Personalization stays focused
Dietary preferences, allergies, cuisine preferences, cooking goals, and related profile signals are used to operate Cookie's personalization layer and recommendation features.
Cookie does not sell personal information, does not provide advertisers access to personal data, and does not send protected profile records to public AI model providers for personalization.
Cookie is an AI-powered home cooking companion that helps people decide what to cook, use ingredients before they expire, organize pantry inventory, and cook with confidence.
This Privacy Policy describes how Cookie collects, uses, discloses, stores, protects, and deletes personal information when you use our apps, websites, AI cooking assistant, recipe features, pantry tools, reminders, subscriptions, support channels, and related services.
Cookie is not a grocery delivery company, food delivery platform, nutrition diagnosis service, weight-loss program, medical platform, healthcare provider, or emergency service. Nutrition information, recipes, cooking suggestions, and AI responses are informational and may not be suitable for every person, allergy, medical condition, ingredient, appliance, or kitchen.
Dietary preferences, allergies, cuisine preferences, cooking goals, and related profile signals are used to operate Cookie's personalization layer and recommendation features.
When third-party AI models are used, Cookie sends only the minimum contextual information needed to answer the request.
Cookie does not sell personal information and does not build advertising profiles for third-party advertisers.
You can request access, correction, deletion, portability, restriction, objection, withdrawal of consent, appeal, or complaint where applicable.
We collect different information depending on how you use Cookie, what you choose to provide, your device settings, your subscription status, and the features available in your region. We do not collect every item from every user.
| Category | Examples | Purpose |
|---|---|---|
| Account | Email address, display name, optional profile image, account creation date, account status. | Create your account, identify you in the app, provide support, and maintain account continuity. |
| Authentication | Email sign-in data, Google Sign-In data, Apple Sign-In data, login method, tokens, security events. | Authenticate users, protect accounts, detect suspicious access, and prevent abuse. |
| Profile and onboarding | Name, age, height, weight, dietary preference, allergies, cuisine preferences, cooking goals, household preferences. | Personalize recipes, home-screen recommendations, pantry suggestions, reminders, and cooking experiences. |
| Pantry and inventory | Ingredients, quantities, units, expiry dates, freshness status, manual edits, deletions, low inventory signals. | Track ingredients, reduce food waste, recommend recipes from inventory, and send relevant reminders. |
| Recipe and cooking activity | Saved recipes, favorites, recipe history, cooking sessions, step progress, recipe scaling, macros, calories, protein, fat, carbohydrates, difficulty, cooking time. | Operate recipe features, remember progress, support recommendations, and improve product quality. |
| AI conversations and search | Ask Cookie prompts, mood-based requests, occasion-based requests, substitution questions, technique questions, generated responses, feedback, safety signals. | Respond to requests, maintain AI quality and safety, detect misuse, and troubleshoot issues. |
| Notifications | Push tokens, reminder preferences, expiry alerts, low inventory reminders, quiet hours, opt-in or opt-out state. | Send reminders you request and avoid sending reminders you have disabled. |
| Subscriptions and payments | Subscription status, plan, trial state, renewal state, entitlement records, app-store receipt references, payment processor references. | Provide paid features, manage subscriptions, process refunds, prevent fraud, and maintain financial records. |
| Device and diagnostics | Device type, operating system, app version, language, region, anonymous device identifiers, crash reports, performance diagnostics, feature flags. | Keep Cookie reliable, fix bugs, measure performance, and understand compatibility. |
| Usage analytics | Feature usage, screen views, session duration, referral source, aggregate trends, experiment assignment. | Improve onboarding, prioritize features, understand product health, and identify confusing flows. |
| Security logs | Authentication events, fraud signals, abuse reports, IP-derived approximate location, rate limits, audit logs. | Protect users, secure infrastructure, investigate abuse, and enforce our terms. |
| Support and feedback | Support interactions, screenshots you provide, feedback, feature requests, beta participation, survey responses, email delivery metadata. | Respond to you, resolve issues, improve Cookie, and document support outcomes. |
Some information, including allergies, dietary preferences, health-related goals, age, height, and weight, may be considered sensitive in some jurisdictions. Cookie uses this information only for the features and personalization you request, subject to applicable law and available controls.
Cookie performs personalization primarily on the user's device through Cookie's proprietary recommendation engine, ranking algorithms, embeddings, and vector database.
Profile information such as dietary preferences, allergies, cuisine preferences, and cooking goals is processed for personalization inside Cookie. This profile information is not transmitted to third-party AI providers for personalization.
Cookie may still sync account, subscription, backup, support, security, and operational data when needed to provide the service, maintain continuity, prevent abuse, or comply with law. We design those systems to minimize unnecessary transfer of sensitive profile details.
Cookie uses proprietary AI systems and third-party AI models, including providers such as OpenAI, Anthropic, and additional providers that may change over time. AI features include Ask Cookie, recipe discovery, substitutions, cooking techniques, step-by-step assistance, weather-aware recommendations, and future voice-capable guidance.
Cookie never intentionally transmits these items to third-party AI providers as part of a model request: names, email addresses, account identifiers, authentication credentials, user profile records, dietary preferences, allergies, cuisine preferences, cooking goals, or complete pantry inventories tied to an identifiable user.
Only the minimum contextual information necessary to answer a request is transmitted. For example, a model request may include the cooking question you typed, the current recipe step, the ingredient name you entered, or the immediate substitution context. Whenever technically feasible, requests are anonymized, personally identifiable information is removed, identifiers are stripped, and prompts are minimized.
Cookie contractually requires AI providers to process information only to provide AI functionality and related operational support. Cookie does not knowingly use personally identifiable customer information to train foundation AI models. You should avoid entering highly sensitive personal information in AI conversations.
