🌐 Website (smilingpages.com)

Who we are

Smiling Pages Recipes is a free recipe website available at www.smilingpages.com. We publish over 100,000 recipes for home cooks everywhere. The site is operated by an individual based in the United States.

What data we collect

Server logs. Like every website, our server automatically records standard access-log information each time you visit: your IP address, browser type (user-agent), the page you requested, the referring URL, and a timestamp. These logs are kept for security and debugging purposes and are not linked to any personal identity. They are retained for up to 90 days, after which they are automatically overwritten.

Votes (recipe upvotes). When you upvote a recipe we record a one-way hash of your IP address (SHA-256 with a server-side salt). This is a one-way operation — we cannot reverse the hash to find your original IP address. We use this solely to prevent the same person from voting on the same recipe multiple times.

Commentaires. If you leave a comment on a recipe, we store:

• The name you enter (displayed publicly next to your comment)
• Your comment text (displayed publicly)
• A one-way hash of your IP address (not displayed, used only for spam/abuse prevention)

We do not require an email address or any other contact information to comment.

Session cookie. We use a single PHP session cookie to enforce rate limits on comment submissions. This cookie does not contain any personal information and expires automatically when you close your browser. We do not use this cookie for tracking or advertising.

YouTube video embeds. Some recipe pages include YouTube videos embedded directly on the page. When those videos load, YouTube (operated by Google LLC) may set its own cookies on your device and collect usage data according to its own policies. Please see Google’s Privacy Policy for details.

Google Fonts. We load typography (Nunito and Lato fonts) from Google’s font servers at fonts.googleapis.com. When your browser requests these fonts, Google receives your IP address and browser information. See Google’s Privacy Policy for more information.

What we do NOT do (website)

• We do not sell, rent, or share your data with third parties for marketing purposes.
• We do not run advertising networks or display tracking pixels.
• We do not require you to create an account or provide a password.
• We do not accept payments, and we store no payment information whatsoever.
• We do not use analytics services (such as Google Analytics) at this time.

Cookies

Here is a summary of the cookies that may be present when you use this site:

• PHPSESSID (first-party, session) — Set by our server to enforce comment rate limits. Contains no personal data. Deleted when you close your browser.
• YouTube / Google cookies (third-party) — May be set when a recipe page contains an embedded YouTube video. Governed by Google’s cookie policy.
• Google Fonts (third-party) — Loading fonts from Google’s servers may result in Google logging your request.

We do not set any persistent tracking or advertising cookies ourselves. You can manage or block cookies through your browser settings. Note that blocking our session cookie may prevent comment submission.

Third-party services (website)

Smiling Pages Recipes uses the following third-party services. When you interact with them, their own privacy policies apply:

• YouTube (Google LLC) — Video embeds on select recipe pages. Google Privacy Policy
• Google Fonts — Typography served from Google servers. Google Privacy Policy
• Social sharing buttons (Pinterest, Facebook, X/Twitter, WhatsApp) — These are simple links that open the respective platform in a new tab. We do not load any scripts from these platforms on our pages; no data is sent to them unless you actually click a share button.
  • Pinterest Privacy Policy
  • Facebook Privacy Policy
  • X (Twitter) Privacy Policy
  • WhatsApp Privacy Policy

📱 iOS App (Smiling Pages for iPhone, iPad, Apple Watch, Vision Pro, Mac Catalyst)

TL;DR. No account required. No advertising or analytics SDKs. Camera images, microphone audio, photos, and Apple Health data are processed on your device only and never reach our servers. Optional cloud sync flows through your iCloud, not ours. Optional cloud-AI features (v1.7+) prompt you before each call and show you exactly what is sent.

What we do NOT do (app)

• We do not require you to create an account, give us your email address, or share your real name in order to use the app.
• We do not include any third-party advertising SDKs, analytics SDKs, attribution SDKs, or tracking pixels.
• We do not track you across other apps or websites. The Apple App Tracking Transparency prompt is therefore not shown — the app does not use the IDFA.
• We do not read or write Apple Health records without your explicit per-record consent.
• We do not upload your camera images, photo library, microphone audio, or saved cookbook to our servers.

Data the app processes on your device

These are processed entirely on your device using Apple frameworks. They never reach our servers.

What	Why	Apple framework
Camera frames during pantry barcode scan	Decode UPC/EAN barcodes	DataScannerViewController (Vision)
Photos picked from your library	Identify foods in pantry photos	VNClassifyImageRequest (Vision)
Microphone audio during cooking voice commands	Recognise “next step”, “set timer”, …	SFSpeechRecognizer (on-device)
OCR of pasted recipe images (v1.7)	Convert image-of-recipe to structured ingredients/steps	VNRecognizeTextRequest (Vision)
Health data (read)	Filter recipes by your dietary preferences and allergens	HealthKit
Health data (write)	Log a cooked meal as nutrition + macros, only when you tap “Log it”	HealthKit

The first time the app needs camera, microphone, photo library, speech recognition, calendar, or HealthKit access, iOS will show a native permission prompt. Tapping Don’t Allow simply disables the dependent feature; the rest of the app keeps working.

