slrp

Privacy Policy

Last updated: 11 May 2026

1. Who we are

slrp is operated by TWANA PTY LTD (ABN 74 671 360 946). We take your privacy seriously and handle your data in accordance with the Australian Privacy Act 1988.

2. What we collect

When you use slrp, we collect:

  • Account info: your name, email address, and (for Google or Apple sign-in) profile picture. We support sign-in with Google, Apple, or an email magic link.
  • Recipe data: URLs you submit and the recipe data we extract from them (ingredients, instructions, times)
  • App data: your meal plans, grocery lists, pantry items, ratings, and preferences
  • Partner info: email addresses you provide when inviting a partner

3. How we use your data

We use your data to:

  • Provide and improve the slrp service
  • Extract and organise recipe data from URLs you submit
  • Share recipe libraries, meal plans, and grocery lists between you and your partner
  • Send partner invitation emails on your behalf
  • Categorise ingredients for your grocery lists

4. Third-party services

We use trusted third-party services to operate slrp, including for authentication, data storage, email delivery, and data processing. On the public pages we also use Microsoft Clarity to record session replays and heatmaps so we can understand how visitors use the site — this only runs after you accept the consent banner, and form inputs and text content are masked under our Strict configuration. See Microsoft's privacy statement for details. We do not sell your data to anyone.

5. Data sharing

When you pair with a partner on slrp, you both share access to recipes, meal plans, grocery lists, and pantry items. Your partner can see content you've added and vice versa. Beyond your partner and our service providers, we don't share your personal data with third parties.

6. Cookies & sessions

We use essential cookies to keep you signed in. By default, we don't use tracking cookies, advertising cookies, or analytics that follow you across the web.

We measure anonymous, in-memory product usage (pageviews and named funnel events) so we can understand which features work. This data is not stored in cookies, is not shared with advertisers, and does not follow you across the web. If you accept the consent banner, we additionally enable session replays via PostHog (across the app) and Microsoft Clarity (on public pages) — these set their own analytics cookies and are how we debug specific issues. Declining keeps everything in-memory only.

On our public pages (home, blog, login) we also use Google Analytics 4 to measure traffic, scroll depth, blog post category + slug, and which call-to-action buttons you click. When you sign up, we send a server-side conversion event including your account UUID and your first-touch traffic source (e.g. “google-organic”) so we can measure which marketing channels are working. GA4 is governed by Google's analytics privacy policy and uses Consent Mode v2: if you decline the consent banner, GA4 receives only aggregate behavioural-modelling signals (no client IDs, no personalised ads data).

GA4 processes IP addresses for geolocation only and does not retain them. Event data is kept for 14 months inside GA4 and then deleted.

Daily exports of this GA4 event data are sent to a private BigQuery dataset hosted in Sydney, Australia (australia-southeast1) for internal analysis. The export contains the same event-level data described above, does not include IP addresses, and is accessible only to slrp staff.

7. Data security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS) and secure data storage. No system is perfectly secure, but we take reasonable steps to keep your data safe.

8. Data retention

We keep your data for as long as you have an active account. If you delete your account, we'll delete your personal data within 30 days, except where we're required by law to retain it.

9. Your rights

Under Australian privacy law, you can:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data

10. iPhone app & advertising

slrp is also available as an iPhone app. The iPhone app collects the same account, recipe, and meal-plan data described above, plus a small set of platform-specific data:

  • Crash and performance diagnostics — we use Sentry to receive anonymous crash reports and performance traces so we can fix bugs. No personal content (recipes, meal plans, or messages) is included in these reports.
  • Push notifications — if you opt in, we send push notifications about meal-plan updates from your partner. Push tokens are stored on your device and on our servers; they are never shared with advertisers.
  • App Tracking Transparency (ATT)— slrp does not track you across other companies' apps and websites. We do not present an ATT prompt because we do not require permission to track. Apple's App Privacy details on the App Store reflect this.
  • SKAdNetwork— when you install the iPhone app after seeing one of our ads, Apple's SKAdNetwork framework may report an anonymous, aggregated install signal back to the ad platform. SKAdNetwork does not share your identity or device with us or with advertisers.

The privacy nutrition labels on slrp's App Store listing are kept aligned with this section. If they ever disagree, this policy governs.

11. Advertising and measurement

We run a small amount of paid advertising on Meta (Facebook / Instagram) and Google to help couples discover slrp. To measure whether those ads are working, we share a limited set of conversion signals with the ad platforms:

  • Meta Pixel and Conversions API — when you sign up or take a defined action (for example, completing onboarding), we send a hashed version of your email address and the event name to Meta. The hash is one-way (SHA-256) and is used by Meta only to confirm the conversion came from one of our ads.
  • Google App Campaigns and Firebase — equivalent hashed signals are sent to Google for the same purpose. We do not send Google any of your recipe, meal-plan, or messaging content.
  • First-touch attribution cookies — on first visit, the public site stores a small cookie recording where you came from (UTM tags, click IDs). At sign-up, that cookie is attached to your account once and never updated. Details on the cookies we set are in Section 6.

All of the above is gated by the consent banner you saw when you first visited the site. If you decline, no advertising or measurement data leaves your browser. You can change your choice at any time using the consent control in the footer.

12. Changes

We may update this policy from time to time. If we make significant changes, we'll notify you via email or in-app notice.

13. Contact

Privacy questions or data requests? Contact us at hello@slrp.com.au.

slrp measures anonymous usage so we can improve features. Accept to also help us debug with session replay — that uses cookies from PostHog and Microsoft Clarity. Decline keeps everything cookieless.