Privacy Policy

1. Information We Collect

We collect various categories of information to provide and improve our Service:

1.1 Information You Provide Directly

Account Information

• Registration Data: Email address, username, password (encrypted), profile picture;
• OAuth Data: If you sign in with Google or Apple, we receive your name, email address, and profile picture as permitted by those services;
• Profile Updates: Any information you add or modify in your profile.

User Preferences

• Dietary Information: Dietary restrictions (vegetarian, vegan, gluten-free, etc.), food allergies, cuisine preferences;
• App Settings: Notification preferences, measurement units, language settings.

User Content

• Images: Food photographs you upload for recipe generation or calorie analysis;
• Recipes: AI-generated recipes, custom recipes, recipe modifications;
• Favorites: Recipes you mark as favorites.

Communications

• Support Requests: Messages you send through customer support;
• Feedback: Product feedback, feature requests, bug reports.

1.2 Information Collected Automatically

Device Information

• Device Identifiers: Unique device ID, advertising identifier (IDFA/GAID if permitted);
• Technical Data: Device type, operating system version, app version, browser type;
• Network Information: IP address, connection type (WiFi/cellular).

Usage Information

• Feature Usage: Which features you use and how often;
• Generation Data: Number and types of recipe generations, calorie analyses;
• Session Data: Session duration, screens viewed, navigation patterns;
• Search Queries: Searches performed within the app.

Location Information

• Approximate Location: Country, region, and city derived from your IP address;
• We do not collect precise GPS location.

1.3 Information from Third Parties

• Authentication Providers: Profile information from Google or Apple when using social sign-in;
• App Stores: Subscription status and purchase information from Apple App Store or Google Play;
• Analytics Services: Aggregated usage data from Firebase Analytics.

1.4 Guest User Data

If you use RecipeAI as a guest (without creating an account):

• Your data is stored locally on your device only;
• We collect limited analytics data (device type, app version, anonymized usage);
• A device identifier is generated to manage usage limits;
• Your data is not synced to our servers and will be lost if you uninstall the app.

2. How We Use Your Information

2.1 Lawful Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

2.2 Specific Uses

Core Service Functionality

• Create and manage your account;
• Authenticate your identity and enable secure access;
• Process your images through AI to generate recipes and nutritional estimates;
• Personalize recipes based on your dietary preferences and allergies;
• Store and sync your recipes, favorites, and settings;
• Enforce usage limits for free and premium tiers.

Subscription and Billing

• Process subscription purchases through Apple App Store or Google Play;
• Manage subscription status, renewals, and cancellations;
• Provide access to premium features based on subscription status.

Service Improvement

• Analyze usage patterns to improve features and user experience;
• Identify and fix bugs and technical issues;
• Develop new features based on user behavior;
• Train and improve our AI models using anonymized, aggregated data.

Communications

• Respond to customer support inquiries;
• Send service-related notifications (usage limits, subscription status);
• Notify you of important changes to Terms or Privacy Policy;
• Send promotional communications (only with your consent).

Advertising

• Display personalized advertisements to free users through Google AdMob;
• Measure advertising effectiveness;
• Premium subscribers are not shown advertisements.

Security and Legal

• Detect and prevent fraud, abuse, and security threats;
• Enforce our Terms of Service;
• Comply with legal obligations and respond to lawful requests.

3. How We Share Your Information

3.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

• In response to valid legal process (subpoenas, court orders, warrants);
• To comply with applicable laws and regulations;
• To protect the rights, property, or safety of HomeApps, our users, or others;
• To enforce our Terms of Service;
• In connection with legal claims or investigations.

3.3 Business Transfers

If HomeApps is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

3.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you for research, analytics, or business purposes.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

4. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption;
• Encryption at Rest: Data stored in our databases is encrypted using AES-256;
• Password Security: Passwords are hashed using bcrypt with individual salts;
• Access Controls: Strict role-based access controls for our systems;
• Infrastructure Security: Hosted on Google Cloud Platform with enterprise-grade security;
• Monitoring: Automated monitoring for security threats and suspicious activity;
• Regular Audits: Periodic security reviews and vulnerability assessments.

5.2 Your Responsibility

You are responsible for maintaining the security of your account credentials. We recommend:

• Using a strong, unique password;
• Not sharing your login credentials;
• Enabling device-level security (passcode, biometrics);
• Notifying us immediately of any suspected unauthorized access.

5.3 Data Breach Notification

In the event of a data breach affecting your personal information:

• We will notify affected users via email within 72 hours of discovery (as required by GDPR);
• Notification will include the nature of the breach and types of data affected;
• We will provide recommendations for protecting your account;
• We will notify relevant regulatory authorities as required by law.

6. Your Privacy Rights

6.1 Rights for All Users

Regardless of your location, you have the following rights:

• Access: Request a copy of your personal information;
• Correction: Update or correct inaccurate information;
• Deletion: Delete your account and associated data;
• Data Portability: Export your data in a machine-readable format;
• Opt-Out of Marketing: Unsubscribe from promotional communications;
• Notification Control: Manage push notification preferences.

