← Back to home

Privacy Policy

Last updated: April 2026

This page is provided in English for legal precision. The English version is the controlling document for all legal purposes; translations are courtesy only and not legally binding.

1. Who we are

TeAvon, referred to here as the Service, is operated by Spendlitics LLC, 1209 Mountain Road Pl NE #6183, Albuquerque, NM 87110, United States. We are the data controller for personal information you provide through the Service.

2. Information we collect

Account information: When you sign in with Google, we receive your name, email address, and profile picture. We never receive your Google password.

Recipe content: Recipes you save or import, including the original source text, translations, images, notes, ratings, and the source URL.

Preferences: Your UI language and recipe language settings, household membership, and rating history.

Usage data:Basic server-side logs about how you use the Service. We log routes visited and errors encountered, used for debugging and quality monitoring. We don't run third-party advertising or cross-site tracking.

Billing data: Subscription status and billing events from Stripe. We do not store your card number, CVC, or full bank details. Those stay within Stripe.

3. How we use your information

  • To provide, operate, and improve the Service
  • To authenticate you and keep your account secure
  • To process, translate, and display your recipes
  • To enable household sharing features
  • To send service-related emails such as invite acceptance, payment failures, and policy updates
  • To comply with legal obligations and enforce our Terms

4. Third-party service providers

To provide the Service, we share limited data with these processors:

  • Google:OAuth authentication via "Sign in with Google", plus Google Cloud Vision API for text extraction from photo-uploaded recipes. Image bytes are sent for OCR, especially effective for non-English text.
  • Apify: Recipe scraping from Instagram, TikTok, YouTube, and websites. Recipe URLs are sent to Apify so it can fetch the content.
  • Anthropic Claude: Recipe structuring and translation. Recipe text is sent to Claude for processing.
  • OpenAI Whisper: Voiceover transcription when a recipe comes from a video.
  • Amazon Web Services: Application hosting on Amplify, image storage on S3, CDN via CloudFront, DNS through Route 53, and TLS certificates from ACM. All US-based, in us-east-1.
  • MongoDB Atlas: Primary database, US-based.
  • Resend: Transactional email such as invites, account notifications, and billing notices.
  • Stripe: Subscription payment processing. Your card details are handled entirely by Stripe under their privacy policy.
  • Sentry: Error tracking. When something crashes in your browser or on our servers, we send Sentry the stack trace, the URL, and basic technical details such as browser version so we can fix it. We strip your email and other personally identifying fields before they leave our system. See their privacy policy.

We do not sell your personal data. We do not share it for advertising purposes.

Subprocessor list last reviewed 2026-05-02.

5. Data storage and security

Your data is stored on servers operated by AWS and MongoDB Atlas in the United States. We use TLS/HTTPS for all connections and follow standard security practices, including encrypted-at-rest storage, access controls, and audit logging. Payment data is handled by Stripe, a PCI DSS Level 1 certified provider.

No system is 100% secure. We'll notify affected users promptly if we learn of a breach involving your personal data.

6. Data retention and deletion

We retain your account data for as long as your account is active. Deleting your account from the Settings page schedules permanent processing 30 days later. Signing back in within that window restores everything.

When the 30-day window ends, we permanently remove your profile, preferences, and your beta-code redemptions, feedback, and pending invites. We do the same sooner if you request GDPR Article 17 immediate erasure. Recipes are handled per their household membership: if you were the sole member of a household, the household and its recipes are deleted along with your account. If the household has other members, the recipes you added stay with the household, with your name removed and the entry shown as “Added by a previous member”. See our Terms section 10 for the full retention semantics.

Billing records and transaction metadata required for tax and accounting purposes are retained for the period required by applicable law, typically 7 years.

7. Your rights

You have the right to access, correct, and delete your personal data. Most of this is self-service:

  • View and edit your profile and recipes: Settings page
  • Change language preferences: Settings → Language
  • Export your curation data under your right to portability, GDPR Article 20. Visit /api/account/export while signed in, or use the "Export my data" link on the locked screen. Available even if your account is locked or scheduled for deletion. The export contains your profile, your preferences, the source URLs you saved, and your ratings. That is the portion of TeAvon's data that you originated. It does not include the recipe content we extracted from third-party sources such as Instagram, TikTok, and YouTube. That content belongs to its original creators. To rebuild a recipe collection elsewhere, re-fetch the source URLs in the export.
  • Delete your account: Settings → Danger Zone, or the same link on the locked screen. Permanent deletion completes after 30 days; immediate erasure is available on request.

Depending on your jurisdiction, you may have additional rights regarding access, deletion, and non-discrimination. For example, California residents under CCPA and EU residents under GDPR. Email support@teavon.co to exercise any such rights or to ask questions.

7a. Anti-abuse retention after deletion

After we permanently process your deletion at the end of the 30-day soft-delete window, or sooner if you requested immediate erasure, we retain a one-way cryptographic hash of your normalised email address for 90 days. The hash is SHA-256. We do not store your email in plaintext after deletion. The hash is the only data kept, and we cannot reconstruct your email from it.

The hash blocks the same address from creating another fresh free trial during the 90-day window. This applies both to direct sign-up and to accepting a household invitation. After 90 days the hash is no longer enforced and the same address may sign up again normally.

Email normalisation collapses common alias forms so they all hash to the same value. This covers Gmail dot variants like j.o.h.n@gmail.com and +suffix aliases. It prevents trivial sidesteps of the window.

The legal basis is our legitimate interest in preventing abuse, under GDPR Article 17(1)(c) and equivalent provisions in other jurisdictions. The window applies only when you explicitly request account deletion. Leaving a household, cancelling a subscription, or letting a trial lapse does not write a hash.

If you wish to return to the Service before the 90 days are up, contact support and we will remove the hash so you can sign up again.

8. Children's privacy

The Service is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has provided us personal data, email us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email or in-app notification at least 15 days before taking effect. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

Privacy questions or requests: support@teavon.co.

1.1.3