We do not train AI on your recipes.
Our AI features (recipe chat, ingredient-from-photo) use Anthropic's Claude and OpenAI's embedding API under zero-retention, no-training terms. Your recipes are never used to train any model, ours or theirs.
Everything on this page is something we do today, written so you can verify it. No vibes, no generic security-theatre graphics.
Over the last year, talking to the people who run food businesses, one theme keeps coming up: who can see my recipes?
It's a fair question. A recipe isn't just a list of ingredients. It's the thing a small brand spent months getting right, the thing a product manager negotiated with their buyer, the thing that makes one hot-sauce different from the next. So if we're asking you to trust us with it, we owe you plain answers about what happens to it inside Nibblr.
This page is those answers. Every line below is something we actually do today, not a promise about what we might do later. Where we haven't got somewhere yet, we say so. If anything here raises a question, send it to security@nibblr.co.uk and we'll get back to you within a working day.
Anna-Sophie, Founder & CEO
Nibblr does not train AI on your recipes: Anthropic and OpenAI process your data only under zero-retention, no-training terms. Nibblr does not share data between customers; org-level isolation is enforced in code and covered by automated tests. Nibblr does not sell or mine your data; the business model is subscriptions, full stop.
Our AI features (recipe chat, ingredient-from-photo) use Anthropic's Claude and OpenAI's embedding API under zero-retention, no-training terms. Your recipes are never used to train any model, ours or theirs.
Every database query is scoped to your organisation in code, and that boundary is covered by an automated test suite that runs on every build. A change that breaks isolation fails the build before it reaches production.
Our business model is subscriptions. We don't run ads, we don't sell analytics, and we don't pass your data to marketers.
Customer data lives in Germany at Hetzner Nuremberg, an ISO 27001 certified facility. TLS 1.3 is used in transit; server administration is over SSH with key-based authentication only. Backups are age-encrypted before leaving the server and stored in a separate German data centre (Falkenstein). Customer data sits on an encrypted volume at rest.
Nuremberg, Germany. Our production server sits inside Hetzner's ISO 27001-certified facility, with biometric access control and 24/7 on-site security. Your data never leaves the EU.
TLS 1.3 on every public endpoint, and HTTP is redirected to HTTPS. Server administration is over SSH with key-based authentication only; no password logins. Outbound calls to the AI providers also go over HTTPS.
30 days of rolling backups, age-encrypted before they leave the server, stored in Hetzner object storage in a separate German data centre (Falkenstein). The storage provider only ever sees ciphertext.
Customer data is stored on an encrypted volume. If the physical disk is removed from our server (for example, during hardware replacement of a failed drive), its contents cannot be read. Backups are age-encrypted at rest too, so even a compromised storage account would leak only ciphertext.
Your data is visible to you and anyone in your organisation, no one else. All Nibblr staff work through the same audited application customers do, with one disclosed exception: Adam Neilson, CTPO, holds direct database access for emergency restores and production debugging. Every such access is logged.
You, and anyone in your organisation. Nobody else.
If a breach affects your data, Nibblr notifies you within 72 hours per UK GDPR. You can export any recipe to CSV or PDF from inside the app at any time, no queue or vendor lock-in. Closing your account removes your data from the app immediately, subject to billing-record retention.
If we discover a breach that affects your data, we'll notify you within 72 hours, the deadline set by UK GDPR. We'll tell you what happened, what we know, and what we're doing about it.
Every recipe can be exported to CSV or PDF from inside the app, at any time with no export queues or vendor lock-in.
Closing your account removes your data from the app immediately. We retain enough of it to meet our billing and legal obligations (usually for six years under UK HMRC rules). If you want to exercise your right to erasure under UK GDPR Article 17, email security@nibblr.co.uk and we'll handle it within 30 days.
Nibblr Ltd is registered as a UK ICO data controller. The full sub-processor list (Hetzner, Anthropic, OpenAI, Stripe, Google Analytics, Microsoft Clarity) is published at /trust/sub-processors with last-verified dates. A signed Data Processing Agreement and a technical security whitepaper are available on request from security@nibblr.co.uk.
Nibblr Ltd is registered as a data controller with the UK Information Commissioner's Office. Reference number available on request. Email security@nibblr.co.uk.
Every third party that processes customer data, with last-verified dates.
We'll send you a signed copy of our DPA on request. Email security@nibblr.co.uk.
For formal security reviews, we have a longer technical write-up available on request. Email security@nibblr.co.uk.