Privacy Policy
Last updated: March 2026 — location, messages, and moderation policy added
The short version
- 🔒 We use only a session cookie for login. No tracking or advertising cookies.
- 📷 All EXIF metadata (including GPS location) is stripped from every photo you upload before it is saved.
- 🚫 We do not run ads, sell your data, or share it with third parties.
- 📍 If location features are added, only neighborhood-level precision will be stored — never your exact address or GPS coordinates.
- ✉ Messages between users are stored and may be reviewed by admins only when reported for abuse.
- 🗑 You can delete your account and all associated data at any time.
- ✉ We do not send marketing email without your explicit opt-in.
What we collect and why
We collect only what is necessary to provide the service.
- Account information — your username and password (hashed with bcrypt; we never store plain-text passwords). Email is optional and used only for account recovery if you choose to provide it.
- Content you create — recipes, shopping lists, meal plans, pantry entries, house memberships, and comments. This content is yours and is stored to provide the service.
- Photos you upload — stored on our server and served back to you and other users. See the Photos section below for how we handle metadata.
- Activity — when you publish a recipe, mark one as made, or fork one, this is recorded to power the activity feed for users who follow you. You can make your profile private at any time.
- Session data — a single session cookie is set when you log in. It is used solely to keep you authenticated. No analytics, advertising, or fingerprinting data is collected.
Photos and EXIF metadata
When you take a photo with a smartphone or camera, the image file typically contains hidden metadata known as EXIF data. This can include the make and model of your device, the exact date and time the photo was taken, and — critically — the GPS coordinates of where it was taken.
Every photo uploaded to Commonpot has all EXIF metadata permanently stripped before it is saved. The stored image contains pixel data only — no device information, no timestamps, and no location data.
This happens automatically, server-side, before the file is written to disk. You do not need to do anything. The original file on your device is not affected.
Location data
If you choose to set up a cook profile, you may optionally provide your US zip code. Here is exactly how it is handled:
- What is stored. Your 5-digit zip code is stored in our database in association with your account. We use it to resolve your approximate city and state (e.g. "Los Angeles, CA"), which is the only thing ever displayed publicly — and only if you opt in.
- Opt-in display. Your zip code is never shown publicly. Your city/state is shown on your profile only if you enable the "Show my city on my public profile" setting.
- Why this is safe. A zip code covers a 2–10 mile radius. Even if our database were compromised, an attacker would learn only the general area you live in — not your address, street, or exact location.
- Deletable at any time. You can clear your zip code from your account settings at any time.
Direct messages
Commonpot includes a direct messaging system that lets users contact cooks who offer services (mentoring, lessons, event cooking).
- Messages are stored. Messages you send and receive are stored in our database so that both parties can read them.
- Admin moderation. Message content may be reviewed by administrators when a message is reported for abuse. We do not read messages proactively — only in response to a report.
- Anti-spam limits. Accounts may send a maximum of 10 messages per day. URLs are not permitted in message bodies. Accounts must be more than 48 hours old to send messages.
- Blocking and reporting. You can block any user to prevent them from contacting you. Reporting a message flags it for admin review and temporarily suspends the sender's account pending review.
- Deletion. You can delete messages from your inbox and sent folder. Deleted messages are hidden from your view but are retained for moderation purposes for a reasonable period.
Account moderation and suspension
To maintain a safe community, we reserve the right to temporarily suspend accounts that are reported for abusive behavior.
- Auto-suspension on report. When a user is reported for sending an abusive message, their account is automatically suspended from posting, commenting, and sending messages until an administrator reviews the report.
- Admin review. Administrators review the reported content (message text or comment) and either resolve or dismiss the report. Accounts are unsuspended when a report is dismissed or after corrective action is taken.
- Appeal. If you believe your account was suspended in error, use the contact page to appeal.
Cookies
We use exactly one cookie: a session cookie that keeps you logged in. It is:
- First-party only — set by Commonpot, readable only by Commonpot.
- Session-scoped — it is deleted when you close your browser, or when you explicitly sign out.
- Functional only — it contains a session identifier, not personal data. It is not used for tracking.
There are no analytics cookies, advertising cookies, or any third-party scripts that set cookies on this site.
Data sharing
We do not sell, rent, or share your personal data with third parties. Period.
Content you mark as public (public recipes, public profile, public houses) is visible to anyone who visits the site. Content you keep private is visible only to you and, where applicable, members of your house.
We do not use Google Analytics, Facebook Pixel, or any other third-party tracking service. The only external requests your browser makes when using Commonpot are to load the page itself from our server.
Security
- Passwords are hashed with bcrypt before storage. We cannot recover your password.
- Optional two-factor authentication (TOTP) is available for your account.
- All uploads are validated for file type and processed through our image pipeline before being stored.
- The site is served over HTTPS.
Your rights and choices
- Profile visibility — you can make your bio and profile private at any time from your dashboard settings.
- Recipe visibility — each recipe can be set to public or private.
- Account deletion — you can permanently delete your account and all associated data instantly from your account settings. No waiting period, no request needed.
- Data export — your recipes can be downloaded individually in JSON (Schema.org) or Paprika format at any time.
Children
Commonpot is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has created an account, please contact us and we will remove it promptly.
Changes to this policy
If we make material changes to this policy, we will note the updated date at the top of this page. We will not retroactively reduce your privacy rights without notice.
Questions about this policy? Use the contact page to get in touch.