Privacy Policy

Last updated: 11 May 2026

This Privacy Policy describes how mise.en.place ("we", "us", or "our") collects, uses, shares, and protects your personal information when you use the mise.en.place mobile application and website at yourmiseenplace.app and yourmiseenplace.com (together, the "App").

The App is operated by mise.en.place, a sole trader business based in Victoria, Australia. We act as the "data controller" for the personal information described in this policy.

If you have any questions about this policy or your personal information, contact us at privacy@yourmiseenplace.app.

1. Summary

In plain terms:

We collect the information you give us when you sign up and use the App (email, name, recipes, photos, posts, comments, etc.)
We collect a small amount of technical information automatically (device type, IP address, app usage) to keep the App running and secure
We use this information to operate the App, keep it safe, and improve it
We do not sell your personal information
We do not track you across other apps or websites for advertising
You can access, correct, or delete your data at any time from within the App
We store your data with Supabase, a hosting provider that processes data on our behalf, in their secure cloud infrastructure

The rest of this policy explains all of this in more detail.

2. Information we collect

2.1 Information you give us

When you create an account and use the App, you give us:

Account information — email address, password (stored as a secure hash, never in plain text), username, display name
Profile information — profile photo, avatar colour, bio, dietary preferences, and any other information you choose to add
Your Content — recipes, photos, posts, comments, reactions, cook history, and any other content you create on the App
Communications — messages you send us (for example, when you contact support, file a report, or respond to a survey)

2.2 Information collected automatically

When you use the App, we automatically collect:

Device and technical information — device type, operating system version, app version, language, time zone, screen size
Log data — IP address, access times, pages or screens viewed, error reports, and crash data
Approximate location — derived from your IP address (country/region level, not precise GPS)

2.3 Information from third parties

If you choose to sign in using a third-party identity provider in the future (such as Apple, Google, or Facebook), we will receive your email address and the information that provider sends us. We do not currently offer third-party sign-in.

2.4 Information we do not collect

To be clear, we do not:

Collect precise GPS location
Access your contacts, calendar, or microphone
Track you across other apps or websites
Collect health data, financial data, or government identifiers
Use any third-party analytics or advertising trackers (as of the date above)

If we add any new categories of data collection in the future, we will update this policy and notify you.

3. How we use your information

We use your information to:

Operate the App — create and manage your account, store your recipes and posts, deliver notifications, show you other users' content, run the feed and search
Keep the App safe — detect and prevent fraud, abuse, spam, harassment, and violations of our Terms of Service; respond to reports and moderate content; enforce our Terms
Improve the App — understand how the App is used in aggregate so we can fix bugs and design new features
Communicate with you — send you account-related emails (password resets, security alerts), respond to your support requests, and notify you of changes to the App or this policy
Comply with the law — meet our legal obligations, respond to valid legal requests, and protect our rights and the rights of others

We do not use your personal information for automated decision-making that produces legal or similarly significant effects on you.

4. Legal basis for processing (EU/UK users)

If you are in the European Union or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

Contract — to provide the App to you under our Terms of Service (Article 6(1)(b))
Legitimate interest — to keep the App safe, prevent abuse, and improve our services (Article 6(1)(f))
Consent — where you have specifically agreed to a particular use of your data (Article 6(1)(a))
Legal obligation — where we are required by law to process your data (Article 6(1)(c))

You have the right to withdraw consent at any time where consent is the legal basis, without affecting any processing already carried out.

5. How we share your information

We share your information only in the limited ways described below.

5.1 With other users of the App

Some of your information is visible to other users by design:

Your username, display name, profile photo, and bio are visible to other users
Recipes, posts, photos, comments, and reactions you publish are visible to other users based on the visibility settings you choose ("private", "followers", or "community")
Your follow / friend relationships may be visible to your followers and to people you follow

You control what you publish. If you do not want something to be visible, do not post it publicly.

5.2 With service providers (data processors)

We use the following third-party service providers to operate the App. These providers process your data on our behalf under contractual terms that require them to protect your data and use it only for the purposes we specify:

Supabase, Inc. — database hosting, authentication, and file storage. Supabase stores your account information, Your Content, and photos.
Vercel, Inc. — website and app hosting for our web frontend
Cloudflare, Inc. — DNS, email routing, and content delivery
Apple Inc. and Google LLC — to the extent required for app distribution, crash reporting, and platform-required functions on iOS and Android

If we add or change service providers, we will update this policy.

5.3 For legal reasons

We may disclose your information if we believe in good faith that disclosure is necessary to:

Comply with a court order, subpoena, or other valid legal request
Investigate suspected fraud, abuse, or violations of our Terms of Service
Protect the rights, property, or safety of us, our users, or the public
Cooperate with law enforcement where required by law

Where lawful and practical, we will attempt to notify you before disclosing your data in response to a legal request.

5.4 In a business transfer

If we are involved in a merger, acquisition, restructure, or sale of assets, your information may be transferred as part of that transaction. We will notify you (by email or by a notice in the App) before your information becomes subject to a different privacy policy.

5.5 We do not sell your personal information

We do not sell your personal information to data brokers, advertisers, or other third parties for their own marketing purposes. We do not, and will not, monetise your data this way.

