Privacy Policy for Cooking Journal App

1. INTRODUCTION

This Privacy Policy describes how Cooking Journal App ("we," "our," or "us") collects, uses, and shares information when you use the Cooking Journal App mobile application (the "App").

By downloading, accessing, or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

THE APP IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. WE RESERVE THE RIGHT TO MODIFY THIS PRIVACY POLICY AT ANY TIME. YOUR CONTINUED USE OF THE APP AFTER CHANGES CONSTITUTES ACCEPTANCE OF THE UPDATED POLICY.

2. DATA CONTROLLER AND PROCESSORS

For the purposes of data protection laws (including GDPR and CCPA):

• Cooking Journal acts as the "Data Controller" for personal data you provide
• Firebase (Google LLC) acts as a "Data Processor" handling data on our behalf
• RevenueCat acts as a "Data Processor" for subscription management

Firebase's privacy practices are governed by Google's Privacy Policy: https://policies.google.com/privacy

RevenueCat's privacy practices are governed by their Privacy Policy: https://www.revenuecat.com/privacy

3. INFORMATION WE COLLECT

We collect the following types of information:

A. ACCOUNT INFORMATION (when you create an account):

• Email address (if you sign up with email)
• Display name and profile photo (if you sign in with Google or Apple)
• Authentication provider information (Google, Apple)
• Unique user ID (automatically generated)

B. COOKING DATA (stored locally and synced to cloud):

• Recipe information (titles, descriptions, ingredients, cooking steps)
• Cooking session records (notes, timestamps, ratings, summaries)
• Photos you upload (recipe photos, session photos, step-by-step photos)
• Voice recordings (if you use voice logging features)
• Text transcriptions (if you enable voice-to-text features)
• Collections and organizational data
• Custom preferences

C. DEVICE INFORMATION:

• Device identifier (for multi-device sync management)
• Device name, platform (iOS/Android/Web), and app version
• Operating system version
• IP address (automatically collected when connecting to Firebase)
• Approximate geographic location (country/region level, derived from IP address)

D. USAGE DATA:

• Features you use within the App
• AI feature usage (for rate limiting and quota management)
• Subscription status and purchase history (processed by RevenueCat)

E. AI-GENERATED CONTENT:

• Recipe generation prompts you submit
• Recipe scaling requests
• Ingredient suggestions
• Voice transcription requests

F. NOTIFICATION DATA:

• Local notification preferences (timer alerts scheduled on your device)
• Note: Notifications are local-only and do not use remote push notification servers or collect device tokens

G. TECHNICAL DATA (if applicable):

• Error logs and crash reports (to diagnose and fix app issues)
• Performance data (app load times, feature response times)
• App usage patterns (to understand which features are most useful)

Note: We do not collect analytics or tracking data for advertising purposes. If this changes in the future, we will update this policy.

We may collect additional information necessary for the App's functionality and to improve our services.

4. HOW WE USE YOUR INFORMATION

We use the collected information for the following purposes:

• To provide core App functionality (recipe management, cooking session logging)
• To enable cloud synchronization of your data across devices
• To authenticate your account and manage access
• To process AI-powered features (recipe generation, ingredient suggestions, transcription, nutrition estimation, recipe scaling etc)
• To manage your subscription and premium features
• To enforce device limits and prevent unauthorized access
• To improve and optimize the App's performance and features
• To comply with legal obligations and enforce our Terms of Service
• For other legitimate business purposes

Your data is processed based on:

• Your consent (when you create an account or use AI features)
• Contractual necessity (to provide services you requested)
• Legitimate interests (to improve the App and prevent abuse)
• Legal obligations (to comply with applicable laws)

5. DATA SHARING AND THIRD-PARTY SERVICES

We share your information with the following third-party service providers:

A. FIREBASE (GOOGLE LLC) - Cloud Infrastructure:

• Firebase Authentication (for user accounts)
• Firebase Firestore (for cloud data storage)
• Firebase Storage (for photo backups)
• Firebase Functions (for AI processing)

Privacy Policy: https://policies.google.com/privacy

B. GOOGLE GEMINI AI - Recipe Generation:

• Your recipe prompts and requests are sent to Google's Gemini AI
• Used for recipe generation, scaling, and ingredient suggestions

Privacy Policy: https://policies.google.com/privacy

C. REVENUECAT - Subscription Management:

• Processes in-app purchases and subscription status
• Manages premium feature access

Privacy Policy: https://www.revenuecat.com/privacy

D. AUTHENTICATION PROVIDERS:

• Google Sign-In (if you use Google authentication)
• Apple Sign-In (if you use Apple authentication)

E. LEGAL DISCLOSURES:

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF THESE THIRD-PARTY SERVICES. PLEASE REVIEW THEIR PRIVACY POLICIES INDEPENDENTLY.

