Privacy Policy

Dutchpot (“we”, “us”) operates the Dutchpot platform at dutchpot.online. This policy explains what personal information we collect, how we use it, and your rights. We keep data practices as minimal as the product allows.

Account information — when you register, we collect your display name, username, email address, and password (stored as a secure hash). If you sign in with Google, we receive your name, email, and profile photo from Google instead of a password.

Profile information — bio, region, parish or area, and any avatar photo you upload. This is optional and can be changed or cleared at any time in your settings.

Content you create — recipes, comments, “I cooked this” photos, and collection names. This content is associated with your account.

Messages — direct messages you send to other users are stored to deliver them and to provide your message history.

Activity data — your ratings, upvotes, follows, and recipe saves. This data drives your reputation score and personalizes the trending feed.

Technical data — IP address, browser type, and device information collected automatically for security, rate limiting, and error monitoring (via Sentry).

Push notification subscription — if you opt in to browser push notifications, we store the subscription endpoint and encryption keys needed to deliver them.

• To create and manage your account and authenticate your sessions.
• To display your recipes, profile, and community activity to other users.
• To calculate your reputation score and contributor tier.
• To send transactional emails: email verification, password reset, and platform notifications (new followers, recipe ratings, etc.).
• To deliver real-time in-app notifications and push notifications (if enabled).
• To detect abuse, enforce rate limits, and moderate content.
• To monitor errors and maintain platform stability.

We do not use your data for advertising or sell it to third parties.

With other users: your display name, username, avatar, bio, region, reputation score, published recipes, and public collections are visible to all users. Your followers and following lists are also public. Direct messages are only visible to participants.

With service providers: we use the following third-party services, each bound by their own privacy policies:

• Mailtrap — transactional email delivery.
• Railway — cloud hosting for the application and database.
• AWS S3 / CloudFront — image storage and delivery.
• Sentry — error monitoring. Error reports may include partial request data.
• Google — if you use “Sign in with Google”.

We do not share personal data with any other third parties except as required by law.

We use a single authentication cookie (httpOnly, secure) to maintain your logged-in session. This cookie is strictly necessary for the Platform to function and does not track you across other websites.

We do not use advertising cookies, analytics cookies, or any third-party tracking technologies.

We retain your account data for as long as your account is active. If you delete your account, your profile, email, and personal details are deleted within 30 days. Recipes and comments may be retained in anonymized form (author shown as “Deleted User”) to preserve the continuity of community discussions.

Server logs and error reports are retained for up to 90 days.

Depending on your location, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — update inaccurate information via your settings page.
• Deletion — delete your account and associated personal data from your settings.
• Restriction — request that we limit how we process your data in certain circumstances.
• Portability — request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at reuelswebservices@gmail.com. We will respond within 30 days.

Dutchpot is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Passwords are hashed using bcrypt and are never stored in plain text. Data in transit is encrypted via HTTPS/TLS. Database access is restricted to internal services. We apply rate limiting on authentication endpoints to mitigate brute-force attacks.

No method of transmission over the internet is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

Dutchpot is hosted on infrastructure based primarily in the United States. If you access the Platform from outside the US, your data will be transferred to and processed in the US. By using the Platform, you consent to this transfer.

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify registered users by email.

Questions or concerns about this policy? Email us at reuelswebservices@gmail.com.