Grilln
Get the app
Privacy

Privacy Policy

Grilln is a place to share your cooks. Privacy matters — we only collect what we need to run the app, and we never sell your personal information. This policy explains exactly what happens to your data.

Last updated April 21, 2026

Plain-English summary

Here's the short version. The rest of this page has the detail and the legal framing.

  • We collect what the app needs to work: your account info, the cooks and gear you post, and technical data from your device (like crash logs).
  • We don't sell your personal information, and we don't share it with advertisers for cross-context behavioral advertising.
  • Your profile sets your default audience: public profiles share with everyone, private profiles share only with approved followers. You can also mark individual cooks Only me so they stay in your private journal and never appear anywhere else. We respect these settings everywhere in the app.
  • You can delete your account from inside the app at any time — we delete your personal data and content within 30 days, with narrow exceptions listed below.
  • Our core infrastructure runs on Google Firebase. A full list of service providers is in the subprocessors section.

Who we are

“Grilln,” “we,” “us,” and “our” refer to VNTOS LLC, the Delaware limited liability company that operates the Grilln mobile app, the website at grilln.app, and related services (together, the “Service”). For users in the European Economic Area, the United Kingdom, and Switzerland, VNTOS LLC is the data controller for your personal information. Grilln is a small, independent operation — if you email us, you're likely reaching the founder directly.

Information we collect

We group the data we handle into five buckets. Not every user generates data in every bucket — for example, we only collect location data if you turn it on.

CategoryExamplesSource
AccountEmail address, password (stored as a salted hash by our auth provider), Google/Apple Sign-In identifier, account creation date.You, your identity provider
ProfileUsername, display name, avatar photo, bio, location text, taste tags, grills on your rig list (catalog or custom), follower/following counts.You
ContentCooks you post (photos, captions, fuel type, method, temps, rest times, food tags, visibility setting), comments you write, posts you give respect to or bookmark.You
Device & usageDevice type, OS and app version, language, time-zone, approximate IP-derived country, crash reports, in-app event logs (e.g. “post created”), diagnostic performance data, and session replays of your interactions with the app (with sensitive text fields masked).Collected automatically
OptionalPrecise or coarse location attached to a cook (only if you add it), contacts you import to find friends, push notification token, camera/photo-library access.You opt in via OS prompt

Sensitive data we try to avoid

We don't ask for government IDs, financial account numbers, precise biometrics, or health data. If you voluntarily include sensitive information in a post or bio (for example, a medical reason for a particular diet), it becomes part of your content and is subject to the visibility setting you chose.

How we collect it

  • Directly from you — when you create an account, fill out your profile, post a cook, or contact support.
  • Automatically from your device— through our app and our service providers' SDKs, we collect device and usage data for security, analytics, and reliability.
  • From third parties — if you sign in with Google or Apple, we receive a basic identifier and email address from that provider. If someone invites you to follow them, we receive their invitation metadata.

How we use it

Each of the purposes below corresponds to a legal basis under the EU/UK GDPR. We only process your data where we have a valid basis.

  • To run the Service — authenticate you, render feeds, deliver comments and notifications, and back up your content. Legal basis: performance of our contract with you.
  • To keep Grilln safe — detect spam, abuse, fraudulent accounts, and violations of our Terms; investigate reports; enforce rate limits. Legal basis: legitimate interests in a safe, functional community; legal obligations where they apply.
  • To improve the Service — understand which features are used, diagnose crashes, run A/B tests on UI changes, and prioritize roadmap items. Legal basis: legitimate interests; your consent where required.
  • To communicate with you — send transactional emails (sign-in, password reset), in-app notifications, and occasional product announcements you can opt out of at any time. Legal basis: performance of contract; legitimate interests; consent for marketing where required.
  • To comply with the law — respond to valid legal process, defend claims, and meet regulatory obligations. Legal basis: legal obligation; legitimate interests.

We do not use your personal information to train generative AI models, and we do not sell your personal information as the term is defined under California and other US state privacy laws.

How we share it

We share personal information only in the ways listed here.

