Short version: we don't sell, share, or trade your data. We don't use tracking, analytics, ad networks, or third-party pixels. The only thing we store is what's needed to run the site for you — your account, your favourites, your preferences. You can delete it all at any time by emailing us.
Who runs this site
tuttimangi.com is a personal project, not a company. Contact: admin@tuttimangi.com. The site is hosted in the EU.
What we store
- Account: your email address and a salted hash of your password (we never store the password itself).
- Favourites & shopping list: the recipes you star and items you add, so they sync between your devices.
- Preferences: measurement units (metric / US), theme.
- Security log: sign-ins, failed sign-ins, password resets, and the IP address & approximate country/city those events came from. We use this to detect abuse and to show you recent activity on your own account.
- Email events: we log when welcome & password-reset emails are sent from our system. We do not track whether you open them.
What we don't do
- We don't sell, rent, or share your data with anyone.
- We don't use Google Analytics, Facebook Pixel, ad networks, or any third-party tracker.
- We don't profile you or build an advertising audience.
- We don't have third-party embeds that load on every page (no YouTube auto-embeds, no social widgets that phone home in the background).
Cookies
We use one cookie: dn_jwt. It's set when you sign in, holds your session token,
and lasts 30 days. It's strictly necessary — without it, you can't stay logged in. We use no
analytics or advertising cookies.
We also store a few harmless things in your browser's localStorage: your unit preference, your theme, an offline copy of your favourites list (so the ⭐ button works before you sign in), and a flag remembering that you saw our cookie notice. None of this is sent to our servers automatically.
Third-party services we rely on
- Hostinger — server hosting (EU) and outgoing email (SMTP).
- Wikipedia / Wikimedia Commons — recipe photos. Images are cached on our server, so your browser doesn't connect to Wikipedia on every page view.
- NVIDIA NIM — the "In my fridge" matcher sends the ingredient list you type to NVIDIA's hosted Llama 3.3 model. It does not include your email or any account info.
- Google Fonts — typefaces are loaded from
fonts.googleapis.com. - Pinterest — only loads when you click the "Pin it" button on a recipe page.
Your rights (GDPR)
You can ask us to show you the data we hold on you, correct it, export it, or delete it entirely. Just email admin@tuttimangi.com from the address on your account. Account deletion removes your email, password hash, favourites, shopping list, preferences, and security log. We aim to respond within 30 days.
Data retention
We keep account data for as long as your account exists. Security log entries are kept indefinitely while your account is active, since they're useful for spotting trouble; they're deleted with the account.
Children
The site isn't directed at children under 13, and we don't knowingly collect data from them. If you think we have, email us and we'll remove it.
Changes
If we ever change how we handle data, we'll update this page and bump the date below. Material changes will be flagged on the homepage or via email.
Last updated: 19 May 2026.