Mibori

Privacy Policy

Last updated: 21 May 2026

Who we are

Mibori is a personal meal-planning service. The brand name "Mibori" is a trade name of Stuijf Consultancy, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 34351819, established in the Netherlands. As an EU-based controller we operate under the General Data Protection Regulation (GDPR).

For privacy-related questions, write to privacy@mibori.com. For everything else, hello@mibori.com.

What data we collect

We collect only what we need to give you a working meal planner.

Account information
Your email address. If you sign in with Pinterest, we also receive the name and profile picture on your Pinterest account.
Pinterest data (read, not stored)
When you browse and select boards to import from, we read your board list and pin contents live from Pinterest's API — board names, pin counts, pin titles, descriptions, images, and the destination links pins point to. This data passes through Mibori only for the duration of your session. We do not store Pinterest data on our servers, in line with Pinterest's Developer Guidelines.
Recipes imported from pinned links
When you choose to import a pin, Mibori follows the destination link (for example, smittenkitchen.com or NYT Cooking) and saves the recipe content from that website — title, ingredients, steps, photo, source URL — to your Mibori library. This recipe data comes from the source website, not from Pinterest, and is what makes up your library.
Recipes and cooking history
Weekly plans you've made, and the ratings or notes you leave after cooking.
Technical data
Minimal server logs (IP address, browser, request paths) retained for up to 30 days for security and debugging. We do not run third-party tracking or advertising scripts.

Pinterest API specifically

When you connect your Pinterest account, Mibori requests these scopes through Pinterest's standard OAuth flow:

  • boards:read Read the list of your boards.
  • pins:read Read the pins inside the boards you choose to sync.
  • user_accounts:read Identify which Pinterest account is connecting.

To be explicit about what we do not do with the Pinterest API:

  • We never post pins, comments, or content of any kind on your behalf.
  • We never create, edit, rename, or delete your boards.
  • We do not access Pinterest ads, audience, or analytics data.
  • We do not send or read Pinterest messages.
  • We do not request scopes outside the three listed above.

About storing Pinterest data: per Pinterest's Developer Guidelines, applications may not store information accessed through the Pinterest API. Mibori follows this rule. Pinterest data (your boards, pin titles, descriptions, images, and destination links) is read live each time you use the import flow and is not retained on our servers afterwards. The recipes you choose to import are stored — but they are the recipe content from the source website each pin links to, not Pinterest content itself. Once a recipe is in your Mibori library, it has no dependency on Pinterest: if you later delete a pin or change a board, recipes you already imported stay in your library.

How we use the data

We use the data we collect for one purpose: to help you import recipes from sources you connect (such as Pinterest), plan your week around them, and remember which ones you've cooked. Recipes in your Mibori library are derived from the source websites your pins point to, not from Pinterest content itself, so your library remains intact even if your Pinterest account or pins change.

We do not sell your data, and we do not use it to target advertising — neither on Mibori nor elsewhere.

Retention

You can disconnect Pinterest or delete your Mibori account at any time from your account settings.

  • When you disconnect your Pinterest account, your OAuth tokens are revoked immediately and any transient Pinterest data still held in caches or session storage is purged within 30 days. Recipes you previously imported remain in your Mibori library because they are recipe content from third-party sites, not Pinterest data.
  • When you delete your Mibori account, all personal data tied to your account is removed from our systems within 30 days. Anonymised, aggregated metrics (e.g. "X recipes were imported this month") may be retained.
  • Backups containing your data may persist for up to a further 30 days before they rotate out and are overwritten.

Third parties and sub-processors

We do not sell or share your data with anyone for marketing. We do rely on the following sub-processors to operate the service:

  • Netlify, Inc. — hosting for this website (mibori.com).
  • Pinterest, Inc. — source of imported pin and board data when you connect a Pinterest account.
  • Anthropic, PBC — large-language-model processing for recipe extraction from pinned URLs. Inputs are not used for model training under Anthropic's API terms.
  • Hetzner Online GmbH — infrastructure hosting for the Mibori application (EU region).

Your rights under GDPR

If you are in the European Economic Area, you have the following rights over your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct data that's inaccurate or incomplete.
  • Erasure — ask us to delete your account and data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection and restriction — object to certain processing or restrict it.
  • Withdraw consent at any time, where processing relies on consent.

To exercise any of these, write to privacy@mibori.com. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

Cookies

We use the minimum number of cookies needed to keep you signed in and the service running:

  • Session cookies to remember that you're signed in to the Mibori app.
  • CSRF cookies to protect form submissions from cross-site request forgery.

We do not use third-party advertising or behavioural-tracking cookies on this website.

Updates to this policy

We may update this policy from time to time. The current version is always at mibori.com/privacy. If we make a change that materially affects how we handle your data, we'll notify registered users by email.