Features
Tools
Calculator Yeast Converter Temperature Converter Cups to Grams DDT Calculator
FAQ Blog
Language
Google Play

Flourwise Privacy Policy

Last Updated: April 21, 2026 Version: 2.0

📢 What's new in version 2.0

Version 2.0 introduces three new processing areas, all optional and described below:

  • Optional "Import with AI" feature (Google Gemini) — see Section 4
  • Optional anonymous analytics and crash reports (Firebase Analytics + Crashlytics) — see Section 4a
  • System-level Android Auto Backup to your personal Google Drive — see Section 4b

All three can be turned off (opt-out) or never enabled in the first place (opt-in). If you do not use them, your recipes, bakes, photos, and notes remain strictly local on your device.

1. Introduction

Flourwise ("we", "our app") respects the privacy of its users. This Privacy Policy explains what data we collect, how we process it, and what rights you have regarding its processing.

The app works mainly locally - your recipes, ingredients, and baking data are stored exclusively on your device and are not automatically sent to the cloud or external servers.

2. Data Controller

Data Controller:

Mariusz Lasak ul. Zakopiańska 19 34-323 Ślemień Poland Tax ID: 6443468840 Contact email: support@flourwise.com App website: https://flourwise.com

Legal Basis:

Data processing is based on:

3. What Data We Collect and Store

3.1 Data Stored Locally (on Your Device)

Type of data: Purpose of processing:

Enabling basic app functions (creating, editing, and viewing recipes).

Legal basis:

Art. 6 para. 1 lit. b GDPR (service provision).

Retention period:

Data is stored on your device until you delete it or uninstall the app.

Sharing:

This data is NOT automatically sent to us or any third parties. You can export it to a PDF file - then it is saved in a location you choose.

3.2 Payments and Subscriptions (Google Play Billing)

Type of data:

If you use the Premium version of the app, the following data is processed by Google Play Store:

Purpose of processing:

Enabling purchase and management of Premium subscription in the app.

Legal basis:

Art. 6 para. 1 lit. b GDPR (contract performance - Premium service provision).

Sharing:

This data is processed exclusively by Google LLC in accordance with Google's Privacy Policy. We do not have direct access to your credit card data - all payments are handled by Google Play's secure infrastructure.

Retention period:

Data is stored by Google in accordance with their policy and legal requirements for financial documentation.

Your rights:

You can manage your subscription and cancel it at any time in Google Play settings.

3.3 Newsletter

Type of data:

When you subscribe to our newsletter on the website, we collect:

Purpose of processing:

Sending you baking tips, blog updates, and app news.

Legal basis:

Art. 6 para. 1 lit. a GDPR (your explicit consent via checkbox).

Service provider:

We use Brevo (Sendinblue) to manage our newsletter. Brevo is GDPR compliant and stores data on EU servers (Frankfurt, Germany). Brevo Privacy Policy

Retention period:

Until you unsubscribe or 2 years of inactivity.

Your rights:

4. AI Recipe Import (Google Gemini) — optional

The app includes an optional "Import with AI" feature that lets you quickly add a recipe from a link (URL), photo, or pasted text. It uses an external AI model — Google Gemini, accessed via the Google Gemini API (Google LLC, USA).

The feature is fully voluntary and requires an active action on your part (tapping the "Import with AI" button). If you do not use it, no data is sent to Google Gemini on this account.

4.1 How it works

  1. You tap "Import with AI" and choose a source: URL, photo, or text.
  2. For URL — the app fetches publicly available page content via HTTPS using a standard mobile Chrome User-Agent (many blogs block uncommon user-agents outright, so we present as a regular mobile browser visit). For photo — the app sends a copy of the selected image. For text — the pasted text is sent.
  3. The fetched content (URL/photo/text) is sent to the Google Gemini API along with a system prompt instructing the AI to extract ingredients, steps, and recipe metadata.
  4. Google Gemini returns structured data (JSON) with ingredients and steps.
  5. The app saves the extracted recipe locally only on your device. Nothing is synced to our cloud.

4.2 What data is sent to Google

4.2a What the blog owner sees (URL import only)

When you import a recipe from a URL, the app fetches the page directly from the blog (HTTPS GET request with a standard mobile Chrome User-Agent). This is a standard HTTP fetch — the blog's web server sees:

We do not send your name, account details, or any other Flourwise data to the blog. The blog can independently log or analyse the IP per its own privacy policy. To avoid exposing your IP to the blog, use the Text import tab instead — paste the recipe text and the blog is not contacted at all.

