BrightDish Download on the App Store

Last updated · May 5, 2026

Privacy Policy

BrightDish is built to keep your data on your devices. This page explains, in plain language, what that means in practice.

In short

  • We do not collect any personal information.
  • We do not run analytics or telemetry.
  • We do not show ads.
  • All AI work is performed locally on your device; we do not use remote, third-party AI services.
  • If you enable iCloud sync, BrightDish data syncs between your devices through your own iCloud account, not through our servers.

Information we collect

We collect no personal information. BrightDish does not transmit your recipes, search queries, ingredient lists, photos, or any other content from the app to us or to any third party. There are no analytics SDKs, advertising packages, or telemetry packages in the app.

Permissions that the app requests

BrightDish asks for permissions only when you actively use a feature that requires them. You can change any of these in iOS or iPadOS Settings → BrightDish at any time.

  • Camera. Used when you choose to scan a physical recipe for importing or take a photo to add to a recipe.
  • Photo Library. Used when you select a photo for importing or to add to a recipe. BrightDish does not access your full photo library; it receives only the photos that you select.
  • Files and Folders. Used when you select a recipe file to import or choose a location to which a recipe should be exported.

How recipe creation works

When you generate a recipe with BrightDish, the work is performed by Apple Intelligence running locally on your iPhone or iPad. AI photos for recipes are generated using a local AI model running on your device.

When you import a recipe from the web, BrightDish reads the HTML page content directly from your device. We do not proxy the request through our servers and we do not log the URLs you visit or import. Recipe websites you visit may, however, log your visit per their own privacy policies; we have no control over those policies.

iCloud sync

If you have iCloud sync enabled, BrightDish stores your recipe library, including photos, in your private iCloud database (the Apple-managed CloudKit container associated with your Apple ID). This data is encrypted in transit and at rest by Apple. We have no access to it. iCloud sync is governed by Apple’s iCloud Terms and Privacy Policy.

Deleting your data

Uninstalling BrightDish from your device(s) will delete all data associated with the app. If you use iCloud sync, that data is stored in your private iCloud database and will be restored if you reinstall BrightDish on any Apple device where you use the same Apple ID. You can permanently delete BrightDish data from iCloud. To do so, open the iCloud section of the iOS or iPadOS Settings app. No user data of any kind is retained on any other server, including our own.

Account deletion. BrightDish does not require an account. We do not maintain any user accounts on our servers, so no account deletion is necessary or applicable.

In-app purchases

In-app purchases are processed by Apple through the App Store. We do not see your payment details. Apple shares with us only the receipt necessary to validate your subscription or purchase status. See Apple’s App Store privacy policy for details on Apple’s handling of purchase data.

Crash and diagnostic data

If you have opted to share analytics with app developers in iOS or iPadOS Settings (Settings → Privacy & Security → Analytics & Improvements → Share With App Developers), Apple may forward anonymized crash logs and performance metrics to us through App Store Connect. This data is aggregated by Apple, contains no personal identifiers, and is used by us only to diagnose crashes and improve stability. You can disable this at any time in iOS or iPadOS Settings. We do not embed any third-party crash reporting SDKs in the app.

Children’s privacy

BrightDish is not directed to children under 13, and we do not knowingly collect any information from children under 13. If you believe a child has provided information that requires our action, please contact us at the address below.

Third-party services

BrightDish does not embed third-party analytics, advertising, or tracking services. The only servers your device contacts on BrightDish’s behalf are:

  • Apple’s iCloud (CloudKit), if you enable sync.
  • Apple’s App Store, for subscription and purchase verification.
  • Recipe websites you explicitly choose to import from.
  • Brightdish.app, to check for emergency alerts as described below.

Emergency alerts

On launch, BrightDish checks https://brightdish.app to see if there are any important alerts that should be displayed to users. For example, if a security vulnerability is discovered in a previous version of the app, users running that version may see an alert informing them of the vulnerability and suggesting they update the app immediately.

To enable this service, BrightDish sends the build number (version number) of the app to our web server. The build number itself is not retained or associated with you. This service is not used for marketing purposes. It does not send system-level notifications. It does not run in the background; the check is performed once when you launch the app. Alerts are cryptographically signed by the BrightDish server and cannot be forged via man-in-the-middle attacks.

Server logs.
Like any HTTP request, the alerts check necessarily transmits your device’s public IP address to our server, and our web server records standard access log entries (IP address, timestamp, user agent, requested path) for security and abuse-prevention purposes. These logs are retained for a period of time and are not used to identify, profile, or track you. They are never shared with third parties except as required by law.

Your rights

Because we do not collect or store your information, there is generally nothing for us to access, correct, or delete on your behalf. To remove your recipes from iCloud, delete the BrightDish app data from iCloud Settings on your device.

European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and analogous laws:

  • The right to access any personal information we hold about you;
  • The right to have inaccurate personal information rectified;
  • The right to have your personal information erased;
  • The right to restrict or object to our processing of your personal information;
  • The right to data portability;
  • The right to withdraw consent for any processing based on consent;
  • The right to lodge a complaint with your local data protection supervisory authority.

Because we do not collect or store personal information about you, in practice we have no data on which to exercise most of these rights. You may still contact us at the address below if you have questions or wish to verify this.

Legal basis for processing.
Any processing we perform is carried out on the basis of our legitimate interest in maintaining the security and integrity of our service (Article 6(1)(f) GDPR).

International transfers.
No personal data is transferred outside the EEA, UK, or Switzerland for our purposes. Apple may store your iCloud data in their data centers globally; that processing is governed by Apple’s privacy policy.

Data controller.
The data controller for any processing described in this policy is the entity named in the Contact section below.

California residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, grants you specific rights regarding personal information that businesses collect about you. These rights include the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to opt out of the sale or sharing of personal information; and the right to non-discrimination for exercising these rights.

Because BrightDish does not collect or sell personal information, we have no data to access, delete, or share on your behalf, and there is no opt-out to exercise. If you have questions, contact us at the address below.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent change. We will notify you of material changes by displaying an in-app notice the next time you launch BrightDish, and by updating this page. Continued use of the App after a change constitutes acceptance of the updated policy.

Contact

The data controller for this Privacy Policy is Incident 57, Inc. (“BrightDish”). Privacy questions can be sent to [email protected].

Incident 57, Inc.
San Diego, California