6. International data transfers

mise.en.place is operated from Australia. Our service providers may store and process your data in countries outside Australia, including the United States and the European Union.

When your data is transferred outside your country, we rely on appropriate safeguards permitted by law, including:

Standard Contractual Clauses approved by the European Commission for transfers from the EU/UK
Adequacy decisions where they exist
The terms of our agreements with our service providers, which require them to protect your data to a standard equivalent to the laws of your country

You can contact us at privacy@yourmiseenplace.app for more information about international transfers.

7. Data retention

We keep your personal information only as long as we need it for the purposes described in this policy:

Account information — kept while your account is active. Deleted within 30 days of you deleting your account.
Your Content — kept while you choose to keep it on the App. Deleted within 30 days of you deleting it or deleting your account, except for comments on other users' posts which may be retained but anonymised as "[deleted user]".
Photos — deleted from our storage within 30 days of deletion.
Reports of abuse and audit logs — retained for up to 24 months for safety and legal purposes, even if the reporter or reported user deletes their account. Such records are anonymised where possible.
Log data and technical information — retained for up to 90 days, then deleted or anonymised.
Information we are required to retain by law — kept for the period required by applicable law (for example, tax or financial records).

After the retention period ends, we delete your data or anonymise it so it can no longer be linked to you.

8. Your privacy rights

Depending on where you live, you have some or all of the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you
Rectification — ask us to correct information that is wrong or incomplete
Deletion — ask us to delete your personal information (you can do this yourself at any time from Settings → Account → Delete account)
Restriction — ask us to limit how we use your information
Objection — object to certain uses of your information, particularly where we rely on legitimate interest
Portability — ask us to provide your information in a structured, machine-readable format, or to send it to another service
Withdraw consent — where we rely on your consent, you can withdraw it at any time
Complain — make a complaint to a privacy regulator (see Section 16 for the regulator in your country)

To exercise any of these rights, contact us at privacy@yourmiseenplace.app. We will respond within 30 days. We may need to verify your identity before acting on your request.

We will not discriminate against you for exercising your privacy rights.

9. Security

We take reasonable steps to protect your personal information, including:

Encrypting data in transit using TLS (HTTPS)
Encrypting passwords with industry-standard hashing
Restricting access to your data to authorised personnel and service providers
Using Row-Level Security policies in our database so that users can only access their own data and content they are permitted to see
Regularly reviewing our security practices

No system is completely secure. If we become aware of a security incident that affects your personal information, we will notify you and the relevant regulators where required by law, in accordance with the Notifiable Data Breaches scheme under the Australian Privacy Act and equivalent obligations in other jurisdictions.

You also play a role in keeping your account secure. Choose a strong, unique password and do not share your password with anyone.

10. Children's privacy

The App is not intended for people under 16. We do not knowingly collect personal information from anyone under 16.

If we learn that we have collected personal information from someone under 16, we will delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@yourmiseenplace.app.

11. Cookies and similar technologies

The mise.en.place website uses a small number of necessary cookies and similar technologies to operate, including:

Authentication cookies — to keep you signed in
Functional storage — to remember your preferences and settings

We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that follow you around the web.

You can control cookies through your browser settings, but disabling necessary cookies may prevent parts of the App from working.

12. Marketing communications

If we send you marketing emails in the future (for example, product updates or newsletters), we will only do so where you have agreed to receive them. You can unsubscribe at any time using the link in the email or by contacting us.

We will always send you transactional emails that are necessary for the App to function (password resets, security alerts, account confirmations) regardless of marketing preferences.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

Update the "Last updated" date at the top of this policy
Notify you through the App or by email at least 7 days before the changes take effect, where the law requires us to

Your continued use of the App after the changes take effect means you accept the updated policy.

14. Contact us

For any questions, requests, or complaints about this Privacy Policy or how we handle your data, contact us at:

Privacy queries: privacy@yourmiseenplace.app
General support: support@yourmiseenplace.app
Legal: legal@yourmiseenplace.app

We will respond to all reasonable requests within 30 days.

15. Australian Privacy Principles

This Privacy Policy is intended to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

If you believe we have not handled your personal information in line with this policy or the APPs, please contact us first at privacy@yourmiseenplace.app and we will try to resolve your concern.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5288, Sydney NSW 2001

16. Region-specific information

16.1 European Union and United Kingdom

If you are in the EU or UK, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal information.

You have the rights described in Section 8. You also have the right to lodge a complaint with your local data protection authority. You can find your local authority at:

EU: edpb.europa.eu/about-edpb/about-edpb/members_en
UK: ico.org.uk

16.2 California, United States

If you are a resident of California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:

Right to know — what categories of personal information we collect and how we use them
Right to delete — request deletion of your personal information
Right to correct — request correction of inaccurate personal information
Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising, so there is nothing to opt out of
Right to limit use of sensitive information — we do not use sensitive information beyond what is necessary to provide the App
Right to non-discrimination — we will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@yourmiseenplace.app.

16.3 Other regions

If you are in another region with specific privacy laws (such as Canada's PIPEDA, Brazil's LGPD, or similar), the rights described in Section 8 apply to you to the extent required by your local law. Contact us at privacy@yourmiseenplace.app for more information.

This Privacy Policy was last updated on 11 May 2026.