Data the app sends to remote services

Public recipe API. Anonymous read-only HTTP requests to https://www.smilingpages.com/api/*. These fetch recipe content (titles, ingredients, steps, images). They contain no personal identifiers — only the recipe slug, search query string, or ingredient list you chose to look up. Standard server access logs apply (90-day retention, no linking to identity, see Website section above). The User-Agent header includes the app version and platform (SmilingPages-iOS/1.0) so we can debug field issues. We do not record this to any per-user store.

Open Food Facts (barcode lookups). When you scan a barcode the UPC/EAN is sent to openfoodfacts.org. Open Food Facts is an independent third-party operated under the Open Database Licence. The request contains the barcode number only.

iCloud (CloudKit) — your account, not ours. If you are signed in to iCloud and have iCloud Sync enabled in Settings, your cookbook, shopping list, meal plan, pantry, and family group sync between your devices through Apple’s CloudKit. CloudKit data flows through your iCloud account — we cannot read this data. The app uses two CloudKit private databases:

• iCloud.com.smilingpages.recipes — personal cookbook / pantry / list
• iCloud.com.smilingpages.recipes.family — family-share metadata (cookbook records flow through CKShare on the same private container)

You can disable cloud sync at any time in Settings → iCloud Sync; the app falls back to a local on-device store with no functional loss.

Family Sharing (CKShare). When you create or join a family group, the app uses Apple’s CKShare to coordinate identity (display names, emoji avatar, role) between family members you have explicitly invited. The invite link is a single-use iCloud share URL; you control who you send it to. We never receive the share URL or the family roster.

Sign in with Apple. When you create a creator profile (v1.4+) or accept a recipe authoring invite (v1.7+), the app uses Sign in with Apple. Apple gives us either your real Apple ID email or a randomised relay address — your choice. We use this only to issue a creator handle, stored in your iCloud private database, not on our servers.

Push notifications. If you enable cooking-timer or family-coordination push notifications, your APNs device token is sent to Apple’s push servers. We do not use third-party push providers. Push payloads contain only the timer name or family event title.

Optional cloud AI (v1.7+). A small number of features (smart recipe authoring, meal-plan generator, photo-to-recipe, conversational follow-up) can route through a cloud language model when the on-device model is insufficient. Before any cloud call:

1. The app shows you exactly what payload will be sent.
2. You tap Send explicitly. If you cancel, no call happens.
3. We never send Apple Health data, cookbook history, family roster, or device identifiers to a cloud LLM.
4. The provider returns the response; we do not retain it on our servers.

We use Anthropic Claude (routed through Replicate) for multimodal and long-context calls; on-device calls use Apple Foundation Models. The audit log is on-device and visible to you in Settings → AI Activity.

StoreKit 2 (Pro subscription). Subscriptions for the optional Pro tier flow through Apple’s StoreKit. We receive a transaction receipt confirming the purchase, but not your Apple ID, payment method, or billing address. Apple manages your subscription; we cannot.

Apple App Privacy report (App Store nutrition label)

The Privacy “nutrition label” filed in App Store Connect declares:

• Data not collected. No data is linked to user identity by us.
• One linked third-party (Apple) for sync infrastructure (CloudKit).
• One linked third-party (Apple) for HealthKit when explicitly enabled.

The Apple Developer Program member of record is the team identified by Apple Team ID Z92WJTP2S4.

§ Shared sections (apply to website and app)

Data retention

• Server logs: Retained for up to 90 days, then overwritten.
• Comments: Retained indefinitely unless you request removal (see Your Rights below).
• Votes: Retained indefinitely as anonymous hashed records. Because we cannot reverse the hash, there is no way to link a stored vote back to any individual.
• On-device app data (cookbook, shopping list, pantry, planner, cook history): Retained until you delete it from inside the app, or uninstall.
• iCloud-synced app data: Retained per Apple’s iCloud retention policy. You can remove via Settings → iCloud → Manage Storage → Smiling Pages.
• Optional cloud-AI provider logs: Per provider; we do not retain.

Your rights

Even without user accounts, we respect your ability to manage the data you have knowingly submitted:

• Comment removal: If you posted a comment and would like it deleted, reach us through the website — include the URL of the recipe page and the text of your comment and we will remove it promptly.
• Right to know: You can ask what data we hold about you. Because we store only hashed IP addresses (not raw IPs), we cannot identify you from that data alone — so in practice the only data we can associate with you is a comment you tell us you wrote.

EU/UK/EEA residents have the rights described in the GDPR (access, rectify, erase, restrict, portability, object). California residents have the rights described in the CCPA / CPRA. Because we hold no per-user account data and do not sell or share personal information, most data-subject requests resolve to "no data on file" — but if you have submitted a comment, the comment-removal path above applies. Contact us via the website footer.

Children’s privacy

Smiling Pages is a general-audience recipe service and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted personal information to us, please reach us through the website and we will delete it promptly.

The iOS app is rated 4+ and the “Kids Mode” toggle in family settings hides recipes flagged with the mature content tag (alcohol, etc.) from child-bound profiles; this preference is stored in your iCloud private database only.

International users

The app is available worldwide through the App Store. The website is available worldwide. Localised in: English, Spanish, French, German, Portuguese, Italian, Japanese, Simplified Chinese (additional locales on the website).

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we revise the “Last updated” date at the top of this page. If we materially change how the iOS app processes data, the app will surface the change in Settings → What’s New at next launch. Continued use of the website or app after changes are posted constitutes your acceptance of the updated policy.

Contact us

Have a question about this policy or want to make a data request? We’re happy to help.