw this consent at any time by removing your dietary information from your account or by contacting us at [email protected].

This data is used solely to personalize your cooking assistance. We do not share your dietary or health-related data with third parties except as necessary for AI processing as described above.

We do not sell, trade, or rent your personal data to third parties. We share your data only with the following categories of service providers, and only as necessary to provide and improve the Service:

Provider	Purpose	Data Shared
Paddle	Payment processing (Merchant of Record)	Email, subscription details. Paddle handles all payment data directly — we never see or store your credit card information.
OpenAI	AI response generation	Message content, relevant conversation context, dietary preferences, pantry data
Telegram	Messaging platform	Messages you send and receive through the bot, your Telegram user ID and username
PostHog	Product analytics	Anonymized usage events, device information, IP address
LangSmith	AI tracing and monitoring	Message content, conversation context, AI model inputs and outputs
Sentry	Error tracking and monitoring	Error logs, device information, anonymized session data
Resend	Transactional and marketing emails	Email address
Cloud hosting provider	Cloud hosting	All data is hosted on our cloud hosting provider’s infrastructure

We may also share data if required by law, to protect our rights, or to prevent fraud or abuse.

If we add new service providers that process your personal data, we will update this policy accordingly.

Telegram-Specific Data

When you use the Fennli Telegram bot, Telegram provides us with your Telegram user ID, your Telegram username, the content of messages you send to the bot, and any photos or files you share with the bot.

We do not have access to your Telegram messages outside of your conversation with the Fennli bot. We do not have access to your Telegram contacts, groups, or other Telegram activity.

Telegram independently stores your messages on its servers according to its own privacy policy and data retention practices. We have no control over Telegram’s handling of your data. We encourage you to review Telegram’s Privacy Policy.

Data Security

We take reasonable steps to protect your data from unauthorized access, disclosure, or misuse. This includes encryption in transit (HTTPS/TLS), access controls on our database and infrastructure, and secure authentication practices.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Payment processing is handled entirely by Paddle, which complies with the Payment Card Industry Data Security Standard (PCI DSS). We do not process or store your payment card information.

Data Retention

We retain your data as follows:

Account data (email, username): Retained for as long as your account is active, plus 30 days after account deletion to allow for recovery.
Conversation history, recipes, pantry, shopping lists, and preferences: Retained for as long as your account is active. Deleted within 30 days of account deletion.
Usage and analytics data: Retained for up to 3 years.
Error logs (Sentry): Retained for up to 90 days.

If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain certain information.

User Rights

You can update or delete your account from within the Service. You may also request to access, modify, or delete your personal data at any time by contacting us at [email protected].

You can opt out of marketing communications by clicking “Unsubscribe” in any marketing email.

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

Right to access your personal data.
Right to rectification of inaccurate data.
Right to erasure (“right to be forgotten”).
Right to restrict processing.
Right to data portability.
Right to object to processing.
Right to withdraw consent (for dietary/health-related data and marketing communications).
Right to lodge a complaint with your local data protection authority.

Our legal bases for processing your data are: contract performance (providing the Service), explicit consent (dietary/health-related data, marketing), and legitimate interest (analytics, security, service improvement).

CCPA Rights (California Residents)

If you are a California resident, you have the right to:

Know what personal data we collect and how it is used.
Request deletion of your personal data.
Opt out of the sale of personal data. However, we do not sell personal data.
Non-discrimination for exercising your rights.

To exercise any of these rights, contact us at [email protected].

International Data Transfers

Your information may be transferred to and processed in countries outside of your jurisdiction, including the United States. If you are in the European Economic Area (EEA), we ensure that adequate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data during cross-border transfers. Our AI provider (OpenAI) may process data in the United States and other jurisdictions; their data transfer practices are governed by their own privacy policy and data processing agreement.

Children’s Privacy

The Service is restricted to users who are 18 years and older. We do not knowingly collect personal data from children under 18. If we discover that a minor has provided us with personal data, we will take immediate steps to delete such information. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected].

Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us, including recipe sources, external cooking resources, and grocery delivery services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.

Updates to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes by email or through the Service at least fourteen (14) days before they take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you do not agree to the updated policy, please stop using the Service and delete your account.

Deleting Your Data

You can delete your account from within the Service. When you delete your account:

Your personal data (email, username, Telegram user ID) will be deleted within 30 days.
Your conversation history, saved recipes, pantry data, shopping lists, preferences, and notes will be deleted within 30 days.
Your email address may be retained if you have a separate newsletter subscription, unless you also unsubscribe from the newsletter.
Usage and analytics data that has already been anonymized cannot be tied back to you and will be retained per our standard analytics retention periods.

Please note that we cannot delete data held by third parties (Telegram, AI providers, Paddle) — you should contact those services directly regarding their data retention.

You may also request data deletion by contacting us at [email protected].

Dispute Resolution

Any disputes related to data privacy or this Privacy Policy shall be resolved through the dispute resolution process described in our Terms and Conditions.

Contact Us

If you have any questions about this Privacy Policy, you can contact us at [email protected].