Who we are
Make It Again is made by Worth Spreading, a sole proprietorship (eenmanszaak) registered in the Netherlands KVK number — arriving 10 July. We are the data controller. Questions or requests: support@worthspreading.com.
What Make It Again is
A household cookbook: a private place where you keep the recipes your family actually makes, cook them hands-free, plan the week, and shop from one list. An AI helps you capture recipes and answers questions about them, and a small community cookbook lets you share a recipe if you choose to. Nothing in this policy changes that basic shape: your data exists to serve you; we don’t sell it, rent it, or use it for advertising.
The data we process, and why
1. Your account
A Firebase user ID is created the moment you open the app (anonymously — no sign-up needed). If you later sign in with a passwordless email link — to subscribe, join a household, or add a device — we store that email so your cookbook can follow you. Your email is a key, not a channel: we use it to open your account, not to send you marketing. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
2. Your cookbook
The recipes you save: ingredients, steps, your photos, the original captures (the photo of grandma’s card stays in the recipe’s gallery), your notes and “for next time” lines, your cook log and keeper marks, your week plan, shopping lists and staples. It syncs through your private space so every device in your household sees the same cookbook. Basis: contract.
3. Recipe captures & AI processing
When you snap a photo or card, paste a link, or speak a recipe aloud — and when you ask Sous something — the relevant text or image is sent to our EU server and processed by Google’s Gemini API to produce the result, which you review before it saves. This is per-request processing on our instructions: the content is not used by us to profile you, and we use Google’s paid API tier, whose terms mean your content is not used to train Google’s models. Voice input becomes text using your phone’s own dictation; Make It Again never stores audio. Basis: contract.
4. Your household
A household connects up to five accounts to one shared cookbook, plan and list. Everyone in it sees the shared content and each other’s first names; nobody outside it sees anything. Leaving a household stops the sharing from that moment. Basis: contract.
5. Sharing to the community cookbook
Publishing a recipe is always an explicit, separate choice — nothing you save is ever public by default. If you publish, the recipe, your chosen public name (or “A home kitchen” if you prefer not to be named) and the recipe’s photos are reviewed by a person and then made public under the licence described in the terms. Your account identity is never shown. Basis: contract (you asked us to publish it).
6. Usage statistics & crash reports
Analytics collection is off by default. If you switch it on in Settings, we count anonymous, content-free events (e.g. “a recipe was captured”) via Google Analytics for Firebase to understand what’s worth improving — never your recipes, notes, names or emails. The consent flag itself lives only on your device and never syncs. Crash reports (Crashlytics) help us fix bugs. No advertising identifiers, no ad networks. Basis: consent (Art. 6(1)(a)) for analytics; legitimate interest in a working product (Art. 6(1)(f)) for crash reports. You can switch analytics off again any time.
7. Purchases & banked months
Subscriptions are bought from Apple or Google and managed by RevenueCat for us (your user ID, email if signed in, and purchase state). We never see your card. Free months you earn by publishing recipes are recorded as promotional entitlements on the same RevenueCat record, so they can be used up before you’re ever charged again. Basis: contract.
Where your data lives
Your account data is stored in Google Firebase (Firestore/Storage) in the EU: multi-region eur3, with our functions running in europe-west1 (Belgium). For AI requests, Gemini may process content outside the EU; that transfer relies on the EU-US Data Privacy Framework and the European Commission’s Standard Contractual Clauses as implemented in Google’s data-processing terms — and on the paid tier we use, content is not used for training and only short-lived abuse-monitoring logs exist. RevenueCat (US) is covered by the same mechanisms.
Our processors
Google Ireland/Google LLC (Firebase: authentication, database, storage, functions, optional analytics, crash reporting; Gemini API for AI processing) · RevenueCat, Inc. (US — subscriptions and banked-month entitlements) · Apple / Google additionally act as independent controllers for store billing you initiate with them.
Retention
Your cookbook lives until you delete it or delete your account. If you switched analytics on, those anonymous events auto-delete after at most 14 months; crash reports after 90 days. Published community recipes remain public under their licence (see the terms — you can withdraw them from future distribution). We add no hidden copies and no marketing lists.
Deletion
Settings → Delete account erases your recipes, photos, notes, cook log, plans and lists, your RevenueCat customer record, and the sign-in itself — server-side, with a full export offered first. If you’re in a household, your personal data leaves it; the household’s shared cookbook stays with the people still in it. No access to the app anymore? Request deletion at worthspreading.com/makeitagain/support#delete or email support@worthspreading.com from your account address. Honest footnote: recipes you published to the community were licensed to the world when you published them — we can stop distributing them ourselves, but copies already out under CC BY 4.0 remain licensed; and files cached on your own device are yours to clear by deleting the app.
Your rights (GDPR)
Access, rectification, erasure, portability, restriction, objection, and withdrawal of consent — write to support@worthspreading.com and we’ll act within a month. The app itself gives you the fast paths: full export (JSON, PDFs, your photos — free forever, and offered before deletion) and full deletion in-app. You can complain to the Dutch DPA, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
Children
Make It Again is not directed at children and is not for users under 16. Household membership is for people old enough to hold their own account.
Changes
We’ll announce material changes in the app and on this page before they take effect, with the date above updated.