← Back

Thymeline Privacy Policy

Last updated: April 17, 2026

1. Overview

Thymeline is operated by Brake Labs LLC ("Brake Labs", "we", "us", "our"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

We collect only the data necessary to provide the Service. We do not sell your data. We do not run ads. We do not use third-party analytics or tracking pixels.

2. Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture from Google. We use this to create and identify your account. We do not access your Google contacts, calendar, or any other Google data.

Content You Create

We store the content you add to Thymeline, including:

  • Recipes (titles, URLs, ingredients, steps, notes, tags, images)
  • Meal plans and meal history
  • Grocery lists
  • Cooking preferences and dietary settings
  • Household memberships

Usage Data

We track which AI features you use and how many tokens each request consumes. This helps us monitor costs and improve the Service. This data includes the feature name (e.g., "meal plan generation"), the AI model used, and token counts. It does not include the content of your requests or responses.

Technical Data

Our authentication system records your IP address and user agent string when you sign in. This is used for session security and is stored in our database.

3. How We Use Your Data

  • Providing the Service: Your recipes, preferences, and history are used to generate meal plans, suggestions, and grocery lists.
  • AI Processing: When you use AI-powered features, relevant data (recipes, preferences, meal history) is sent to a third-party AI provider for processing. See Section 5 for details.
  • Recipe Import: When you import a recipe by URL, the page content is fetched via a third-party web scraping service and then processed by AI to extract recipe data.
  • Account Management: Your email is used to manage your account, verify your identity, and enforce access controls.

4. Cookies

Thymeline uses a single authentication cookie to keep you signed in. No tracking cookies, advertising cookies, or third-party cookies are used.

CookiePurposeDuration
better-auth.session_tokenAuthenticates your session7 days

5. Third-Party Services

We use a limited number of third-party services to operate Thymeline. Data is shared with these services only as needed to provide the Service, and never for advertising or unrelated purposes.

Authentication

We use Google for sign-in only. We receive your basic profile information (name, email, profile picture). We do not request access to your Google Drive, Calendar, Contacts, or any other Google services.

AI Processing

When you use AI features (meal suggestions, recipe discovery, recipe generation, grocery list creation), your recipe data and preferences are sent to a third-party AI provider for processing. Our AI provider does not use API inputs to train their models.

Recipe Import

When you import a recipe by URL, the page is fetched through a third-party web scraping service to extract page content. Only the URL you provide is sent to this service.

6. Data Storage & Security

Your data is stored in a PostgreSQL database. Session tokens are encrypted. All connections to the Service use HTTPS.

We take reasonable measures to protect your data, but no system is perfectly secure. If you become aware of a security issue, please contact us immediately.

7. Data Sharing

We do not sell, rent, or trade your personal information. We share data only:

  • With third-party services listed in Section 5, to operate the Service
  • With household members you choose to share with
  • If required by law or to protect our rights

8. Your Rights

You can:

  • Access your data: All your recipes, meal plans, and preferences are visible in the app.
  • Delete your content: You can delete individual recipes, meal plans, and grocery lists at any time.
  • Request account deletion: Contact us to delete your account and all associated data.
  • Leave a household: You can leave a shared household at any time.

9. Children's Privacy

Thymeline is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

10. Data Retention

We retain your data for as long as your account is active. If your account is disabled or deleted, we will delete your data within 30 days, except where retention is required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service. Continued use after changes constitutes acceptance.

12. Contact

Questions or requests about your data? Reach out at [email protected].

Terms of Service