Last Updated: April 2026
Elias Tausch
Straße der AWG 8
09600 Weißenborn
Deutschland
Email: [email protected]
If you have any questions about data protection, you can contact us at any time by email.
A Data Protection Officer has not been appointed as the legal requirements pursuant to § 38 BDSG are not met.
Lucullioo is a web-based recipe management application that allows registered users to store recipes, organize them in folders, create shopping lists, manage a weekly meal plan and share recipes with the community. This privacy policy informs you about what personal data we collect, for what purpose and on what legal basis.
We process personal data on the basis of the following legal bases under the General Data Protection Regulation (GDPR):
Our website is hosted by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. Server management is handled via Plesk. When accessing our website, the hosting provider automatically stores information in server log files transmitted by your browser. These include:
Processing is based on our legitimate interest in ensuring website security (Article 6(1)(f) GDPR). Log files are automatically deleted after 7 days unless needed to clarify misuse.
Data Processing Agreement: We have concluded a data processing agreement (DPA) with Strato AG in accordance with Article 28 GDPR.
We use services from Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA, to protect our website and improve loading times. All requests to our website are routed through Cloudflare servers. Cloudflare may process the following data: IP address, security cookies, performance data.
Cloudflare is certified under the EU-US Data Privacy Framework (DPF). Additionally, we have established Standard Contractual Clauses in accordance with Article 46(2)(c) GDPR as the basis for transferring data to the USA.
Legal basis: Legitimate interest in secure and efficient provision of our website (Article 6(1)(f) GDPR).
This website uses SSL/TLS encryption for security reasons. An encrypted connection can be recognized by the browser's address bar changing from "http://" to "https://" and by the lock icon. When SSL/TLS encryption is active, data transmitted to us cannot be read by third parties.
We use cookies and comparable technologies (localStorage). Upon your first visit to our website, you are informed by a cookie banner about the technologies used and can give or refuse consent. Essential cookies are set without consent because they are technically necessary for the website to function.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| PHPSESSID | Essential | Session management and authentication | End of session (max. 4 hours) |
| cookieConsent | Essential | Storing your cookie consent | Unlimited (localStorage) |
| appState / currentSection | Functional | Restoring last page state | Unlimited (localStorage) |
| lastRecipeUser | Functional | Auto-fill email field on login | Unlimited (localStorage) |
| __cf_bm / cf_clearance | Essential | Cloudflare bot protection and security check | 30 minutes / end of session |
You can withdraw your consent to functional cookies at any time via the "Cookie Settings" link in the footer. Additionally, you can delete cookies at any time in your browser settings.
To use recipe management, registration is required. The following data is collected in this process:
Processing takes place to perform the contract (Article 6(1)(b) GDPR). Your password is never stored in plain text.
After registration, you receive an email with a verification link. This process is to ensure that the provided email address belongs to you. The verification token is generated on the server side and deleted after successful verification.
Legal basis: Contract Performance (Article 6(1)(b) GDPR).
When using our application, the following content data is processed:
This data is processed solely to provide the contracted services (Article 6(1)(b) GDPR) and is stored in a MySQL database on our hosting provider's servers.
Registered users can share their own recipes with the community. The recipe content, your nickname and publication time are displayed publicly. Your email address is not displayed publicly.
Recipe links (pairings): Users can link their own recipes with recipes from other users. When sending a pairing request, the recipient will see your nickname and the title of the linked recipe. The recipient can accept or decline the request. Accepted pairings are visible to both parties in the recipe view.
Sharing via invitation code: Users can share recipes and folders via a personal invitation code. Access via such a code is logged (user ID, recipe or folder ID, timestamp).
Legal basis: Contract Performance (Article 6(1)(b) GDPR). Please note that published content can be viewed by other users. Avoid publishing third-party personal data in recipes.
To protect against automated requests and spam (in particular during registration and login), we use Google reCAPTCHA v2, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
reCAPTCHA v2 displays an interactive widget to the user to confirm that they are human. The following data may be transmitted to Google:
Processing is based on our legitimate interest in protecting the website against abusive automated access (Article 6(1)(f) GDPR). Use without consent is permissible under § 25(2) No. 2 TDDDG, as reCAPTCHA serves exclusively to prevent technical misuse.
It cannot be ruled out that data is transmitted to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework (DPF); additionally, Standard Contractual Clauses apply in accordance with Article 46(2)(c) GDPR. Further information can be found in the Google Privacy Policy and the reCAPTCHA Terms of Service.
We implement appropriate technical and organizational measures to protect your data in accordance with Article 32 GDPR. These include in particular:
We do not generally share your personal data with third parties unless:
The following data processors are engaged:
Through the use of Cloudflare, Google reCAPTCHA, data may be transferred to the USA. Both companies are certified under the EU-US Data Privacy Framework (DPF). Additionally, Standard Contractual Clauses apply in accordance with Article 46(2)(c) GDPR as additional safeguards.
We retain your personal data only as long as necessary for the respective purposes of processing:
You have the following rights under GDPR:
To exercise your rights, please contact us by email at the address provided above.
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). You can contact the supervisory authority of your place of residence, workplace or place of alleged violation.
You can delete your user account at any time via the "Delete account" function in the user menu. Upon deletion, all associated data (recipes, folders, reviews, shopping lists, community posts) are permanently deleted. Recovery is not possible after deletion.
We reserve the right to update this Privacy Policy to ensure compliance with current legal requirements or to implement changes to our services. The date of the last update can be found at the top of this page.