go back homeBack to Home

Privacy Policy

Last updated: 19/03/2026

1. Introduction

Basket List, Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Basket List, you agree to the collection and use of information in accordance with this policy.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect the following personal information:

  • Name: Your name for account identification
  • Email Address: Used for account authentication, communication, and account recovery
  • Password: Securely hashed and stored for account access (we never store plaintext passwords)

2.2 Content Data

You provide content data when using the Service, including:

  • Recipes you create or add to your collection
  • Shopping lists and ingredient information
  • Recipe books and organizational preferences

This content is stored to provide you with the Service and is not shared with third parties except as necessary to operate the Service.

2.3 Technical and Session Data

We may collect limited technical information:

  • Session Cookies: Essential cookies to maintain your login state and provide secure access
  • Preference Cookies: UI preferences (such as sidebar state) stored for 7 days

We do not use analytics, tracking pixels, or any third-party tracking technologies.

2.4 Early Adopter Status

Your account includes a "beta user" flag that determines whether you qualify for Early Adopter benefits (lifetime free account with up to 20 recipes). This status is based on your signup date and is used solely for account tier determination.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, maintain, and improve Basket List functionality
  • Account Management: To create and manage your user account
  • Authentication: To verify your identity and maintain secure access
  • Communication: To send service-related notifications and respond to inquiries
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to provide the Service you've requested (Article 6(1)(b))
  • Legitimate Interests: We have legitimate interests in maintaining security and preventing fraud (Article 6(1)(f))
  • Legal Obligation: We may process data to comply with legal requirements (Article 6(1)(c))

5. Data Sharing and Third Parties

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We only share data with service providers necessary to operate Basket List:

  • Electric SQL: Provides real-time data synchronization between your devices
  • Supabase: Database hosting infrastructure (data stored in UK/EU regions)

These service providers are contractually obligated to protect your data and only use it to provide services to us.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you request account deletion, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain information.

Session data and logs may be retained for up to 90 days for security and debugging purposes.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at the email address provided in Section 12. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure password hashing using industry standards
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure backup procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your data is stored on servers located in the United Kingdom and European Union. We do not transfer your personal data outside of the UK/EU. If this changes in the future, we will ensure appropriate safeguards are in place and notify you accordingly.

10. Children's Privacy

Basket List is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through a prominent notice on our Service. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

12. Contact Information and Data Controller

Basket List, Inc. is the data controller responsible for your personal data. If you have questions, concerns, or wish to exercise your rights under UK GDPR, please contact us at:

Basket List, Inc.

United Kingdom

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.

By using Basket List, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.