6. DATA STORAGE AND SECURITY

A. LOCAL STORAGE:

• Your data is stored locally on your device using AsyncStorage
• You can use the App entirely offline without creating an account

B. CLOUD STORAGE (OPTIONAL):

• If you create an account, your data is backed up to Firebase Firestore
• Photos are stored in Firebase Storage
• Data is stored on Google's servers (region determined by Firebase configuration)

C. SECURITY MEASURES:

We strive to protect your information using commercially reasonable security measures, including:

• Encryption in transit (HTTPS/TLS)
• Firebase security rules to isolate user data
• Device-based authentication and access controls

HOWEVER, NO METHOD OF ELECTRONIC STORAGE OR TRANSMISSION IS 100% SECURE. WE CANNOT GUARANTEE ABSOLUTE SECURITY OF YOUR DATA. YOU ARE RESPONSIBLE FOR MAINTAINING THE SECURITY OF YOUR ACCOUNT CREDENTIALS AND DEVICE.

7. DATA RETENTION

We retain your information for as long as necessary to:

• Provide the App's services
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Fulfill other legitimate business purposes

If you delete your account and cloud data, we will delete your information from active databases within a reasonable timeframe. However, some information may be retained in backups for a limited period as required for disaster recovery purposes.

Firebase/Google may retain data according to their own retention policies.

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

A. RIGHT TO ACCESS:

Request a copy of the personal data we hold about you.

B. RIGHT TO RECTIFICATION:

Correct inaccurate or incomplete information via the App's editing features.

C. RIGHT TO DELETION ("Right to be Forgotten"):

Request deletion of your account and all associated data via the "Wipe Cloud Data" feature in App Settings.

D. RIGHT TO DATA PORTABILITY (GDPR):

Request your data in a portable format for transfer to another service.

E. RIGHT TO WITHDRAW CONSENT:

You may delete your account at any time. For anonymous usage, simply uninstall the App.

F. RIGHT TO OPT-OUT OF SALE (CCPA):

We do not sell your personal information.

TO EXERCISE YOUR RIGHTS:

• For data deletion: Use the "Wipe Cloud Data" feature in the App
• For data access or portability: Email cookingjournalapp@gmail.com

We will respond to requests within 30 days (GDPR) or 45 days (CCPA).

CALIFORNIA RESIDENTS: You have the right to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share information for such purposes.

9. CHILDREN'S PRIVACY

The App is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us immediately and we will delete such information.

10. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction.

By using the App, you consent to the transfer of your information to other countries. We rely on Firebase's compliance mechanisms, including Standard Contractual Clauses (SCCs), for GDPR-compliant data transfers.

11. COOKIES AND TRACKING TECHNOLOGIES

The App does not use cookies or tracking technologies for advertising or analytics purposes. Authentication tokens and device identifiers are used solely for App functionality and user authentication.

12. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. When we make changes, we will update the "Last Updated" date at the top of this policy.

For material changes (such as changes to data sharing practices or new third-party services), we may provide additional notice through the App or other reasonable means. However, it is your responsibility to review this Privacy Policy periodically.

Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should stop using the App and delete your account.

13. DATA SECURITY DISCLAIMER

While we implement reasonable security measures to protect your personal information, no method of electronic storage or transmission is 100% secure. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• WE DO NOT GUARANTEE THE ABSOLUTE SECURITY, AVAILABILITY, OR ACCURACY OF YOUR DATA
• WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS, DATA BREACHES, OR DATA LOSS CAUSED BY THIRD PARTIES OR CIRCUMSTANCES BEYOND OUR REASONABLE CONTROL
• YOU ARE RESPONSIBLE FOR MAINTAINING THE SECURITY OF YOUR ACCOUNT CREDENTIALS AND BACKING UP YOUR OWN DATA
• WE ARE NOT LIABLE FOR ANY DAMAGES RESULTING FROM THE LOSS, CORRUPTION, OR UNAUTHORIZED ACCESS TO YOUR DATA

For general limitations of liability regarding use of the App, please refer to our Terms of Service.

14. CONTACT INFORMATION

For privacy-related questions, data requests, or concerns, please contact:

Email: cookingjournalapp@gmail.com
Developer: Aydar Gilmullin

For data access requests, please allow up to 30 days for a response.

15. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy is governed by and construed in accordance with the laws of Japan, without regard to its conflict of law principles.

Any disputes arising from or relating to this Privacy Policy or your use of the App shall be subject to the exclusive jurisdiction of the courts of Japan.

Notwithstanding the above, we will comply with applicable data protection laws (including GDPR and CCPA) regardless of governing law.