Gluten Advisor (the “App”) and The GF Recipes (the “Website”) are operated by Exponential Financial Consult S.R.L., Strada Gheorghe Doja, Nr. 1, Bloc 37D, Etaj 1, Ap. 36, Ploiesti, Judet Prahova, Romania (“Company,” “we,” “us,” or “our”).
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use the App, the Website, and any related services, features, communications, forms, maps, listings, recipes, articles, accounts, advertising, affiliate links, partner links, and user-submitted content together called the “Service.”
By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree with it, please do not use the Service.
Updated at 2026-05-16
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws, the controller of your personal data is:
Exponential Financial Consult S.R.L.
Strada Gheorghe Doja, Nr. 1, Bloc 37D, Etaj 1, Ap. 36
Ploiesti, Judet Prahova, Romania
Email: radu@thegfrecipes.com
Contact form: https://thegfrecipes.com/contact
“App” means the Gluten Advisor mobile application.
“Website” means The GF Recipes website, available at https://www.thegfrecipes.com.
“Service” means the App, Website, map, listings, recipes, articles, account features, forms, advertising, affiliate links, partner links, and related services.
“Personal data” means any information relating to an identified or identifiable person.
“Processing” means any operation performed on personal data, including collection, storage, use, disclosure, deletion, and transfer.
“Special category data” means more sensitive personal data under GDPR, including data concerning health.
We collect different types of personal data depending on how you use the Service.
If you create an account or sign in, we may collect your name, username, email address, profile picture, account identifier, login provider, authentication tokens, and related account information.
Authentication may be handled through Auth0 and/or social login providers such as Google or Apple. If you use social login, we may receive information made available by the relevant provider, such as your name, email address, profile picture, and provider identifier.
We use account and login data to create your account, let you sign in, keep your account secure, prevent unauthorized access, provide account features, and manage your relationship with us.
The legal bases for this processing are performance of a contract, our legitimate interests in securing and operating the Service, and legal obligations where applicable.
If you contact us, submit a form, report an issue, request help, suggest a place, request a correction, or communicate with us, we may collect your name, email address, message content, attachments, technical details, and any other information you choose to provide.
We use this information to respond to you, handle support requests, verify information, investigate issues, improve the Service, and keep records of communications.
The legal bases for this processing are our legitimate interests in responding to users and operating the Service, performance of a contract where the request relates to your account or use of the Service, and legal obligations where applicable.
With your permission, the App may access your device location to show nearby gluten-free or coeliac-friendly places, display map results, calculate distance, improve search relevance, and help you use map-related features.
Unless clearly stated otherwise in the App, we do not collect background location data and we do not maintain a continuous location history of your movements.
We use location data only to provide location-based features, improve map relevance, and support the functionality requested by you.
The legal basis for precise device location is your consent. You may withdraw this consent at any time through your device settings. For approximate location derived from IP address, the legal basis may be our legitimate interests in security, localization, analytics, and service operation, where permitted by law.
You may voluntarily provide dietary preferences, allergy-related information, intolerance-related information, coeliac-related preferences, or similar information to personalize your experience.
This may include preferences or filters related to gluten-free food, coeliac-friendly places, gluten intolerance, wheat allergy, lactose-free products, vegan products, vegetarian products, or other dietary needs.
Depending on the information provided, this data may reveal or suggest health-related information and may be considered special category data under GDPR or similar laws.
We use this information only to provide and personalize the Service, such as helping you find more relevant listings, filters, recommendations, saved preferences, or app features. We do not sell this information. We do not use it for advertising profiling.
Where required by law, we rely on your explicit consent to process health-related or special category data. You may withdraw consent, delete the information, or update your preferences at any time through the App settings, account settings, or by contacting us.
If you submit reviews, corrections, venue suggestions, photos, menu information, reports, comments, ratings, profile images, or other content, we may collect and process the content you submit, related metadata, and information needed to moderate, verify, publish, respond to, or remove it.
We use User Content to operate the map and listings, improve venue information, help other users, prevent abuse, investigate reports, and maintain the quality and safety of the Service.
The legal bases for this processing are performance of a contract, our legitimate interests in operating and improving the Service, consent where applicable, and legal obligations where applicable.
Do not submit personal data about other people unless you have the right to do so.
If the App allows you to upload a profile picture, venue photo, menu photo, or other image, we may process the image you choose to upload and related metadata.
If you grant camera or photo library access, the App uses that access only for the feature you request, such as selecting or taking a profile picture or submitting a venue-related photo.
You can manage camera and photo permissions through your device settings.
