The data controller for personal data collected through the Mijotia service is:
For any questions regarding the protection of your personal data or to exercise your rights, you can contact us at the address indicated above.
In providing the Mijotia service, we collect and process the following categories of personal data:
Identification and Contact Data (upon registration):
Service Usage Data (during use):
Technical and Security Data (automatically):
We do not intentionally collect sensitive data as defined in GDPR Article 9 (racial or ethnic origin, political opinions, health data, etc.). Should health information appear in free text entered by the user (e.g., "I am gluten intolerant"), it would be processed solely for recipe generation purposes and would not be subject to secondary analysis or exploitation.
We process your personal data for the following purposes and on the following legal bases:
We do not use your data for commercial prospecting, targeted advertising, marketing profiling, or sale to third parties.
We retain your personal data for the duration strictly necessary for the purposes for which it was collected:
Upon expiration of these periods, your data is permanently deleted from our systems or securely archived if legal obligation requires it.
Your personal data is processed by the following sub-processors, strictly within the scope of providing the Mijotia service:
IONOS SE (hosting application and databases) — Elgendorfer Str. 57, 56410 Montabaur, Germany. Established within the European Union, subject to GDPR. Data is hosted on servers located in Europe.
Anthropic Inc. (recipe generation by artificial intelligence) — Company established in the United States. Free text input by users and ingredients are transmitted to Anthropic's API to generate recipes. This transfer to a third country (USA) is governed by Standard Contractual Clauses approved by the European Commission, in accordance with GDPR Article 46. Anthropic contractually commits not to use your data to train its models without explicit consent.
Brevo (sending transactional emails) — SMTP relay service operated by Brevo SAS, established in France (EU). Only your email address and transactional email content are transmitted. GDPR compliant.
Stripe Payments Europe Ltd (payment processing) — Company established in Ireland (EU), subsidiary of Stripe Inc. Payment data is processed directly by Stripe and never passes through our servers. GDPR compliant through the Irish entity. Privacy Policy: stripe.com/privacy
No other sharing of your data with third parties not mentioned above is performed, except where required by law (court order, etc.).
Anonymized Training Data: Generated recipes and associated food preferences (ingredients, allergies, diets) may be retained in anonymized form for service improvement and training of our generation algorithms. No identifying data (name, email, user ID) is associated with this training data.
Some of our sub-processors (Anthropic Inc.) are established in the United States. Data transfers to these providers are carried out within appropriate safeguards under GDPR, namely Standard Contractual Clauses (SCC) adopted by the European Commission.
For hosted data (database, files), hosting is provided by IONOS SE, a company established in Germany (EU). Your account and usage data remain within European Union territory for storage purposes.
For California Residents (CCPA): Under the California Consumer Privacy Act, you have the right to know what personal information is collected, used, and shared. You also have the right to request deletion of your personal information (subject to certain exceptions) and to opt-out of the "sale" of personal information. Mijotia does not sell personal information and does not engage in targeted advertising.
Mijotia does not use advertising cookies or profiling cookies. No behavioral profiling for commercial purposes is performed.
Matomo Analytics: The Mijotia website uses Matomo Analytics, a self-hosted open source solution on our own servers (IONOS SE, Germany). No data is transmitted to third parties. Cookies are disabled and IP addresses are anonymized — this configuration is exempt from consent requirements according to data protection authority guidelines.
localStorage is used to store your authentication token (JWT), necessary for maintaining your login session. This token contains only your identifier and email, is digitally signed, and has limited validity duration.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure:
In the event of a personal data breach likely to result in high risk to your rights and freedoms, we commit to notifying you as soon as possible, in accordance with GDPR Article 34.
In accordance with GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, send your request by email to contact@mijotia.com, specifying your identity. We commit to responding within one (1) month of receiving your request.
You can also directly delete your account from the application's Profile page, which results in immediate deletion of all your account and usage data.
If you believe the processing of your personal data violates applicable law, you have the right to lodge a complaint with the competent supervisory authority.
For EU Residents: You may file a complaint with your national data protection authority. For France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr
For US Residents: You may file a complaint with your state's Attorney General or the Federal Trade Commission (FTC) at reportfraud.ftc.gov.
We encourage you to contact us first at contact@mijotia.com to resolve your concern amicably.
This privacy policy may be modified at any time, including to comply with legal, regulatory, or technical changes. Any material modifications will be notified to users by email before taking effect.
The current version is the one accessible on the website, identified by its update date at the top of this document.