Prep Slate
Sign inStart free trial

Privacy Policy

What we collect, what we don't, and why.

Last updated: May 29, 2026

We do not sell your data. We do not run ads. We do not share your recipes with anyone. The information we hold is what we genuinely need to run the product you signed up for, and you can take it with you any time, including after you cancel.

The short version

Prep Slate is a tool you use to save and cook recipes. To do that, we keep your account (email, password, preferences), the recipes you save, and the activity related to using them (planned meals, cook sessions, shopping list). We use a small number of well-known service providers to host the app, store images, send essential email, and understand which features are used. We do not sell your data. We do not give it to advertisers. You can export everything you have at any time, and delete your account at any time.

Information we collect

Account

  • Your email address.
  • A password, stored as a one-way bcrypt hash. We never see your plaintext password.
  • Your timezone and your default eat time, so the planner schedules cook times correctly.

Content you create or save

  • Recipes you write or import: title, ingredients, steps, photos, tags, and source URL.
  • Planned meals and cook sessions, including the time of day they happened and how far through a recipe you got.
  • Shopping list items, including which recipes they came from.
  • Tags you create to organize your library.

Subscription and billing

Prep Slate subscriptions are purchased on the web through Stripe, or in the iOS app through the Apple App Store. We never see or store your full card number — Stripe and Apple handle that. What we receive is the information we need to manage your subscription:

  • For web subscriptions (Stripe):a customer and subscription identifier, the status of your subscription (active, cancelled, expired) and its current period end date, and limited card metadata such as the brand and last four digits for your reference.
  • For iOS subscriptions (Apple):a transaction identifier and product identifier, the status and current period end date of your subscription, and an opaque, store-issued account token that links a purchase to your account without exposing your store identity.

Technical and security data

  • The IP address and user agent (browser or device) of each sign-in, stored with your session so we can show you the active sessions and help you spot anything suspicious.
  • Standard web server logs (request URL, status, timing), kept for a short period for debugging and abuse prevention.
  • Error reports from the app, with stack traces and the request context that triggered them, so we can fix bugs.

Product analytics

We measure how the product is actually used so we know what to improve. This is event-level data (for example, "an import was started", "a cook session completed") associated with your account. We do not collect mouse-recording, session-replay, keystroke capture, or any other surveillance-grade telemetry.

Information we do not collect

  • We do not access your contacts, calendar, microphone, camera, or precise location.
  • We do not collect biometric data.
  • We do not buy data about you from data brokers.
  • We do not sell, rent, or trade your personal data to anyone, for any purpose, ever.
  • We do not run third-party advertising trackers in the app.
  • We do not show ads. There is no ad network reading anything you do here.

How we use information

  • To run the product.Storing and showing your recipes, planning meals, generating shopping lists, recording cook sessions, processing payments through Stripe and the App Store.
  • To improve the product.Looking at aggregate usage patterns to decide what to build next, what is confusing, what is broken.
  • To support you.Answering email you send us, investigating account issues, restoring data if something goes wrong.
  • To send essential email.Account confirmations, password resets, billing notices, occasional security or service announcements. We do not send marketing email unless you opt in explicitly.
  • To keep the service safe.Detecting abuse, brute-force sign-in attempts, scraping, and other things that hurt other users or the service.

Recipe imports from the web

When you paste a URL into the importer, our server fetches that page on your behalf. We parse the page for recipe structured data (JSON-LD), and when a page does not provide clean structured data, we may pass the visible recipe content to a large language model so it can extract the ingredients and steps.

The LLM providers we use for this are Google Gemini (operated by Google) and Amazon Bedrock (operated by Amazon Web Services). We send only the recipe content that needs parsing, never your account information. We log these calls through Braintrust so we can audit and improve quality.

The parsed recipe, the source URL, and the cover image are then saved to your account. The original page belongs to its publisher; importing it for your personal use does not transfer ownership to Prep Slate.

Service providers we rely on

We use a deliberately small number of vendors. Each one only receives the minimum data it needs to do its job.

  • Amazon Web Services (AWS).Hosts the application database and stores recipe images in Amazon S3. AWS sees everything in the app, but only as the platform that runs it.
  • Sentry.Receives error reports when something breaks. May include request paths, browser details, and (rarely) parts of request payloads. Personally identifying information is scrubbed from error reports where we can.
  • Mixpanel.Receives product analytics events tied to your account so we can see how the product is being used in aggregate.
  • Google (Gemini) and Amazon Web Services (Bedrock).Used only for parsing recipe content during imports, as described above.
  • Braintrust.Stores telemetry from our LLM calls so we can monitor quality and catch regressions in the import pipeline.
  • Stripe.Processes web payments and subscriptions. Stripe receives your card and billing details directly at checkout; we never see your full card number. Its privacy policy covers what you give it.
  • Apple App Store.Processes payments and subscriptions made in the iOS app. Its privacy policy covers anything you give it at checkout.

Cookies and local storage

  • An encrypted session cookie, so you stay signed in. This is required for the app to function.
  • A small amount of local storage and a service worker cache used by the app to make cook mode and the recipe library work offline-tolerantly.
  • We do not set third-party tracking or advertising cookies. There is no Facebook Pixel, no Google Ads tag, no programmatic ad SDK.

Data retention

Your recipes, plans, and other content are kept for as long as your account exists. If you delete your account, we delete your content from the live database immediately and from active backups on a rolling schedule. Aggregate, non-identifying analytics may be retained longer.

Server logs and error reports are kept for a short operational window — generally 30 to 90 days — and then rotated.

Your rights and how to exercise them

You always have these rights, no paperwork required:

  • Export your data.You can download your full library as JSON, and any recipe as printable HTML, at any time, including after your subscription ends.
  • Update your profile.Email, timezone, default eat time — all editable from your profile.
  • Delete your account.Removes your account, your recipes, your plans, your sessions, your shopping list, and your subscription records from our systems.
  • Ask us anything.If you want to know exactly what we hold for your account, or you want a copy in a specific format, email us and we will help.

If you are in the EU, UK, California, or another jurisdiction that grants statutory privacy rights (access, correction, erasure, portability, objection), those rights apply to you. The simplest way to exercise them is to use the in-app controls above, but you are welcome to email us instead.

How we keep your account safe

  • All traffic is served over HTTPS.
  • Passwords are stored as bcrypt hashes; we never store or transmit them in plaintext.
  • Sessions are tied to your IP and user agent, and you can sign out of any active session from your profile.
  • Production database access is restricted to a small number of operators on company-managed devices.

No system is perfectly secure. If you suspect your account has been compromised, change your password and email us so we can help.

Children

Prep Slate is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us and we will remove it.

International users

Prep Slate is operated by BMK Studios LLC from the United States. If you use the app from outside the US, you are sending your data to the US. We take reasonable steps to protect it the same way wherever you are.

Changes to this policy

If we change this policy in a way that meaningfully affects how we treat your data, we will update the "Last updated" date above and, for substantive changes, let you know by email before the change takes effect.

Contact

Prep Slate is a product of BMK Studios LLC. We are responsible for the information described in this policy. Questions, requests, or concerns about this policy: email us at support@prepslate.com.