Mixidoo

Privacy Policy

Last updated

This privacy policy explains how Mixidoo collects, uses, shares, and protects your personal data when you use the website and service at mixidoo.co.uk (the "Service"), and the rights you have over your data.

Who we are (data controller)

The Service is operated by Mixidoo Ltd ("Mixidoo", "we", "us", or "our"), a company registered in England and Wales. (Our company registration number and registered office address will be added shortly.) We are the data controller responsible for your personal data. You can reach us about any privacy matter at support@mixidoo.co.uk.

1. Information We Collect

Account information

When you create an account with an email and password, we collect your email address and store a securely hashed version of your password (we never store your Mixidoo password in plain text). You may also add an optional display name.

Information from signing in with Google

If you choose to sign in with Google, Google shares a limited set of information with us — your name, email address, and Google account identifier. See section 4 for how we use it.

Cookidoo connection

Connecting your Cookidoo® account is entirely optional. If you choose to connect, you enter your Cookidoo email and password. We use these once to complete a secure sign-in with Vorwerk's authentication service (Cidaas) — routed through a dedicated authentication proxy — in order to obtain access and refresh tokens. We do not store your Cookidoo password and we never log it in plain text. What we store is: your Cookidoo email and country, and an encrypted refresh token (encrypted at rest using AES-256-GCM) that lets us obtain short-lived access tokens to upload the recipes you ask us to upload. Some accounts connected under our previous method may still hold an encrypted password; this is removed when you reconnect or disconnect. See section 5 for what this involves and the associated risks.

Recipe data

We store the recipes you convert — including the original recipe content extracted from the source URL and the converted Thermomix instructions — along with any notes you add. Recipe images may be referenced by their original URL or temporarily staged with our image provider so they can be attached to a Cookidoo upload.

Usage analytics

With your consent, we use Microsoft Clarity to understand how the Service is used (for example, page views, click patterns, and session recordings). Analytics cookies are only set after you grant consent via the cookie banner, and you can withdraw consent at any time.

We also use Vercel Web Analytics to measure aggregate traffic (such as page views and referrers). Vercel Web Analytics is privacy-friendly and cookieless: it does not set cookies, does not track you across sites, and does not collect personal data, so it runs for all visitors without requiring consent.

Error monitoring and session replay

We use Sentry to capture client- and server-side errors so we can diagnose and fix bugs. Error reports contain technical information such as the page URL, browser type, and a stack trace. When you consent to analytics cookies, Sentry may also record an anonymised replay of your session if an error occurs. Replays mask text input and media by default, and no replays are recorded unless you opt in.

Security and rate-limiting data

To protect the Service from abuse, we use Upstash Redis to rate-limit requests; it receives a hashed (irreversible) identifier derived from your IP address and a count of recent requests, not your raw IP. For sensitive administrative actions on our side, we keep an audit log that may include an IP address and browser user-agent, used only for security and accountability.

Payment information

Payments are handled by Paddle, which acts as the merchant of record. We do not receive or store your full card details. We hold limited billing information such as your subscription tier, status, and a Paddle customer reference.

2. The lawful bases we rely on

Under UK GDPR we must have a lawful basis for each purpose for which we process your personal data. We rely on:

  • Performance of a contract (Art. 6(1)(b)) — to create and run your account, convert recipes, upload to Cookidoo at your request, and process your subscription.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse and fraud (rate limiting, audit logging), and diagnose errors. You can object to processing based on legitimate interests (see section 11).
  • Consent (Art. 6(1)(a)) — for optional analytics and session-replay cookies. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to keep records we are required by law to retain, such as tax and transaction records.

3. How We Use Your Information

  • To provide, maintain, and secure the Service
  • To convert recipes into Thermomix format
  • To upload recipes to your Cookidoo account when you ask us to
  • To process subscription payments and manage your plan
  • To send transactional emails (password resets, account confirmations, usage notices)
  • To diagnose and fix problems, and to prevent abuse
  • With your consent, to understand and improve how the Service is used

4. Signing in with Google

If you sign in with Google, we receive your name, email address, and Google account identifier. We use this information solely to create and secure your Mixidoo account and to sign you in. We do not use Google sign-in data for advertising, and we do not sell it.

