Privacy Policy
Parmesan is a meal-planning app ("Parmesan," "we," "us"). This policy explains what data the app handles and where it goes. The short version: almost everything you create stays in your own iCloud account, and the only personal information we ever receive on our own server is the email address you enter to request access.
1. Your recipes, meal plans, and lists
The content you create in Parmesan — recipes, meal plans, grocery and pantry lists, staples, ratings, and family member names — is stored on your device and synced through your private iCloud account using Apple's CloudKit. This data lives in your Apple account, not on our servers, and we have no ability to read it. If you use Family Sharing, this data is shared directly between the iCloud accounts you invite, via Apple's CloudKit sharing.
Apple's handling of iCloud data is governed by Apple's Privacy Policy. You can manage or delete this data from your device or from your iCloud settings.
2. Requesting access (the one thing we collect)
Parmesan is currently invite-only. To request access, you enter an email address. That address is sent to our server and used solely to:
- notify the developer that a device is requesting access, and
- record whether that email has been approved, so your device can unlock.
We do not use this email for marketing, newsletters, or any purpose other than granting or declining access. We do not sell or share it. Access approval is tied to the email you submit, so it may be retained for as long as the invite program runs. You can ask us to delete your email at any time (see Contact).
3. Optional device integrations
Apple Reminders
If you enable it, Parmesan can sync your grocery list to Apple Reminders (with your permission). That data stays within your Apple account; we never receive it.
Recipe import
When you import a recipe from a web link, the app fetches that page directly from the website you chose in order to read the recipe. That request goes to the third-party site, not to us, and is subject to that site's own privacy practices.
Amazon in-store code
This optional feature simply launches a Shortcut you set up on your device. Parmesan does not collect, transmit, or share any data with Amazon or anyone else through it.
4. Third-party services we use
The only external services involved in handling your access-request email are:
- Vercel — hosts the access-request server (privacy policy).
- Upstash — stores the approval status for each email (privacy policy).
- Resend — delivers the approval-notification email to the developer (privacy policy).
- Apple iCloud / CloudKit — syncs and stores your app content in your own Apple account (privacy policy).
5. Data retention
Your app content is retained in your iCloud account until you delete it. Your access-request email is retained while the invite program is active or until you request its removal. We keep no other personal data.
6. Your choices and rights
- Delete your app content anytime from your device or iCloud.
- Revoke Reminders access anytime in iOS Settings.
- Request deletion of your access-request email by contacting us below.
Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA (to access, correct, or delete your personal data). Because the only personal data we hold is your access-request email, such requests are simple to honor — just contact us.
7. Children's privacy
Parmesan is not directed to children under 13, and we do not knowingly collect personal information from them.
8. Security
Data in transit to our server is encrypted over HTTPS. Access tokens held by the app are stored in the device's Keychain. Your app content is protected by Apple's iCloud security.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.
10. Contact
Questions or requests (including email deletion):
Parmesan Support
support@cookwithparmesan.com