How we collect, use, and protect your data in the ToiFood recipe generation app.
Last updated: 4 April 2026
🗑️ Request Account Deletion
ToiFood allows you to request full deletion of your account and all associated data at any time.
How to request deletion:
Send an email to admin@toigroup.co.nz with the subject line "Delete My ToiFood Account"
Include the email address registered to your ToiFood account
What gets deleted:
Your name and email address
Your password hash
Your dietary preferences and serving size settings
Your full recipe history and saved favourites
Retention period: All data is permanently removed from our database within 30 days of your request. You will receive a confirmation email when deletion is complete.
ToiFood is an AI-powered recipe generation app operated by Toi Group Limited, a New Zealand company. The app generates personalised recipes based on ingredients and dietary preferences you provide, powered by AI running on privately owned infrastructure in New Zealand.
2. What Information We Collect
Account information — when you register:
Your name and email address
Your password (stored as a one-way bcrypt hash — never in plain text)
Your Google account ID, if you sign in with Google
We do not collect location, device identifiers, advertising IDs, contacts, camera, microphone, or payment information.
3. How We Use Your Information
Purpose
Data Used
Create and manage your account
Name, email, password hash
Authenticate sessions
Email, JWT token (stored securely on device)
Generate personalised recipes
Ingredients, dietary filters, serving size, meal type
Save your recipe history
Generated recipe content
Remember your preferences
Dietary filters, default servings
We do not use your data for advertising, profiling, or sale to third parties.
4. AI Processing
When you request a recipe, the following is sent to our AI model: your ingredients, dietary filters, serving size, and meal type (breakfast, lunch, or dinner — inferred from time of day).
By default, recipes are generated using a locally hosted AI model (Ollama, running on our own server in New Zealand). Your data does not leave our infrastructure for this processing.
In some configurations, recipe generation may use third-party AI APIs (OpenAI or Anthropic). If so, your ingredient and preference data is sent to those services subject to their respective privacy policies. We do not send your name, email, or account details to any AI provider.
5. How We Store Your Data
All account and recipe data is stored in a PostgreSQL database hosted on a private server in New Zealand
Your authentication token is stored on your device using encrypted secure storage (iOS Keychain / Android Keystore)
Your password is never stored in plain text — only a bcrypt hash
Network traffic is encrypted via HTTPS/TLS enforced by Cloudflare
6. Data Sharing
We do not sell, rent, or share your personal data with third parties, except:
OpenAI / Anthropic — if third-party AI is enabled, ingredient and preference data only. See their respective privacy policies
Legal obligations — if required by law
7. Data Retention
Your account and recipe data is retained for as long as your account is active. You may request deletion at any time by contacting us. Deleted data is removed from our database immediately.
8. Your Rights
Access — request a copy of the data we hold about you
Correction — update inaccurate information via the Profile screen
Deletion — request that your account and all data be deleted
Portability — request your data in a readable format
9. Children's Privacy
ToiFood is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
10. Contact
For privacy questions, data requests, or deletion requests:
We may update this policy from time to time. When we do, we will update the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.