Privacy Policy

Last updated: 2026-04-27T00:00:00.000Z

1. Who we are

letsmake.recipes is operated by Original Function Inc. (“we”, “us”, or “our”), a C corporation registered in the State of New Jersey, United States of America. You can reach us at hello@originalfunction.com.

2. Scope of this policy

This Privacy Policy describes how we collect, use, and share information when you visit letsmake.recipes (the “Site”) and when you create an account on the Site. letsmake.recipes is a personal recipe tool: signing in lets you save, version, and optionally publish your own recipes.

3. Information we collect

3.1 Account information

When you create an account, we collect:

• Your email address (always — used for sign-in and transactional notices)
• Optionally a phone number (only if you choose to sign in by SMS code)
• Optionally a display name (shown only on recipes you choose to publish)
• Your sign-in method (email magic link, SMS code, or social provider — Google, Facebook, or Apple — when you connect one)

3.2 Recipe content

We store the recipes you create — titles, descriptions, ingredients, steps, tags, photos, and short videos. Every save creates an immutable version row so you can review or restore prior edits. Your recipes are private by default; only you can see them. If you publish a recipe, we generate a public URL of the form /r/<random-slug>; the public page shows your display name and the publish date but not your email or phone number.

3.3 Suggestion form

If you submit a suggestion through our contact form (/suggest), we collect your name, email (optional), and the content of your suggestion.

3.4 Information collected automatically

When you visit the Site, our hosting provider (Amazon Web Services) and analytics tools automatically receive:

• Your IP address (anonymized in Google Analytics)
• Your browser type, device type, and operating system
• The pages you visited and the time of your visit
• The referring URL that brought you to the Site

CloudFront access logs are retained for up to 30 days.

3.5 Cookies, similar technologies, and local storage

We and our third-party providers use cookies and similar technologies for analytics, ad delivery (on public recipe pages only), spam protection, and storing your cookie preferences. We also use browser localStorage to keep your sign-in session active — specifically the key letsmake-recipes-refresh, which holds an opaque refresh token issued by AWS Cognito. See our Cookie Policy for details.

4. How we use information

We use the information we collect to:

• Operate the Site, authenticate you, and serve your recipes back to you
• Email you a magic-link sign-in or SMS you a one-time code on request
• Generate the public URLs of recipes you choose to publish
• Respond to your suggestions and inquiries
• Measure and improve the performance of the Site (analytics)
• Prevent spam and abuse on our contact form (via Google reCAPTCHA v3)
• Display advertising on public recipe pages (/r/[slug]) via Google AdSense
• Comply with legal obligations

5. Third parties we work with

We share limited information with the following service providers, each of whom has their own privacy practices:

• Amazon Web Services, Inc. — hosting (CloudFront, S3, Lambda, Route 53), authentication (Amazon Cognito), database (DynamoDB), transactional email (Amazon SES), SMS one-time codes (Amazon SNS), generative AI for voice cook mode (Amazon Bedrock — Anthropic Claude Sonnet, with Claude Opus as a schema-validation fallback, in us-east-1), and text-to-speech for voice cook mode (Amazon Polly Neural). All processing is in the United States. See AWS Privacy Notice.
• Deepgram, Inc. — streaming speech-to-text for voice cook mode (only when you opt into cook mode). See Deepgram’s Privacy Policy.
• Google LLC — sign-in with Google (when you choose it), Google Analytics 4 (analytics), Google AdSense (advertising on public recipe pages), Google reCAPTCHA v3 (spam protection on the suggestion form), Google Funding Choices (cookie consent management). See Google’s Privacy Policy.
• Meta Platforms, Inc. (Facebook) — sign-in with Facebook (only if you choose it). See Meta’s Privacy Policy.
• Apple Inc. — Sign in with Apple (only if you choose it). See Apple’s Privacy Policy.

We do not sell your personal information to anyone.

5.1 Voice cook mode processors

Voice cook mode is opt-in. The processors below only receive data when you explicitly enter cook mode and grant microphone permission; they are not invoked when you browse, type, or read recipes.

