Ulam is built with a local-first philosophy. The vast majority of your data (meal plans, bookmarks, recipes, photos) never leaves your device. This page explains the narrow cases where data does cross a network boundary.
1. Data stored on your device
All meal plans, bookmarks, recipes, ingredient lists, and photos you create or save live in a local SQLite database on your iPhone. We do not have a server copy of this data.
2. Anonymous analytics (opt-out)
We use TelemetryDeck for privacy-respecting usage signals (app opens, screen views). It is anonymized at the SDK level. No personal identifiers are sent, and we cannot tie a signal back to you. You can disable this in Settings.
3. Crash reporting (opt-out)
We use Sentry to receive sanitized stack traces when the app crashes. Recipe contents and search queries are never included. You can disable this in Settings.
4. Sharing a recipe (explicit action only)
When you tap Share on a recipe or meal plan and choose to generate a short link (ulam.ph/share/<id>), the following happens:
- The recipe content (title, ingredients, steps, optional notes) and any photos you attached are uploaded to our servers (Vercel Blob and Upstash Redis).
- Your local user id, device identifiers, IP address, and internal UUIDs are not sent. We do not associate shares with you.
- The share is publicly accessible to anyone with the link. It is stored indefinitely so the link does not break.
- You may request takedown of a share at any time. See Terms for the DMCA / removal contact.
If you never tap Share, none of your data is ever sent to our servers.
5. URL preview fetches
When you bookmark a TikTok, blog, or other URL inside the app, Ulam fetches metadata (title, thumbnail) from that site directly from your device. The fetch is identical to opening the URL in Safari.
6. Children
Ulam does not knowingly collect data from children under 13. The app does not require an account.
7. Your rights (RA 10173, PH Data Privacy Act)
Since Ulam stores no personal data centrally, requests for access, correction, or erasure under the Philippine Data Privacy Act generally resolve on-device. For shared recipes (item 4), email privacy@ulam.ph with the share URL and we will remove it within 14 days.
8. Changes
We will note the “updated” date at the top of this page when this policy changes.