Onionly Onionly
  • Privacy
  • Terms
  • Support

Privacy Policy

Last updated: March 8, 2026

Onionly ("we," "our," or "us") is a recipe management application developed by Yusuf Omer Erem. This Privacy Policy explains how we collect, use, and protect your information when you use the Onionly mobile application (the "App").

By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you first open the App, an anonymous account is automatically created using Firebase Authentication. This generates a unique anonymous identifier (User ID) that is not linked to your name, email, or any other personal information. If you choose to sign in with Apple, we receive your Apple ID identifier and, if you choose to share it, your email address.

1.2 Recipe Data

Recipes you import or create are stored locally on your device using Apple's SwiftData framework. When you import a recipe from a URL, the URL is sent to our server for processing. We temporarily cache extracted recipe data on our servers for up to 7 days to improve performance for repeated imports of the same URL. Recipe content itself (ingredients, instructions, images) is stored on your device.

1.3 Usage Data

We collect anonymous usage analytics through Firebase Analytics to understand how the App is used and to improve our service. This includes:

  • Feature usage (e.g., which screens you visit, which features you use)
  • Import events (e.g., whether a recipe import succeeded or failed, the import method used)
  • General interaction patterns (e.g., tab navigation, button taps)

This data is collected in aggregate and is not used to personally identify you. We do not use Apple's Identifier for Advertisers (IDFA) or any cross-app tracking technology.

1.4 Purchase Information

If you subscribe to Onionly Pro, your subscription is processed entirely by Apple through the App Store. We use RevenueCat to manage subscription status. We receive information about your subscription status (active, expired, etc.) but we do not have access to your payment details, credit card number, or Apple ID password.

1.5 Server-Side Analytics

When you import a recipe, we log limited information on our servers for debugging and service improvement:

  • The domain of the recipe URL (e.g., "allrecipes.com"), not the full URL
  • The extraction method used (e.g., structured data, AI extraction)
  • Whether the import succeeded or failed
  • Your anonymous User ID

2. How We Use Your Information

  • App Functionality: To provide core features such as recipe importing, cook mode, meal planning, and grocery lists.
  • Service Improvement: To analyze usage patterns and improve the App's features and performance.
  • Debugging: To identify and fix technical issues with recipe importing and other features.
  • Subscription Management: To verify your subscription status and provide access to premium features.

3. Third-Party Services

We use the following third-party services:

  • Firebase (Google): Authentication (anonymous accounts and Apple Sign In), Analytics (usage data), Cloud Functions (recipe processing). Firebase Privacy Policy
  • RevenueCat: Subscription and in-app purchase management. RevenueCat Privacy Policy
  • Google Gemini AI: Used server-side to extract recipe information from web pages and videos. Recipe URLs and content are processed by our server; no personal information is sent to Gemini. Google AI Terms

4. Data Storage and Security

Your recipe data is stored locally on your device. Server-side data (cached recipe extractions, analytics events) is stored in Google Cloud Firestore in the EU (europe-west1 region). We use industry-standard security measures including encrypted connections (HTTPS/TLS), Firebase Security Rules, and rate limiting to protect your data.

5. Data Retention

  • Recipe cache: Temporary server-side recipe cache is automatically deleted after 7 days.
  • Analytics data: Firebase Analytics data is retained according to Google's standard retention policy (14 months for event data, 2 months for aggregated reporting data by default).
  • Server analytics logs: Import event logs are retained for up to 12 months for debugging purposes, then automatically deleted.
  • Local data: Recipes and user data stored on your device persist until you delete the App or use the in-app data deletion option.

6. Your Rights

You have the following rights regarding your data:

  • Data Deletion: You can delete your account and all associated data through the App's Settings screen. This removes your local data, server-side analytics linked to your User ID, and your Firebase Authentication account.
  • Data Access: Your recipe data is stored locally on your device and is accessible to you at all times through the App.
  • Opt-Out: You can limit analytics collection by disabling analytics in your device's Settings under Privacy & Security.

7. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

8. International Users

Our servers are located in the European Union (Google Cloud europe-west1). If you use the App from outside the EU, your data may be transferred to and processed in the EU, which may have different data protection laws than your country of residence.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: onionly.app@gmail.com

Developer: Yusuf Omer Erem

Onionly Onionly

© 2026 Yusuf Omer Erem. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Support