• Deepgram, Inc. — Streaming speech-to-text. Audio chunks from your microphone are streamed directly from your browser to Deepgram over a WebSocket, using a 60-second ephemeral token minted by one of our AWS Lambdas. Deepgram receives audio and returns transcripts. Deepgram does not receive your account email, phone number, payment information, or recipe history. Per Deepgram’s standard streaming agreement and their published privacy policy, audio is processed for transcription and is not retained long-term.
• Anthropic Claude via AWS Bedrock (US-East-1). Claude Sonnet (and Claude Opus as a schema-validation fallback) receives the transcript chunks plus the current recipe state and returns structured recipe deltas (ingredient additions, step edits, timer detections, ambiguity prompts). Bedrock receives no raw audio, no account email, no phone number, and no payment information. Anthropic’s commercial Bedrock terms specify that inputs are not used to train the model and are subject to short retention. The model is hosted in AWS region us-east-1. See AWS Bedrock security & compliance.
• Amazon Polly Neural. Receives short text strings (timer-expiry announcements such as “five minutes done” and ambiguity prompts such as “Add 2 cups flour to ingredients?”) and returns MP3 audio. Polly receives no audio input, no transcript, no recipe content beyond the short prompt itself, and no account information.

We do not store the raw audio. We do not store the raw transcripts. We store only the structured recipe that is extracted, as a RecipeVersions row tagged source: "voice" — exactly as we would store a recipe you typed by hand.

6. Legal basis for processing (EEA/UK residents)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on:

• Legitimate interest — for analytics, security (reCAPTCHA), and serving non-personalized ads.
• Consent — for personalized advertising and optional cookies. You may withdraw consent at any time via our Cookie Policy or the “Manage cookies” link in the footer.

7. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you
• Request that we correct or delete that information
• Object to or restrict processing
• Withdraw consent for optional processing (such as personalized ads)
• Lodge a complaint with a data protection authority
• Opt out of the sale or sharing of personal information (California residents)

To exercise any of these rights, email us at hello@originalfunction.com.

8. California privacy notice

Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the rights described in Section 7. We do not sell personal information, but we do share it with advertising partners in ways that may qualify as “sharing” under California law. You can opt out via the “Manage cookies” link in our footer.

9. International transfers

We are based in the United States, and your information will be processed there. If you access the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the US, which may have different data protection laws than your country.

10. Children

The Site is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Data retention

• Account, recipes, photos, videos: retained until you delete the account. Account deletion is hard, irreversible, and completes within 24 hours — we delete your Cognito identity, all recipe versions (including any tagged source: "voice" from voice cook mode), all media (S3 + DynamoDB rows), and all public-share rows. We do not keep “soft-deleted” or backup copies (DynamoDB point-in-time recovery is for our operational use only and rolls forward automatically).
• Public recipe URLs: unpublishing a recipe removes the /r/<slug> page within ~90 seconds and the slug itself; re-publishing the same recipe assigns a fresh slug.
• Contact-form emails: retained in our inbox for up to 90 days unless we need to retain them longer for legitimate business reasons.
• Hosting access logs: retained for up to 30 days.
• Google Analytics data: retained per the default retention period configured in GA4.

11.1 Voice cook mode

• Microphone audio: streamed to Deepgram for the duration of the cook session. Not stored by us. Per Deepgram’s streaming agreement, audio is not retained long-term by Deepgram.
• Transcripts: generated by Deepgram, sent to AWS Bedrock for structuring. Not stored by us beyond the in-flight processing window.
• Bedrock prompts and responses: processed in us-east-1 and not used to train Anthropic’s models per AWS’s commercial Bedrock terms.
• Polly text and audio: the short prompt text is sent to Polly; the resulting MP3 is played back to you and discarded.
• Structured recipe: stored as a RecipeVersions row in DynamoDB with source: "voice". This is the only voice-derived data we persist, and it is deleted along with the parent recipe (or with your account) on the same hard-deletion path described above.
• Cook session snapshots: stored locally in your browser (localStorage["cook-session-<id>"]) for crash recovery only. Cleared automatically after 1 hour or when you save and finish the session.

11a. Data export

Bulk data export is not available in v1. Email us at hello@originalfunction.com and we’ll respond manually within 30 days.

12. Security

We use HTTPS across the Site, and we do not store personally identifiable information on our servers beyond transactional email records. No system is perfectly secure, and we cannot guarantee the security of data transmitted over the internet.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Significant changes will be announced more prominently.

14. Contact us

Questions, concerns, or requests related to your personal information should be sent to hello@originalfunction.com.