At Chryso Lefou, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website chrysolefou.com (the "Website"). This policy complies with the General Data Protection Regulation (GDPR), Greek Law 4624/2019, and Cyprus Law 125(I)/2018.
1. Data Controller
The data controller responsible for your personal data is: Chrysо Lefou Email: info@chrysolefou.com For any questions regarding your personal data or this Privacy Policy, please contact us using the information above.
2. Data We Collect
2.1 Account Information
When you create an account, we collect: • Email address • Password (encrypted and securely hashed) • Profile picture (optional - only if you choose to upload one) • Account creation and last sign-in timestamps • User ID (automatically generated) • OAuth provider information (if you sign in with Google or Facebook) • Email verification status
2.2 User Preferences
When you use our service, we may collect: • Saved recipes (recipes you bookmark for later) • Recipe preferences and collections • Language preference (English or Greek) • Browser and device information
2.3 Contact Form Data
When you submit our contact form: • Name • Email address • Subject • Message content • Submission timestamp
2.4 Analytics and Performance Data
We automatically collect: • Web Vitals (Core Web Vitals, page load metrics) • Performance data (navigation timing, resource loading) • Error logs and stack traces (when errors occur) • Device type and browser information • Pages visited and interaction patterns
2.5 Cookies
We use the following types of cookies: • Essential Cookies: Required for authentication and website functionality (Supabase session cookies) • Analytics Cookies: To understand how visitors use our website (Vercel Analytics) • Performance Cookies: To monitor and improve website performance
3. How We Use Your Data
We process your personal data for the following purposes: • Account Management: To create, maintain, and authenticate your user account • Service Provision: To provide access to recipes, save your favorite recipes, and personalize your experience • Communication: To respond to your inquiries and contact form submissions • Website Improvement: To analyze website usage and improve functionality, performance, and user experience • Security: To detect and prevent fraud, abuse, and security incidents • Legal Compliance: To comply with applicable laws and regulations • AI Features: To provide recipe extraction and translation services using Google Gemini AI
4. Legal Basis for Processing
Under GDPR, we process your data based on: • Consent: When you create an account, subscribe to newsletters, or submit contact forms • Contract: To fulfill our obligations when you use our services • Legitimate Interests: To improve our services, ensure security, and analyze website performance • Legal Obligation: To comply with applicable laws and regulations
5. Third-Party Services
We use the following third-party services that may process your data:
Supabase (Database & Authentication)
Purpose: User authentication, database storage, and account management Data Shared: Email, hashed passwords, user IDs, saved recipes Location: EU servers Privacy Policy: https://supabase.com/privacy
Google Generative AI (Gemini)
Purpose: Recipe extraction from images and text translation Data Shared: Recipe images and text you choose to process (not stored permanently) Privacy Policy: https://policies.google.com/privacy
Google OAuth
Purpose: Third-party authentication Data Shared: Email address, profile information from your Google account Privacy Policy: https://policies.google.com/privacy
Facebook OAuth
Purpose: Third-party authentication Data Shared: Email address, profile information from your Facebook account Privacy Policy: https://www.facebook.com/privacy/policy
Vercel Analytics & Speed Insights
Purpose: Website performance monitoring and analytics Data Shared: Page views, Web Vitals, device information (anonymized) Location: Global CDN Privacy Policy: https://vercel.com/legal/privacy-policy
Sentry
Purpose: Error tracking and performance monitoring Data Shared: Error logs, stack traces, browser information (personal data is masked) Privacy Policy: https://sentry.io/privacy
YouTube (Privacy-Enhanced Mode)
Purpose: Video embedding for recipe tutorials Data Shared: None (we use youtube-nocookie.com for privacy-enhanced embedding) Privacy Policy: https://policies.google.com/privacy
6. Cookies and Tracking
We use cookies to: • Maintain your login session (essential) • Remember your language preference (functional) • Analyze website performance (analytics) You can control cookies through your browser settings. However, disabling essential cookies may limit your ability to use certain features of our website.
Cookie Details:
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
| sb-* | Essential | Authentication session | 7 days |
| Vercel Analytics | Analytics | Performance tracking | Session |
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy: • Account Data: Retained until you delete your account • Saved Recipes: Retained until you remove them or delete your account • Contact Form Submissions: Retained for up to 2 years • Analytics Data: Aggregated and anonymized data retained indefinitely • Error Logs: Retained for 90 days • Consent Records: Retained for 5 years as required by GDPR
8. Your Rights Under GDPR
As a user in the European Union, Cyprus, or Greece, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, please contact us at info@chrysolefou.com. We will respond within 30 days.
9. Data Protection Authorities
If you are not satisfied with our response, you may lodge a complaint with:
- Greece: Hellenic Data Protection Authority (www.dpa.gr)
- Cyprus: Commissioner for Personal Data Protection (www.dataprotection.gov.cy)
- EU: Your local data protection authority
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data: • Encryption: All data transmitted over HTTPS/TLS • Authentication: Passwords are hashed and encrypted using industry-standard algorithms • Access Controls: Restricted access to personal data on a need-to-know basis • Monitoring: Continuous security monitoring and error tracking • Regular Audits: Periodic security assessments and updates
11. International Data Transfers
Your data is primarily stored on servers within the European Union (Supabase EU region). Some third-party services (e.g., Vercel Analytics) may process data globally. When we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
12. Children's Privacy
Our Website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately, and we will delete such information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our Website or sending an email to registered users. The "Last Updated" date at the top indicates when this policy was last revised.
15. Google API Services User Data
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve our authentication services and do not transfer this data to third parties except as necessary to provide our services.
14. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Email: info@chrysolefou.com Website: www.chrysolefou.com/contact We are committed to working with you to resolve any privacy concerns.