We may collect device and technical information such as device type, operating system, app version, browser type, IP address, language, approximate location derived from IP address, crash reports, diagnostic logs, performance data, pages or screens viewed, features used, referral source, interaction data, and security logs.
We use this information to operate, secure, debug, improve, measure, and understand the Service. It also helps us detect abuse, fraud, errors, crashes, performance problems, and unauthorized activity.
The legal bases for this processing are our legitimate interests in maintaining, securing, and improving the Service, consent where required for analytics or non-essential tracking, and legal obligations where applicable.
The App may use Firebase or similar tools, including Firebase Analytics, Firebase Crashlytics, Firebase Cloud Messaging, Firebase Performance Monitoring, Firebase Remote Config, or similar services, depending on the app version and enabled features.
These tools may process app-instance identifiers, installation identifiers, device information, operating system, app version, analytics events, crash logs, non-fatal error reports, performance data, diagnostic information, push notification tokens, and technical region data.
We use these tools to understand app usage, fix crashes, improve reliability, measure performance, send push notifications where enabled, prevent abuse, and maintain the security and reliability of the App.
Where required by law, non-essential analytics, advertising, or tracking technologies are used only after obtaining the required consent. Crash reporting and security-related diagnostics may be processed based on our legitimate interests where necessary to maintain and protect the Service.
If you enable push notifications, we may process your device notification token and notification preferences to send account, service, map, update, feature-related, or other permitted notifications.
You can disable notifications in your device settings at any time.
The legal basis for push notifications is your consent or request, depending on the type of notification and applicable law.
Where enabled, the Service may use cookies, device identifiers, advertising identifiers, local storage, SDKs, pixels, analytics tools, and similar technologies to measure usage, improve the Service, prevent fraud, and show ads.
Advertising may be personalized or non-personalized depending on your consent, device settings, region, and applicable law.
Advertising and analytics data may include device identifiers, advertising identifiers, IP address, app or website interactions, ad views, ad clicks, consent status, approximate location, browser data, and technical signals.
We do not use voluntarily provided coeliac, allergy, intolerance, or health-related preferences for advertising profiling.
The legal bases for this processing are consent where required, our legitimate interests where permitted, and legal obligations where applicable.
If you click affiliate links, partner links, discount-code links, booking links, or third-party retailer links, we may process click information, referral data, campaign information, and similar data needed to measure partner performance, discounts, commissions, or referrals.
Purchases or bookings made through third-party websites are handled by the third party, not by us.
The legal bases for this processing are our legitimate interests in operating partner and affiliate programs, consent where required, and legal obligations where applicable.
We may use Google Search Console to understand how the Website appears in Google Search, including search queries, impressions, clicks, indexing status, and technical search-performance information.
Google Search Console does not require us to place analytics cookies on your device. We use it to monitor Website visibility, indexing, and technical search performance.
The legal basis for this processing is our legitimate interest in understanding and improving the Website’s search performance.
We use personal data to provide, operate, maintain, secure, and improve the Service.
This includes using personal data to create and manage accounts, authenticate users, provide map and nearby-location features, personalize filters and preferences, process user submissions, respond to support requests, verify venue information, send notifications, prevent abuse, fix bugs, analyze performance, display and measure ads, manage affiliate or partner links, comply with legal obligations, and protect our rights and users.
We do not use personal data for purposes that are incompatible with the purposes described in this Privacy Policy unless we obtain your consent or are otherwise permitted by law.
We process personal data only where we have a valid legal basis.
We process data where necessary to provide the Service to you, manage your account, enable login, provide app features, respond to account-related requests, and operate the features you choose to use.
We rely on consent where required, including for precise device location, push notifications, non-essential cookies, advertising personalization, certain analytics technologies, and processing health-related or special category data where applicable.
You can withdraw consent at any time. Withdrawing consent does not affect processing that happened before withdrawal.
Where dietary, allergy, intolerance, coeliac-related, or similar preferences qualify as health-related or special category data, we rely on explicit consent where required by law.
You may withdraw this consent or delete/update the relevant information at any time.
We may process personal data based on our legitimate interests where those interests are not overridden by your rights and freedoms.
Our legitimate interests include securing the Service, preventing abuse and fraud, responding to users, improving the Service, fixing bugs, measuring performance, maintaining business records, protecting legal rights, managing partner or affiliate programs, and understanding general usage of the Service.
We may process personal data where necessary to comply with legal, tax, accounting, consumer protection, data protection, security, regulatory, or court obligations.
In rare cases, we may process personal data where necessary to protect someone’s vital interests, such as in an emergency.
Location permission is used to make the map and nearby-search features work properly.
