Mixidoo

Privacy Policy

Last updated: 14 May 2026

Mixidoo ("we", "us", or "our") operates the website mixidoo.co.uk (the "Service"). This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed password. If you sign in with Google, we receive your name and email address from Google.

Cookidoo Credentials

If you choose to connect your Cookidoo account, we store your Cookidoo email and an encrypted version of your Cookidoo password. Your password is encrypted using AES-256 encryption before storage and is only decrypted when uploading recipes to your Cookidoo account. We never store your Cookidoo password in plain text.

Recipe Data

We store the recipes you convert, including the original recipe content extracted from source URLs and the converted Thermomix instructions. Recipe images are referenced by URL from their original source.

Usage Data

We collect anonymous usage analytics through Microsoft Clarity to understand how users interact with our Service. This may include page views, click patterns, and session recordings. No personally identifiable information is collected through analytics. Analytics cookies are only set after you grant consent via the cookie banner.

Error Monitoring and Session Replay

We use Sentry to capture client- and server-side errors so we can diagnose and fix bugs. Error reports contain technical information such as the page URL, browser type, and a stack trace. When you consent to analytics cookies, Sentry may also record an anonymised replay of your session if an error occurs, to help us reproduce the problem. Replays exclude text input and media by default (everything is masked or blocked), and no replays are recorded unless you opt in. Sentry is operated from the United States; see International Transfers below.

Rate Limiting

To protect the Service from abuse, we use Upstash Redis to rate-limit API requests. Upstash receives a hashed (irreversible) identifier derived from your IP address and the count of recent requests. Raw IP addresses are not stored.

Payment Information

Payment processing is handled by Paddle. We do not store your credit card details. Paddle processes and stores your payment information in accordance with their own privacy policy.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Convert recipes to Thermomix format
  • Upload recipes to your Cookidoo account (when requested)
  • Process subscription payments
  • Send transactional emails (password resets, account confirmations)
  • Improve the Service through anonymous usage analytics

3. Data Storage and Security

Your data is stored securely using Supabase, which provides enterprise-grade security with row-level security policies, encryption at rest, and encrypted connections. Our servers are hosted in the United States.

Cookidoo passwords are additionally encrypted with AES-256 encryption before database storage. We implement appropriate technical and organisational measures to protect your data.

4. Data Sharing

We do not sell your personal data. We share data only with the following service providers who are necessary to operate the Service:

  • Supabase — database and authentication
  • Paddle — payment processing
  • Vercel — hosting and deployment
  • Microsoft Clarity — anonymous usage analytics (only with consent)
  • Sentry — error monitoring and optional session replay (replay only with consent)
  • Upstash — Redis-based API rate limiting (hashed IP-derived identifiers only)
  • Resend — transactional email delivery
  • Groq / Google AI — AI recipe conversion (recipe content only, no personal data)

4a. International Transfers

Several of our processors are based outside the United Kingdom (notably Supabase, Vercel, Sentry, Microsoft Clarity, Upstash, Paddle, Groq and Google AI). Where personal data is transferred outside the UK, we rely on the UK's International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses (Chapter V, UK GDPR), together with the processors' own technical and organisational safeguards. You may request further information about these safeguards by contacting us at the address below.

5. Your Rights (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under GDPR:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Restriction — request restriction of processing
  • Portability — request your data in a portable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, please contact us at support@mixidoo.co.uk.

6. Data Retention

We retain your account data and recipes for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymous analytics data may be retained indefinitely.

7. Cookies

We use strictly necessary cookies for authentication and session management; these cannot be turned off. Optional analytics cookies (Microsoft Clarity) and Sentry session replay only run after you consent via the cookie banner. You can withdraw or change your consent at any time using the "Cookie preferences" link in the footer.

8. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this privacy policy or our data practices, please contact us at: support@mixidoo.co.uk