4.3 What data is NOT sent

4.4 Processor

Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), acting as a data processor under GDPR Art. 28, through the Gemini API service.

Processing is governed by the Google Cloud Data Processing Addendum (DPA), which binds all Google Cloud / Gemini API customers.

4.5 Data Transfer to the USA

Google Gemini API servers are located in the United States. Transfer of your data outside the European Economic Area (EEA) is based on:

List of certified entities (including Google LLC): dataprivacyframework.gov/list.

4.6 AI Model Training — Your Data is NOT Used for Training

Flourwise uses the paid tier of the Google Gemini API. Per the Gemini API Additional Terms of Service:

4.7 Data Retention

Data type Retention period Where
Extracted recipe (AI output) Until you delete it or uninstall the app Local — your device
Input data (URL/photo/text) Limited period (abuse detection) Google LLC (USA)
Step photos fetched from the blog Until you delete the recipe Local — your device

4.8 Third-Party Data (URL import) — GDPR Article 14

When you import a recipe from a blog URL, we also capture publicly available information about the blog author (author name, site name). This data is not obtained from the data subject (the blog author), so GDPR Article 14 applies.

4.8a Why we don't notify blog authors individually (GDPR Art. 14(5)(b))

Providing individual notice to each blog author whose recipe metadata our users import would require disproportionate effort: we would need to identify, locate, and contact thousands of independent bloggers globally whose content our users choose to import. The scraper honors robots.txt (RFC 9309) and noai / noimageai / TDM Reservation signals (see section 4.13), offers a Text tab as a non-automated alternative, and provides support@flourwise.com as an opt-out channel for any blog owner who wishes to be excluded. Under GDPR Art. 14(5)(b), these measures constitute the appropriate safeguards required when individual notice is not feasible. This Privacy Policy itself serves as the public notice required under Art. 14(5)(b).

4.9 No Automated Decision-Making (GDPR Art. 22)

The AI Import feature does not make any decisions about you. The AI only parses content from your input (URL/photo/text) into a structured recipe format (ingredients, steps, metadata). It does not generate a profile, does not evaluate you, does not make decisions affecting your rights or freedoms.

GDPR Article 22 does not apply. Nevertheless:

4.10 Legal Basis

4.11 Your Rights Regarding the AI Feature

4.12 Technical Safeguards

4.13 Respect for website owner preferences

For URL import, Flourwise honors standard web opt-out mechanisms before sending anything to AI:

These measures implement "good web citizenship": we fetch publicly available pages only when the owner does not object via standard signals. Users retain the ability to manually copy-paste recipe text into the app (Text tab) — that path does not involve any automated fetching from the blog.

4a. Diagnostic Data (Firebase Analytics & Crashlytics)

Starting in version 2.0, Flourwise uses Firebase Analytics (anonymous usage metrics) and Firebase Crashlytics (crash reports) from Google LLC to improve app quality and detect technical problems.

4a.1 What data is collected

4a.2 What data is NOT collected

4a.3 Processor

Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), acting under the Firebase Data Processing and Security Terms. Data is stored on Google Cloud infrastructure in the United States.

4a.4 Retention

2 months — minimized from the Firebase default of 14 months. Configured in the Firebase Console under Analytics → Data Settings → Data Retention.

4a.5 International transfer (USA)

Same legal framework as for Google Gemini (see Section 4.5): EU-U.S. Data Privacy Framework + SCC + Google Cloud DPA.

4a.6 Legal basis

GDPR Art. 6(1)(f) — legitimate interest (product improvement, debugging, crash diagnosis). We minimize the data collected (anonymous installation ID, event metadata only, 2-month retention) to balance legitimate interest against your privacy rights.

4a.7 Right to opt out

Firebase Analytics and Crashlytics collection can be disabled directly in the app: Settings → Privacy → toggle "Anonymous usage analytics" or "Crash reports". The change takes effect immediately (the SDK stops sending events). You can also disable globally via Google Play Services (device Settings → Google → Usage & Diagnostics) or by uninstalling the app. In debug builds, Crashlytics is always disabled regardless of toggles to avoid polluting production metrics.

