Privacy Policy

Effective Date: April 18, 2026

This Privacy Policy describes how cookfor. ("cookfor.," "we," "us," or "our") collects, uses, and shares information when you use the cookfor mobile application and related services (the "App"). The categories described in Section 1 correspond to the data types disclosed in our App Store privacy label.

1. Information We Collect

Account and Identifiers

  • Email address and name
  • Unique user, device, and analytics identifiers assigned by Supabase (account ID) and PostHog (analytics ID)

User Content

  • Ingredients you enter into the App
  • Dietary preferences and restrictions, including allergies and medically-motivated diets
  • Cuisine preferences and spice tolerance settings
  • Saved recipes and favorites
  • Feedback on AI-generated recipes and chat responses (thumbs up/down reactions and optional free-text comments)

Purchases

  • Subscription status, purchase history, and receipt metadata, processed via RevenueCat and the Apple App Store or Google Play
  • We do not receive or store your full payment card details

Usage Data

  • Screens viewed, features used, session length, and interaction patterns, collected via PostHog

Diagnostics

  • Crash logs, performance metrics, and error reports

Approximate Location

  • City-level location, only when you grant permission, used at the time of a weather request to personalize meal planning
  • Location is sent to Open-Meteo without your account identifier and is not stored alongside your account. We do not collect precise (GPS) location.

Dietary restrictions, allergy information, and other health-related details may constitute sensitive personal information under applicable law. See Section 7 for how we handle sensitive data.

2. How We Use Your Information

We use the information we collect for the following purposes, relying on the legal bases listed below (where GDPR or UK GDPR applies):

  • Provide, maintain, and operate the App — performance of a contract
  • Generate recipe suggestions from your ingredients and preferences — performance of a contract
  • Process subscription transactions — performance of a contract
  • Send technical notices and support messages — legitimate interest and performance of a contract
  • Analyze usage to improve algorithms and fix bugs — legitimate interest
  • Process dietary restrictions, allergies, and health-related preferences — your explicit consent (Art. 9 GDPR)
  • Fetch local weather using approximate location — your consent
  • Send marketing communications, where offered — your consent

You may withdraw consent at any time by contacting us at support@cookfor.app or, for location, by revoking the permission in your device settings. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

AI-Generated Content

cookfor. recipe suggestions and chat responses are generated by artificial intelligence using Anthropic's Claude API. When you request a recipe or send a chat message, your ingredients, preferences, and any feedback text are sent to Anthropic through Supabase Edge Functions. Anthropic does not use Claude API inputs or outputs to train its models. Anthropic may retain API content for a limited period for abuse monitoring purposes in accordance with its usage policies.

AI output can be inaccurate — always verify cooking times, temperatures, and allergens before cooking. cookfor. does not guarantee recipe safety or accuracy.

3. Data Sharing and Sub-processors

We work with trusted third-party service providers to operate the App:

  • Supabase — hosting, database, and authentication
  • Anthropic — AI recipe and chat generation (receives ingredients, preferences, and feedback text via Supabase Edge Functions)
  • RevenueCat — subscription receipt validation and payment processing
  • PostHog — product analytics, diagnostics, and error tracking
  • Open-Meteo — weather forecasts for meal planning (receives approximate location only, without account identifiers)
  • Google — Sign in with Google (OAuth)
  • Apple — Sign in with Apple (OAuth)

We do not sell or share (as those terms are defined under the California Privacy Rights Act) your personal information, and we do not use your personal information for cross-context behavioral advertising. We may disclose anonymized, aggregated data that cannot reasonably be used to identify you for research and product improvement. We may also disclose personal information if required by law, legal process, or to protect the rights, property, or safety of cookfor., our users, or others.

4. International Data Transfers

cookfor. is operated from the United States, and our sub-processors are located in the United States and the European Union. If you access the App from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions that may have data protection laws different from those in your country.

For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards, including the Standard Contractual Clauses approved by the European Commission and, where our sub-processors are certified, the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions).

5. Data Retention

We retain your information only as long as necessary for the purposes described in this policy:

  • Account information — while your account is active, and deleted within 30 days after account deletion, except where retention is required by law.
  • User content (ingredients, preferences, saved recipes, feedback) — deleted with your account within 30 days.
  • Purchase and subscription records — retained for up to 7 years to comply with tax and financial record-keeping obligations.
  • Usage data and diagnostics — retained in identifiable form for up to 12 months, after which the data is aggregated or deleted.
  • Approximate location — used at the time of a weather request and not stored alongside your account.
  • Aggregated and de-identified feedback — retained indefinitely to improve recipe quality. Free-text comments are stripped of account identifiers before long-term retention.

6. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Opt out of marketing communications

Residents of the EEA, United Kingdom, and Switzerland

In addition to the rights above, you have the right to:

  • Restrict or object to certain processing of your personal data
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection supervisory authority

California Residents

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), California residents have the right to:

  • Know the categories and specific pieces of personal information we collect, use, disclose, and retain
  • Delete personal information we hold about you
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share)
  • Limit the use and disclosure of sensitive personal information
  • Non-discrimination for exercising your CCPA rights

The categories of personal information we collect, the sources from which we collect them, and the business purposes for which we use and disclose them are described in Sections 1–3. Retention periods for each category are described in Section 5. We collect personal information directly from you and from the sub-processors listed in Section 3.

To exercise any of these rights, contact us at support@cookfor.app. We will respond within the timelines required by applicable law. You may also designate an authorized agent to submit requests on your behalf; we may require verification of the agent's authority.

7. Sensitive Personal Information

Dietary restrictions, allergies, and other health-related information you provide are treated as sensitive personal information under the CCPA and as special category data under the GDPR and UK GDPR. We collect and use this information only with your explicit consent and solely to generate recipes and meal plans that meet your dietary needs. We do not use or disclose sensitive personal information beyond what is necessary to provide the App, and we do not sell or share it.

8. Children's Privacy

cookfor. is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@cookfor.app and we will promptly delete the information and terminate the associated account.

9. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS), encryption at rest for stored data, role-based access controls, and periodic security reviews of our sub-processors. No method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach affecting your information, we will notify affected users and applicable regulators as required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the effective date. For material changes that affect users in the EEA or United Kingdom, we will seek your renewed consent where required by law. Your continued use of the App after changes take effect constitutes acceptance of the updated policy, except where additional consent is required.

11. Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, contact us at support@cookfor.app.