  • With other Grilln users — according to the visibility setting on each piece of content. Public cooks, usernames, display names, avatars, bios, and aggregate counts (respects, followers) are visible to anyone using the Service.
  • With our service providers — vendors who host infrastructure, send emails, process crashes, or moderate content on our behalf, under written contracts that restrict their use of your data. See the subprocessors table.
  • For legal reasons — to comply with subpoenas, court orders, and other lawful requests; to enforce our Terms; to protect the rights, property, or safety of Grilln, our users, or the public.
  • In a business transfer — if Grilln is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred. The acquirer must honor commitments made in this policy or give you notice and a choice before any materially different use.
  • With your consent— for any sharing not covered above, we'll ask first.

Service providers (subprocessors)

These vendors process personal data on our behalf. We'll update this list as the stack evolves.

ProviderPurposeWhat they see
Google — Firebase (Authentication, Firestore, Cloud Storage, Crashlytics)Account auth, database, media storage, crash reportingAccount and profile data, your posts and comments, photos, crash logs. Privacy
PostHogProduct analytics, session replay, bug diagnosisUsage events and session replays with sensitive text fields masked. Not used for advertising or profiling. Privacy
Apple & Google — App Store / Play Store, Sign in with Apple, APNs / FCMApp distribution, optional auth, push deliveryDevice identifiers, push tokens, purchase receipts

We do not sell your personal information to advertisers or third parties, and we do not share it for cross-context behavioral advertising.

Your choices & controls

  • Visibility per post. Every cook has a visibility setting: Public, Followers, or Only me. You can change it after posting.
  • Profile visibility. You can make your entire profile private from Settings → Privacy. Private profiles still appear in search by exact username.
  • Notifications. Granular toggles for respect, comments, follows, and product updates live in Settings → Notifications.
  • Permissions. Camera, photo library, location, contacts, and notification permissions are all controlled by your OS. You can revoke any of them at any time.
  • Download your data. Settings → Account → Download my data exports your profile, cooks, comments, and gear list as a portable archive. Delivery can take up to 30 days.
  • Delete your account. Settings → Account → Delete account. We permanently remove your personal information and content from live systems within 30 days. Any copies in routine encrypted backups rotate out within 90 days and can't be restored on request. Narrow exceptions are listed below.

Your regional rights

European Economic Area, United Kingdom, and Switzerland

Under the GDPR and UK GDPR you have the right to access, correct, delete, restrict, and port your personal data, to object to processing based on legitimate interests, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, email support@grilln.app. We aim to respond within 30 days and don't charge a fee for most requests.

California (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it's used, request deletion or correction, and opt out of “sharing” for cross-context behavioral advertising (we don't do this, but the right exists). You also have the right not to receive discriminatory treatment for exercising these rights.

Other US states

If your state grants privacy rights similar to the above (access, correction, deletion, portability, opt-out of targeted advertising/sale/profiling), we honor them. Email support@grilln.app and tell us which state you're writing from.

Retention & deletion

  • Active accounts: we retain your data for as long as your account exists so the app keeps working.
  • Deleted accounts: when you delete your account, we remove or anonymize personal data and content from live systems as soon as practicable, typically within 30 days. Copies may persist in routine encrypted backups for a limited additional period before rotating out.
  • Content of other users: if another user has quoted, commented on, or re-shared something you posted, their content referencing yours may persist after your account is deleted.
  • Safety & legal holds: we may retain limited information after deletion to prevent re-registration by banned users, comply with legal obligations, resolve disputes, or enforce our agreements.
  • Aggregate & de-identified data (e.g., feed performance metrics that can no longer be linked to you) may be retained indefinitely.

International data transfers

VNTOS LLC is based in the United States, and our service providers store data primarily in the US. If you use the Service from outside the US, your information is transferred to and processed in the US.

Security

We protect your data with encryption in transit (TLS) and at rest for our primary databases and media storage, authentication through Firebase, and access controls that limit who can reach production systems. Still, no system is perfectly secure. If we become aware of a breach affecting your personal information, we'll notify you and the appropriate regulators as required by law.

Children

Grilln is not directed to children under 13. By using the Service, you confirm that you are at least 13 years old. If we learn that we've collected personal information from a child under 13 without parental consent, we'll delete it promptly — email support@grilln.app to report it.

Changes to this policy

We may update this policy as the Service evolves. For material changes we'll notify you via in-app banner or email before the change takes effect. The Last updated date at the top always reflects the current version.

Contact us

Privacy questions, requests, and complaints go to support@grilln.app. General hello-type messages go to hello@grilln.app. Grilln is a small independent operation, so the person who replies is likely the person who built it.