Technical limitation of the Firebase SDK: Google's Firebase Analytics SDK sends anonymous operational events regardless of your consent choice: the first_open event on first app installation, and a Firebase SDK Heartbeat each time the app's process is started fresh (known as a cold start, typically a few times a day when you reopen the app after Android has freed its memory). Each such event contains only a timestamp, the app's Firebase project identifier, the SDK version, the operating system version, and the device language. It does not contain any user identifier, advertising ID, recipe content, screen views, or personal information. This is a built-in behavior of the Firebase SDK that cannot be disabled from the application code without removing the analytics dependency entirely. After opt-out, no further data (analytics events, screen views, custom events such as paywall_converted, scraper_started) is sent.

4a.8 No profiling

Firebase Analytics data is not used to make automated decisions about you (GDPR Art. 22 does not apply). Event data is aggregated for product metrics, never used to identify individual users.

4b. Automatic Device Backup (Android Auto Backup)

Flourwise uses the standard Android Auto Backup mechanism. Your app data (recipes, bakes, starters, photos, settings) is automatically backed up to your personal Google Drive account, managed by the Android operating system.

4b.1 How it works

4b.2 What is backed up

4b.3 What is NOT backed up

4b.4 Controller and processor

You are the data controller for your Google Drive backups. Google LLC is the processor for your Google Drive account under your agreement with Google. Flourwise does not have access to these backup files — they are readable only by the app itself during restore.

4b.5 Retention

Controlled by you. Google keeps the backup for your app as long as you use the app at least once every 2 months. If you do not use the app for 2 months, Google may delete the backup automatically. You can also delete backups manually at any time in the Google Drive app.

4b.6 How to opt out

You can disable automatic backup on your device: Settings → Google → Backup → toggle off for Flourwise, or globally: Settings → System → Backup → Google Drive.

4b.7 Encryption

Android backups are end-to-end encrypted (E2EE) on devices running Android 9 or later when a screen lock is set (PIN, password, or pattern). The encryption key is derived from the screen lock and is not known to Google — even Google cannot read such a backup without your device and its screen lock. On older Android versions or when no screen lock is set, the backup uses standard server-side encryption, but the key is held by Google. This encryption policy is fully managed by the Android system, not by Flourwise.

5. App Permissions

The app may request the following permissions:

5.1 Files and Photos (no permissions required)

Mechanisms used: Purpose: Important:

The app does NOT require permissions to access storage or files. Android system automatically shows file/photo selection dialogs, and the app receives access only to the files you choose.

When:

Only when the user selects the option to add a photo, export or import data.

5.2 Notifications

Purpose: When:

Only when the user sets a timer or uses baking mode.

5.3 Camera — optional

Purpose: When:

Only when the user selects "Take photo" option (instead of "Choose from gallery").

5.4 Timers and Alarms

Purpose: Permissions: When:

Automatically activated when you use timer functions in baking mode.

Important: The only actual permission required by the app is CAMERA - and only if you want to take photos directly from the app. All other features (export, backup, selecting photos from gallery) work without any permissions thanks to Android system mechanisms.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

6.1 Right of Access (Art. 15 GDPR)

You can request information about what data we process about you.

How to exercise:

View in the app - all recipes and settings are stored locally on your device.

6.2 Right to Rectification (Art. 16 GDPR)

You can correct or update your data.

How to exercise:

Edit directly in the app - all data is local.

6.3 Right to Erasure - "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your data.

How to exercise:

Uninstall the app or delete recipes in settings. All data is stored locally on your device, so deleting it removes it completely.

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request suspension of data processing.

How to exercise:

Write to us at support@flourwise.com

6.5 Right to Data Portability (Art. 20 GDPR)

You can receive your data in a format that allows its transfer.

How to exercise:

Use "Export recipes to PDF" or "Export to JSON" function in the app.

6.6 Right to Object (Art. 21 GDPR)

You can object to data processing.

How to exercise:

Write to us at support@flourwise.com

6.7 Right to Withdraw Consent

If data is processed based on consent, you can withdraw it at any time.

How to exercise:

Write to us at support@flourwise.com

Response time: We will respond to your request within 30 days.

