Last updated: 3 May 2026
We want to be honest about what we collect and why. This page is the long version. The summary table below tells you everything in 30 seconds.
"Budget Dinner Recipes" / "we" / "us" refers to the operators of budgetdinner.recipes. For data-protection enquiries you can contact us via the contact form.
| What | Why | Who sees it | Need consent? |
|---|---|---|---|
| Session cookie (PHPSESSID) | Keeps you signed in. Without it, you can't log in or stay logged in. | Only us. Set with HttpOnly; Secure; SameSite=Lax. |
No (strictly necessary). |
| Your country, derived from your IP address | Two purposes: (1) determining which cookie-consent regime applies to you (legitimate interest, no consent needed); (2) once you've given functional consent, showing recipe costs in your local currency and routing Amazon links to your country's Amazon site. | Your IP is sent to api.country.is (a third-party IP-to-country geolocation service, with ipwho.is as fallback). The result is cached on our server for 24 hours (compliance) / 1 hour (currency). | Compliance lookup: no consent needed (legitimate interest). Currency display: functional cookies — you can opt out (we'll default to UK). |
| Affiliate click data (IP, browser, referring page) | Aggregate analytics — which ingredients drive the most clicks, which countries our visitors come from. Stored in our own database. | Only us. Never sold or shared. | Analytics cookies — opt-in. |
| Amazon affiliate cookies (set by Amazon, not us) | Standard Amazon affiliate tracking — when you click an ingredient link and buy something, Amazon credits the sale to us. The cookie is theirs, not ours. | Amazon. Subject to Amazon's privacy notice. | Marketing cookies — opt-in (controls the affiliate links being shown). |
| Account data (email, username, hashed password) | So you can sign in, post recipes, leave reviews, save favourites. | Only us. Passwords stored using bcrypt one-way hashing. | You opt in by signing up. |
| Contact form messages | So we can reply to you. | Only us. | You opt in by submitting the form. |
On your first visit you'll see a consent banner. You can choose to accept all categories, reject everything except strictly necessary cookies, or pick categories individually. You can change your choice any time via the Cookie Preferences link in the footer.
Under your state's privacy laws (CCPA / CPRA / VCDPA / CPA / CTDPA / UCPA), you have the right to:
We do not sell your personal information. The Amazon affiliate links are the closest thing to "sharing": when you click one, Amazon sees the click. To opt out, decline the Marketing category in the consent banner — ingredient links will display without affiliate tags.
Under UK GDPR / GDPR you have the right to:
Lawful bases we rely on: consent (for non-essential cookies); contract (for the account features you sign up to); legitimate interest (for site security and fraud prevention, with minimal data).
HTTPS everywhere with HSTS, modern TLS, secure-flagged session cookies, bcrypt password hashing, CSRF protection on all forms, server-side input validation, content security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy), regular ClamAV virus scans on uploaded files, and a kernel firewall (UFW) with allowlist-only inbound traffic. We're not a bank but we take basic hygiene seriously.
This site is not directed at children under 13 (or under 16 in the EU). We don't knowingly collect data from them. If you believe a child has signed up, please tell us and we'll delete the account.
We'll update this page with a new "last updated" date when we make material changes. Significant changes (like adding a new tracking technology) will trigger a fresh consent banner.
Privacy questions? Get in touch. We aim to reply within 7 days, and within 30 days for any formal data-subject access requests.
Choose what you're comfortable with. Strictly-necessary is always on — the site can't work without it. See full policy.