6.2 European Economic Area, UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR:

• Right to Access: Obtain confirmation of processing and a copy of your personal data;
• Right to Rectification: Correct inaccurate or incomplete data;
• Right to Erasure: Request deletion of your data ("right to be forgotten");
• Right to Restriction: Limit how we process your data in certain circumstances;
• Right to Data Portability: Receive your data in a structured, machine-readable format;
• Right to Object: Object to processing based on legitimate interests or for direct marketing;
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing;
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@recipe-ai.io. We will respond within 30 days (may extend to 60 days for complex requests with notice).

6.3 California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You have the right to request disclosure of:

• Categories of personal information collected;
• Sources of personal information;
• Business purposes for collection;
• Categories of third parties with whom we share data;
• Specific pieces of personal information collected about you.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (legal obligations, security, completing transactions).

Right to Correct

You have the right to request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing

Right to Limit Use of Sensitive Personal Information

We only use sensitive personal information (dietary restrictions, allergies) as necessary to provide the Service and do not use it for purposes that would require offering a limitation option.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information as defined by CCPA:

• Identifiers: Email address, username, device identifiers, IP address;
• Personal Information (Cal. Civ. Code 1798.80): Name;
• Internet or Network Activity: App usage, browsing history, search queries;
• Geolocation Data: Approximate location from IP address;
• Sensory Data: Food photographs you upload;
• Inferences: Preferences and characteristics derived from usage.

Exercising Your California Rights

To submit a verifiable consumer request, contact us at:

• Email: privacy@recipe-ai.io
• Subject Line: "California Privacy Request"

We will verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

6.4 Other Jurisdictions

Depending on your location, you may have additional privacy rights under local laws. Contact us at privacy@recipe-ai.io to learn about rights applicable in your jurisdiction.

7. International Data Transfers

RecipeAI is operated from the United States, and your data is primarily stored in the United States.

7.1 Transfers Outside Your Country

If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

7.2 Safeguards for International Transfers

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms with our service providers;
• Adequacy Decisions: Where applicable;
• Supplementary Measures: Additional technical and organizational safeguards.

By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

8. Children's Privacy

• Age Requirement: You must be at least 13 years old to create an account or use the Service;
• No Knowing Collection: We do not knowingly collect, use, or disclose personal information from children under 13;
• Parental Notification: If we learn that we have collected personal information from a child under 13, we will take steps to delete that information immediately;
• Parental Rights: If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@recipe-ai.io.

For users aged 13-17, we recommend parental or guardian involvement in account creation and use of the Service.

9. Cookies and Tracking Technologies

9.1 Technologies We Use

• Cookies: Small text files stored on your device (web only);
• Device Identifiers: Unique identifiers assigned to your device;
• Analytics SDKs: Firebase Analytics embedded in the app;
• Advertising SDKs: Google AdMob for displaying and measuring ads (free users).

9.2 Types of Tracking

• Essential: Required for authentication, security, and core functionality;
• Analytics: Understanding usage patterns and improving the Service;
• Advertising: Displaying and measuring advertisement effectiveness (free users only).

9.3 Your Choices

• Browser Cookies: Configure your browser to block or delete cookies;
• Mobile Advertising ID: Reset or limit ad tracking in your device settings:
  • iOS: Settings > Privacy & Security > Tracking
  • Android: Settings > Privacy > Ads
• App Tracking Transparency (iOS): When prompted, choose whether to allow tracking;
• Premium Subscription: Upgrade to premium to disable all advertising and ad-related tracking.

10. Third-Party Links

The Service may contain links to third-party websites, services, or content. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or business operations:

• Notification: Material changes will be communicated through the Service, email, or prominent notice;
• Effective Date: Changes take effect on the "Effective Date" posted above;
• Continued Use: Your continued use of the Service after changes constitutes acceptance;
• Review: We encourage you to review this policy periodically;
• Prior Versions: Previous versions are available upon request.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries

• Email: support@recipe-ai.io
• Website: https://recipe-ai.io

Privacy-Specific Requests

• Email: privacy@recipe-ai.io
• Subject Line: Include "Privacy Request" or specify your request type
• Response Time: We will respond within 30 days

Account Deletion

• In-App: Use the "Delete Account" feature in Settings
• Web: Visit our Account Deletion page
• Email: Contact support@recipe-ai.io

13. Data Controller Information

For purposes of data protection laws, the data controller responsible for your personal information is:

• Company: HomeApps
• Service: RecipeAI
• Email: privacy@recipe-ai.io
• Website: https://recipe-ai.io

14. Supplemental Terms for Mobile Applications

14.1 Apple App Store

If you download RecipeAI from the Apple App Store:

• Apple collects certain information as described in Apple's Privacy Policy;
• In-app purchase and subscription data is processed by Apple;
• We receive subscription status information from Apple but not your payment details.

14.2 Google Play Store

If you download RecipeAI from the Google Play Store:

• Google collects certain information as described in Google's Privacy Policy;
• In-app purchase and subscription data is processed by Google;
• We receive subscription status information from Google but not your payment details.