7. Right to Complaint

If you believe we process your data unlawfully, you have the right to file a complaint with:

Personal Data Protection Office (UODO)

ul. Stawki 2 00-193 Warsaw Phone: +48 22 531 03 00 Email: kancelaria@uodo.gov.pl Website: https://uodo.gov.pl

8. Data Security

We care about the security of your data through:

8.1 Reporting Security Breaches

In case of a personal data breach:

  1. Obligation to report to UODO:
    The Controller reports the breach to the Personal Data Protection Office within 72 hours of becoming aware of the breach (in accordance with Art. 33 GDPR).
  2. Notifying users:
    In case of serious breaches that may result in high risk to users' rights and freedoms, we will notify users without undue delay (in accordance with Art. 34 GDPR). The notification will contain information about the nature of the breach and recommended actions.
  3. Reporting incidents:
    If you suspect a breach of your data security, contact us immediately at support@flourwise.com

9. Children's Data

Flourwise is a general-purpose service not directed at children. We do not knowingly collect personal data from children below the minimum age in their jurisdiction:

If we learn that a child below the applicable age has used the app, we will delete their data. Parents or guardians can request deletion by contacting support@flourwise.com.

Note: we do not ask for date of birth or run an age-gate dialog because the app does not expose content requiring age verification (no social features, no user-generated content visible to others, no advertising to children, no in-app purchases targeted at children). Google Play classifies the app as "General audience".

10. Changes to Privacy Policy

We may update this Privacy Policy. We will inform you about significant changes through:

We recommend regularly checking this page.

11. Contact

If you have questions about this Privacy Policy or data processing, contact us:

Email: support@flourwise.com Website: https://flourwise.com Response time: Up to 7 business days

12. Cookies & Website Hosting

The mobile app does not use cookies. All preferences are stored locally in device memory (Android DataStore).

The website (flourwise.com) is hosted on Google Firebase Hosting. Firebase may automatically collect standard server logs, including IP addresses and request metadata, for security and operational purposes. This data is processed by Google under their Firebase Privacy Policy. The website does not use tracking cookies or advertising pixels.

The website uses Umami Analytics to collect anonymous, aggregated usage statistics (page views, visit duration, referrers, country, device type). Umami is a privacy-focused, GDPR-compliant analytics tool — it does not set any cookies, does not use localStorage, and does not fingerprint or identify individual visitors. No personal data is collected or stored. For more information, see Umami's Privacy Policy.

13. Compliance with Regulations

This policy complies with the following legal frameworks:

13.1 U.S. State Privacy Rights (CCPA/CPRA and other states)

If you are a resident of a U.S. state with a comprehensive privacy law, you have the following rights:

California Privacy Rights Notice (§ 1798.135): We do not sell or share your personal information. This applies to both our mobile app and our website.

13.2 LGPD Rights (Brazil)

13.3 EU AI Act — AI Content Labelling Obligation

Article 50 of the EU AI Act enters into force on 2 August 2026 and requires clear labelling of AI-generated or modified content. Flourwise already implements this principle today: recipes imported through the "Import with AI" feature (from a URL, photo, or text) are tagged with a visible icon and an "AI Import" label in the recipe details. Always verify ingredients and steps before baking — AI can make mistakes.

14. Data Export and Deletion - Practical Guide

How to Export Your Data:

Single recipe to PDF:

1. Open recipe 2. Click menu (⋮) in top-right corner 3. Select Export to PDF 4. Save to chosen location

All recipes (JSON):

1. Go to Settings 2. Select Data and privacy 3. Click Export recipes

Full backup (JSON):

1. Go to Settings 2. Select Data and privacy 3. Click Backup

How to Delete Local Data:

Single recipe:

1. Open recipe 2. Click menu (⋮) in top-right corner 3. Select Delete

All data:

1. Go to Settings 2. Select Data and privacy 3. Click Clear all data

Complete deletion:

Uninstall the app (removes all local data)

15. Frequently Asked Questions (FAQ)

Q: Are my recipes sent to the cloud?

A: No. All recipes are stored locally on your device.

Q: Can I use the app without Internet?

A: Yes! The app works fully offline. All features are available without an internet connection.

Q: Is my data sold?

A: We don't sell any data. All data is stored locally on your device.

Q: What will happen to my data if you stop developing the app?

A: Your data will remain on the device. The app stores all data locally.

Thank you for trusting and using Flourwise! 🥖

*Last updated: April 21, 2026* *Version: 2.0* *Language: English (EN)*

Flourwise Android App
Google Play