Mibori

Privacy Policy

Last updated: 13 May 2026

Who we are

Mibori is a personal meal-planning service operated under the brand name Mibori, based in the Netherlands and operating under the General Data Protection Regulation (GDPR) of the European Union.

For any privacy-related questions, you can reach us at privacy@mibori.com. For general questions, write to hello@mibori.com.

What data we collect

We collect only what we need to give you a working meal planner.

Account information
Your email address. If you sign in with Pinterest, we also receive the name and profile picture on your Pinterest account.
Pinterest data (only when you connect your account)
Board metadata (board name, description, cover image, pin count) and, for the boards you choose to sync, pin metadata — title, description, destination URL, and image URL.
Recipes and cooking history
Recipes you've imported, weekly plans you've made, and the ratings or notes you leave after cooking.
Technical data
Minimal server logs (IP address, browser, request paths) retained for up to 30 days for security and debugging. We do not run third-party tracking or advertising scripts.

Pinterest API specifically

When you connect your Pinterest account, Mibori requests these scopes through Pinterest's standard OAuth flow:

  • boards:read Read the list of your boards.
  • pins:read Read the pins inside the boards you choose to sync.
  • user_accounts:read Identify which Pinterest account is connecting.

To be explicit about what we do not do with the Pinterest API:

  • We never post pins, comments, or content of any kind on your behalf.
  • We never create, edit, rename, or delete your boards.
  • We do not access Pinterest ads, audience, or analytics data.
  • We do not send or read Pinterest messages.
  • We do not request scopes outside the three listed above.

How we use the data

We use the data we collect for one purpose: to import and display the recipes you saved on Pinterest inside your Mibori account, and to help you plan and remember what you've cooked.

We do not sell your data, and we do not use it to target advertising — neither on Mibori nor elsewhere.

Retention

You can disconnect Pinterest or delete your Mibori account at any time from your account settings.

  • When you disconnect your Pinterest account, all Pinterest-derived data (boards, pins, tokens) is removed from our systems within 30 days.
  • When you delete your Mibori account, all personal data tied to your account is removed from our systems within 30 days. Anonymised, aggregated metrics (e.g. "X recipes were imported this month") may be retained.
  • Backups containing your data may persist for up to a further 30 days before they rotate out and are overwritten.

Third parties and sub-processors

We do not sell or share your data with anyone for marketing. We do rely on the following sub-processors to operate the service:

  • Netlify, Inc. — hosting for this website (mibori.com).
  • Pinterest, Inc. — source of imported pin and board data when you connect a Pinterest account.
  • Anthropic, PBC — large-language-model processing for recipe extraction from pinned URLs. Inputs are not used for model training under Anthropic's API terms.
  • Amazon Web Services, Inc. — infrastructure hosting for the Mibori application (EU region).

Your rights under GDPR

If you are in the European Economic Area, you have the following rights over your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct data that's inaccurate or incomplete.
  • Erasure — ask us to delete your account and data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection and restriction — object to certain processing or restrict it.
  • Withdraw consent at any time, where processing relies on consent.

To exercise any of these, write to privacy@mibori.com. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Cookies

We use the minimum number of cookies needed to keep you signed in and the service running:

  • Session cookies to remember that you're signed in to the Mibori app.
  • CSRF cookies to protect form submissions from cross-site request forgery.

We do not use third-party advertising or behavioural-tracking cookies on this website.

Updates to this policy

We may update this policy from time to time. The current version is always at mibori.com/privacy. If we make a change that materially affects how we handle your data, we'll notify registered users by email.