We do not train AI on your recipes.
Our AI features (recipe chat, ingredient-from-photo) use Anthropic's Claude and OpenAI's embedding API under zero-retention, no-training terms. Your recipes are never used to train any model, ours or theirs.
Everything on this page is something we do today, written so you can verify it. No vibes, no generic security-theatre graphics.
Over the last year, talking to the people who run food businesses, one theme keeps coming up: who can see my recipes?
It's a fair question. A recipe isn't just a list of ingredients. It's the thing a small brand spent months getting right, the thing a product manager negotiated with their buyer, the thing that makes one hot-sauce different from the next. So if we're asking you to trust us with it, we owe you plain answers about what happens to it inside Nibblr.
This page is those answers. Every line below is something we actually do today, not a promise about what we might do later. Where we haven't got somewhere yet, we say so. If anything here raises a question, send it to security@nibblr.co.uk and we'll get back to you within a working day.
Anna-Sophie, Founder & CEO
Our AI features (recipe chat, ingredient-from-photo) use Anthropic's Claude and OpenAI's embedding API under zero-retention, no-training terms. Your recipes are never used to train any model, ours or theirs.
Every database query is scoped to your organisation in code, and that boundary is covered by an automated test suite that runs on every build. A change that breaks isolation fails the build before it reaches production.
Our business model is subscriptions. We don't run ads, we don't sell analytics, and we don't pass your data to marketers.
Nuremberg, Germany. Our production server sits inside Hetzner's ISO 27001-certified facility, with biometric access control and 24/7 on-site security. Your data never leaves the EU.
TLS 1.3 on every public endpoint, and HTTP is redirected to HTTPS. Server administration is over SSH with key-based authentication only; no password logins. Outbound calls to the AI providers also go over HTTPS.
30 days of rolling backups, age-encrypted before they leave the server, stored in Hetzner object storage in a separate German data centre (Falkenstein). The storage provider only ever sees ciphertext.
Customer data is stored on an encrypted volume. If the physical disk is removed from our server (for example, during hardware replacement of a failed drive), its contents cannot be read. Backups are age-encrypted at rest too, so even a compromised storage account would leak only ciphertext.
You, and anyone in your organisation. Nobody else.
If we discover a breach that affects your data, we'll notify you within 72 hours, the deadline set by UK GDPR. We'll tell you what happened, what we know, and what we're doing about it.
Every recipe can be exported to CSV or PDF from inside the app, at any time with no export queues or vendor lock-in.
Closing your account removes your data from the app immediately. We retain enough of it to meet our billing and legal obligations (usually for six years under UK HMRC rules). If you want to exercise your right to erasure under UK GDPR Article 17, email security@nibblr.co.uk and we'll handle it within 30 days.
Nibblr Ltd is registered as a data controller with the UK Information Commissioner's Office. Reference number available on request. Email security@nibblr.co.uk.
Every third party that processes customer data, with last-verified dates.
We'll send you a signed copy of our DPA on request. Email security@nibblr.co.uk.
For formal security reviews, we have a longer technical write-up available on request. Email security@nibblr.co.uk.