We may use your location to show nearby gluten-free or coeliac-friendly places, calculate distance to venues, improve search and map relevance, provide route or map-related features, and support location-based app functionality.
You can use the Service without granting location permission, but some map features may be limited.
We do not sell GPS location data. We do not use precise GPS location to create advertising profiles unless this is separately disclosed and valid consent is obtained where required.
You can revoke location access at any time through your device settings.
Gluten Advisor is designed for people looking for gluten-free, coeliac-friendly, allergy-aware, intolerance-aware, or dietary-relevant information. Because of that, some information you voluntarily provide may reveal or suggest health-related information.
Examples may include coeliac-related preferences, gluten intolerance or wheat allergy information, lactose-free or dairy-related preferences, vegan or vegetarian preferences, saved filters, allergy or cross-contact concerns, or notes related to food safety.
We process this information only to provide or personalize the Service. We do not sell it. We do not use it for advertising profiling. We do not require you to provide it unless a specific feature cannot work without it.
Where required by law, we ask for explicit consent before processing health-related or special category data. You can withdraw consent at any time, but doing so may limit features that depend on that information.
If you create an account, you can request deletion of your account and associated personal data.
You can initiate account deletion through the App at [Home -> Profile -> Delete Account], or by contacting us at [radu@thegfrecipes.com].
When you delete your account, we will delete or anonymize personal data associated with the account unless we must retain limited information for legal obligations, fraud prevention, security, dispute resolution, accounting, enforcement of our Terms, or other lawful reasons.
Some content may remain if it has been anonymized, aggregated, or separated from your account, or where removal would affect legal rights or obligations. For example, published venue corrections or public reviews may be removed, anonymized, or retained depending on the context and applicable law.
We may ask you to verify your identity before completing a deletion request.
Deleting the App from your device does not automatically delete your account or all personal data stored by us. You must use the account deletion process or contact us.
We may use cookies, local storage, sessions, pixels, SDKs, consent tools, and similar technologies to keep the Service functioning, remember preferences, secure login sessions, analyze traffic and usage, improve performance, serve and measure advertising, and track affiliate links or partner campaigns.
We use CookieYes as our consent management platform on the Website to request, store, and manage cookie consent where required.
Some cookies and technologies are essential. Others are optional and may require consent depending on your location.
You can manage cookies through your browser settings and through the CookieYes banner or revisit-consent button where available. You can manage app permissions and advertising identifiers through your device settings.
For more information, see our Cookie Policy at https://www.thegfrecipes.com/cookie-policy/.
The App may display advertisements through Google AdMob or other advertising networks. Advertising providers may process device identifiers, IP address, app interactions, ad interactions, approximate location, consent status, and similar data to serve, limit, measure, and improve ads.
Where required by law, including for users in the EEA, UK, and Switzerland, we use a consent mechanism or consent management platform to request and manage advertising consent. Depending on your choices, you may receive personalized ads, non-personalized ads, or limited ads.
You can change your advertising consent in the App where available, through device privacy settings, or through relevant provider tools.
We do not use voluntary coeliac, allergy, intolerance, or health-related preferences for advertising profiling.
We may use analytics, diagnostics, and crash reporting tools, such as Google Analytics, Firebase Analytics, Firebase Crashlytics, Firebase Performance Monitoring, Google Search Console, or similar providers.
We use these tools to understand how the Service works, detect crashes, improve performance, fix bugs, monitor search visibility, and keep the Service secure.
These tools may process device information, app version, operating system, usage events, crash logs, performance data, approximate location, technical identifiers, search-performance information, and diagnostic data.
Where required, non-essential analytics technologies are used only after consent.
We may use Auth0 and social login providers such as Google or Apple to allow you to register and sign in.
If you use social login, we may receive information such as your email address, name, profile picture, provider identifier, and other information made available by the provider.
We use this information only for account creation, login, security, and account management.
Your use of Google, Apple, Auth0, or other authentication providers is also subject to their own privacy policies and terms.
The Service may use Google APIs, including Google Maps Platform, Google Sign-In, Google Analytics, Google AdMob, Firebase, YouTube, Google reCAPTCHA, Google Tag Manager, and Google Search Console, depending on the feature and platform.
Google Maps and related APIs may process information such as IP address, device data, map interactions, search queries, and location data where permission is granted.
Google reCAPTCHA may process technical information such as device data, browser data, IP address, and interaction signals to help protect forms and the Website from spam, bots, and abuse.
Google processes information according to its own policies. Our use of information received from Google APIs will comply with applicable Google API Services User Data Policy requirements, including applicable limited-use requirements where relevant.