Mixidoo's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Connecting your Cookidoo account (optional)

Mixidoo is an independent service and is not affiliated with, authorised by, or endorsed by Vorwerk or Cookidoo® (see our Terms of Service for the full trademark notice). If you connect your Cookidoo account so that we can upload converted recipes for you, please understand:

  • We store an encrypted refresh token (and your Cookidoo email and country), used only to upload the recipes you choose. When you upload a recipe, we send Vorwerk the recipe's title, ingredients, steps, timings, device type, and image.
  • Because this is an unofficial connection, Vorwerk can change or withdraw access at any time, which may interrupt or end the feature without notice.
  • You can disconnect at any time from your account page. Disconnecting deletes the stored token (and any legacy stored password).

The risks of connecting and automating a third-party account — and your responsibility for complying with Cookidoo's own terms — are set out in our Terms of Service.

6. Recipe conversion and AI providers

To convert a recipe, we send the recipe content (the text we extract from the source you provide) to one or more specialist third-party AI providers that perform the conversion. We send the recipe content only — we do not send your name, email, or account identifiers, so these providers do not receive information that identifies you. They process the content under their own data-handling terms. We can provide further information about this processing on request.

7. Data Storage and Security

Your data is stored using Supabase, which provides row-level security policies, encryption at rest, and encrypted connections; our database and primary servers are hosted in the United States. Cookidoo refresh tokens (and any legacy passwords) are additionally encrypted with AES-256-GCM before storage, using a key held in our server environment and never exposed to the browser. We apply appropriate technical and organisational measures to protect your data, but no method of transmission or storage is completely secure.

8. Who We Share Data With

We do not sell your personal data. We share data only with the following providers, who process it on our behalf or to deliver the Service:

  • Supabase — database, authentication, and file storage
  • Vercel — application hosting, delivery, and cookieless web analytics
  • Paddle — payment processing (merchant of record)
  • Third-party AI providers — recipe conversion (recipe content only; no personal data)
  • Google — "Sign in with Google" authentication (if you use it)
  • Vorwerk (Cookidoo / Cidaas) — authentication and recipe upload (only if you connect Cookidoo)
  • Cloudflare — the authentication proxy used for the Cookidoo connection
  • Cloudinary — temporary staging of recipe images for Cookidoo uploads
  • Resend — transactional email delivery
  • Microsoft Clarity — usage analytics (only with consent)
  • Sentry — error monitoring and optional session replay (replay only with consent)
  • Upstash — Redis-based rate limiting (hashed, IP-derived identifiers only)

We may also disclose data where required by law, to protect our rights or users, or in connection with a business reorganisation or sale.

9. International Transfers

Several of our providers are based outside the United Kingdom, including in the United States. Where we transfer personal data outside the UK, we rely on UK 'adequacy' regulations or a recognised data bridge where available, and otherwise put in place appropriate safeguards — the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses — together with a transfer risk assessment. You can request more information about the safeguards for a specific provider by contacting us.

10. Data Retention

We retain your account data and recipes for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to keep limited records (for example, transaction records) for longer by law. Cookidoo tokens are deleted as soon as you disconnect. Aggregated or anonymised data that can no longer identify you may be retained.

11. Your Rights

If you are in the UK or the European Economic Area, you have the following rights over your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data
  • Restriction — request that we restrict processing
  • Portability — request your data in a portable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where we rely on consent, withdraw it at any time (this does not affect prior processing)

To exercise any of these rights, contact us at support@mixidoo.co.uk. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.

12. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing (Article 22 UK GDPR). Recipe conversion is automated, but it does not have legal or similarly significant effects on you.

13. Cookies

We use strictly necessary cookies for authentication and session management; these cannot be turned off. Optional analytics cookies (Microsoft Clarity) and Sentry session replay only run after you consent via the cookie banner, and no non-essential cookies are set before then. Our Vercel Web Analytics measurement is cookieless and sets no cookies. You can withdraw or change your consent at any time using the "Cookie preferences" link in the footer.

14. Children's Privacy

Our Service is not intended for children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

15. Changes to This Policy

We may update this privacy policy from time to time. We will post the updated policy on this page and revise the "Last updated" date, and we will notify you of material changes by email or a prominent notice on the Service.

16. Contact Us

If you have questions about this privacy policy or our data practices, contact us at support@mixidoo.co.uk.

Mixidoo

Convert any recipe to Thermomix format instantly.

Legal

© 2026 Mixidoo. All rights reserved.

Thermomix® and Cookidoo® are registered trademarks of Vorwerk International AG. Mixidoo is independent and is not affiliated with, authorised by, or endorsed by Vorwerk. These names are used only to describe the products Mixidoo is compatible with.