Cookie uses personal information to provide, maintain, personalize, secure, analyze, and improve the service. We use information to:
We may create aggregated or de-identified information that cannot reasonably identify you. We may use that information for analytics, safety, research, reporting, business planning, and service improvement. If we maintain de-identified information, we take reasonable steps designed to avoid re-identification except where permitted by law for security or validation.
Where privacy laws require a legal basis, Cookie relies on the basis that fits the feature and jurisdiction.
We process data to provide Cookie, operate accounts, deliver requested features, manage subscriptions, and respond to support.
We rely on consent where required for optional profile fields, sensitive preferences, notifications, marketing, cookies, analytics, or AI features.
We process data for security, fraud prevention, diagnostics, analytics, product improvement, and service reliability when those interests are not overridden by user rights.
We process data for tax, accounting, consumer protection, privacy requests, legal claims, law enforcement responses, and regulatory obligations.
For India, processing may depend on consent, certain legitimate uses, or other lawful grounds recognized by the Digital Personal Data Protection Act and applicable rules. Actual bases may vary by feature, location, implementation, and applicable law.
Cookie shares information only as needed to operate the service, comply with law, protect users, support business operations, or complete a transaction you request. Cookie does not sell personal information and does not provide advertisers access to personal data.
| Service category | Why it may receive data | Data minimization approach |
|---|---|---|
| Authentication | Account sign-in and identity verification. | Limited account and login data. |
| Cloud hosting, CDN, infrastructure, monitoring, and logging | App operation, performance, reliability, backups, and security. | Operational data limited by role, retention, and access controls. |
| Analytics, crash reporting, and performance diagnostics | Reliability, product quality, and aggregate usage insights. | Prefer aggregated, pseudonymous, or diagnostic data where practical. |
| Push notifications | Expiry reminders, low inventory reminders, cooking alerts, and service notices. | Tokens and message metadata needed to deliver requested notifications. |
| Payment processing and subscription billing | Paid features, entitlements, renewals, refunds, and fraud prevention. | Payment references and receipt data rather than full card storage by Cookie. |
| AI providers | Answer cooking requests, generate recommendations, and support AI functionality. | Minimum task context, stripped identifiers, no protected profile record transmission for personalization. |
| Email delivery and customer support | Support replies, notices, rights requests, complaints, and account communications. | Contact details and request content needed to respond. |
| Fraud prevention and security | Abuse detection, account protection, payment protection, and security response. | Security signals, logs, and limited account identifiers where needed. |
Vendors may change over time. We require service providers to process personal information under appropriate contractual, security, and confidentiality obligations. We may also disclose information for legal process, safety, enforcement, or business transfers such as financing, merger, acquisition, reorganization, bankruptcy, or sale of assets.
We retain personal information for as long as reasonably necessary to provide Cookie, maintain accounts, support subscriptions, fulfill the purposes described in this policy, comply with law, resolve disputes, enforce agreements, protect security, prevent abuse, and maintain business records.
Account, profile, pantry, recipe, cooking history, subscription, and personalization data may be retained while your account is active and needed for Cookie features.
We delete or de-identify user-controlled data unless retention is required or permitted for legal, security, tax, accounting, fraud-prevention, dispute, backup, or operational reasons.
Backup copies and security logs may remain for limited periods under ordinary rotation and are restricted from routine access.
Depending on where you live and how you use Cookie, you may have rights to access, correction, deletion, portability, restriction, objection, withdrawal of consent, appeal, complaint, and information about automated decision-making. Rights may be subject to verification, legal limits, exceptions, and regional differences.
To exercise rights, use in-app controls where available or email support@cookie.kitchen. We may verify your identity, account control, and authorization before responding. We aim to respond within timelines required by applicable law.
You may have rights under the GDPR, UK GDPR, Swiss law, and related rules. International transfers may rely on adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, vendor safeguards, supplementary measures, or another lawful transfer mechanism.
California residents may have rights under the CCPA as amended by the CPRA, including rights to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive-information uses, and non-discrimination. Cookie does not sell personal information or provide advertisers access to personal data. If practices change in a way that triggers opt-out rights, we will provide required notices and controls.
Cookie aims to process digital personal data consistently with the Digital Personal Data Protection Act, 2023 and applicable rules as they take effect. Depending on implementation and law, users may have rights to access information about processing, correction, completion, updating, erasure, grievance redressal, nomination, and withdrawal of consent.
Where the Australian Privacy Principles, PIPEDA or substantially similar Canadian laws, or Singapore's Personal Data Protection Act apply, Cookie aims to honor applicable access, correction, consent, complaint, accountability, safeguard, and transfer principles.
We use technical and organizational measures designed to protect personal information. No system is completely secure, but we work to reduce risk and respond responsibly.
We use HTTPS, TLS, and encryption or equivalent safeguards where appropriate for sensitive data.
We apply least privilege, authentication controls, role-based access, administrative restrictions, and review practices.
We use logs, alerts, diagnostics, and monitoring to detect reliability, abuse, and security events.
We use secure software development practices, vendor review, backups, incident response planning, and business continuity measures.
If we identify a security incident affecting personal information, we will investigate, mitigate harm, and notify affected users or regulators where required by law.
Cookie is designed for general audiences who manage cooking, recipes, and kitchen inventory. It is not directed to children under the age required by applicable law to use online services without parental consent. We do not knowingly collect personal information from children in violation of applicable law.
If you believe a child provided personal information without appropriate consent, contact us. Parents and guardians should supervise children's use of cooking technology, heat, knives, appliances, ingredients, and allergy-sensitive foods.
For privacy questions, rights requests, account deletion, complaints, appeals, or security concerns, contact Cookie:
Please include enough information for us to understand and verify your request. Do not send highly sensitive information by email unless necessary.