We use third-party providers to operate, secure, improve, and monetize the Service.
These may include Auth0 for authentication and account security; Google and Apple for social login; Google Maps Platform for maps and location features; Google AdMob and other advertising providers for advertising; Firebase, Google Analytics, Crashlytics, Performance Monitoring, and similar providers for analytics, diagnostics, app reliability, and crash reporting; Google Search Console for search performance; Google reCAPTCHA for spam and abuse prevention; hosting, database, CDN, and infrastructure providers for service operation and security; email and communication providers for support and service emails; affiliate networks and partners for referral links, discount codes, and commissions; app stores for app distribution and payments where applicable; and legal, accounting, compliance, or professional advisers where necessary.
These providers may process personal data only as needed for the relevant service, except where they act as independent controllers under their own privacy policies, such as app stores, advertising networks, map providers, social login providers, or some Google services.
The Service may include affiliate links, booking links, partner links, discount codes, sponsored links, or recommendations involving third-party retailers, hotels, restaurants, stores, products, or other partners.
If you click such links or use a discount code, the third party may process your data according to its own privacy policy. We may receive commission, referral credit, discounted access, or other benefits, at no extra cost to you.
Our commercial relationships do not guarantee that a product, venue, service, or partner is medically safe, coeliac-safe, allergy-safe, or suitable for you.
We may share personal data when necessary with service providers who operate the Service on our behalf, authentication providers, map providers, analytics providers, crash reporting providers, advertising providers, affiliate providers, app stores, payment providers where applicable, professional advisers, insurers, auditors, legal representatives, public authorities, courts, regulators, law enforcement, or successors in connection with a merger, acquisition, restructuring, or sale of business assets.
We do not sell your personal data. We do not sell dietary, allergy, intolerance, coeliac-related, or health-related information.
We are based in Romania, but some service providers may process personal data in other countries, including countries outside the European Economic Area.
Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, data processing agreements, and additional security measures.
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account data is usually kept until account deletion, plus limited retention where legally or security-wise necessary. Support messages are usually kept for up to 3 years after the last interaction, unless needed longer for legal reasons.
Analytics data is usually kept for up to 24 months, depending on provider settings. Crash and diagnostic logs are usually kept for up to 12 months unless needed longer for security, debugging, or legal reasons.
Advertising consent records are kept as long as needed to demonstrate consent and comply with legal obligations. Affiliate tracking data is usually kept for up to 24 months or as required by affiliate partners.
Legal, accounting, tax, or dispute records are kept as long as required by applicable law. When personal data is no longer needed, we delete, anonymize, or aggregate it.
We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
These measures may include encryption, secure authentication, access controls, logging, backups, monitoring, provider security controls, and internal restrictions.
No system is completely secure. We cannot guarantee absolute security, but we work to protect your data using appropriate safeguards.
If a data breach occurs and applicable law requires notification, we will notify affected users and/or the relevant supervisory authority as required.
Depending on your location and applicable law, you may have the right to access your personal data, request correction of inaccurate data, request deletion of your data, restrict processing, object to processing based on legitimate interests, withdraw consent at any time, request data portability, object to direct marketing, and lodge a complaint with a supervisory authority.
To exercise your rights, contact us at radu@thegfrecipes.com or through https://thegfrecipes.com/contact.
We may need to verify your identity before responding. We will respond within the period required by applicable law.
If you are in Romania or the European Union, you may also contact the Romanian supervisory authority:
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod postal 010336, Bucuresti, Romania
Email: anspdcp[at]dataprotection.ro
Website: https://www.dataprotection.ro
– The Service is not directed to children under 16 in the European Economic Area, unless parental consent is provided where required by law.
We do not knowingly collect personal data from children under 16 without appropriate parental consent where required.
If you believe a child has provided us with personal data without the required consent, contact us and we will take appropriate steps to delete the information.
For users outside the EEA, different age thresholds may apply under local law.
The Service may link to third-party websites, apps, stores, booking platforms, affiliate partners, restaurants, hotels, social platforms, or other services.
We do not control their privacy practices. Their privacy policies and terms apply when you use their services.
We may update this Privacy Policy from time to time. The updated version will be indicated by the “Updated at” date above.
If changes are material, we may notify you through the Service, by email, through the App, or by other appropriate means.
If you do not agree with the updated Privacy Policy, you should stop using the Service and may delete your account.
For questions, privacy requests, account deletion requests, or complaints, contact us at:
Email: radu@thegfrecipes.com
Contact form: https://thegfrecipes.com/contact
This website uses cookies.