1. Information We Collect

1.1 Information You Provide Directly

Account Information

• Email address (required for account creation)
• Display name (optional)
• Password (encrypted and never stored in plain text)
• Profile photo (optional)

Preference Data

• Dietary restrictions (vegetarian, vegan, gluten-free, allergies, etc.)
• Cuisine preferences
• Cooking skill level
• Household size and serving preferences
• Budget constraints

User-Generated Content

• Saved and favorited recipes
• Custom ingredient lists
• Recipe ratings and reviews
• Shared recipes with the community
• Achievement and challenge participation

1.2 Automatically Collected Information

Photos and Image Data

• Important: Photos of your fridge are processed locally on your device using on-device AI
• We never upload, store, or transmit your actual photos to our servers
• Only the text list of detected ingredients is sent to our servers for recipe generation
• Camera roll access is requested only when you choose to upload photos

Usage Data

• Features used and frequency of use
• Search queries (ingredients, recipes)
• Recipe views, saves, and cooking completions
• Time spent in app sections
• Error logs and crash reports (anonymized)

Device Information

• Device type, model, and operating system version
• Unique device identifiers (for analytics only, not for advertising)
• Mobile carrier and network information
• App version and settings
• Language and timezone settings

Location Information (Optional)

• Approximate location (city/region only) for localized recipe suggestions
• You can disable location access anytime in device settings
• We do not track precise GPS coordinates

1.3 Information from Third Parties

Social Media (if you choose to connect)

• Profile information from Apple, Google, or Facebook for simplified login
• We only request email and basic profile data

Payment Information

• Processed entirely by Apple App Store or Google Play Store
• We never see or store your credit card information
• We receive only confirmation of subscription status

2. How We Use Your Information

2.1 Core Service Functionality

✓ Recipe Generation: Use detected ingredients and preferences to create personalized recipes ✓ AI Improvement: Train our ingredient recognition AI (using anonymized data only) ✓ Personalization: Tailor recipe recommendations to your taste, skill level, and dietary needs ✓ Progress Tracking: Save your cooking achievements, challenge progress, and favorite recipes

2.2 Communication

✓ Essential Notifications: Account security, subscription status, service updates ✓ Optional Marketing: New features, recipe suggestions, challenge invitations (opt-out anytime) ✓ Customer Support: Respond to your inquiries and troubleshoot issues

2.3 Analytics and Improvement

✓ Usage Analytics: Understand how users interact with features to improve UX ✓ A/B Testing: Test new features with small user groups ✓ Crash Reporting: Identify and fix bugs ✓ Fraud Prevention: Detect and prevent abuse of our service

2.4 Legal Obligations

We may use or disclose information to:

• Comply with laws, regulations, or legal processes
• Protect rights, property, or safety of CookWins, users, or the public
• Enforce our Terms of Service
• Respond to government or law enforcement requests

3. How We Share Your Information

3.1 We Never Sell Your Data

We do not and will never sell your personal information to third parties.

3.2 Service Providers

We share data with trusted third-party providers who help operate our service:

All providers are contractually bound to protect your data and use it only for specified purposes.

3.3 Community Features

When you share content publicly:

• Your display name and profile photo (if set) are visible
• Shared recipes and reviews are visible to other users
• You can delete shared content anytime

3.4 Business Transfers

If CookWins is acquired or merges with another company, your information may be transferred. We will notify you via email and in-app notice before any transfer.

3.5 Aggregate Data

We may share anonymized, aggregate statistics (e.g., “50,000 users prevented 800,000 lbs of food waste”) for:

• Marketing and PR
• Research partnerships
• Investor reports

This data cannot identify individual users.

4. Data Security

4.1 Security Measures

We implement industry-leading security practices:

🔒 Encryption

• All data transmission uses TLS 1.3 encryption
• Passwords hashed with bcrypt (industry standard)
• Databases encrypted at rest

🔒 Access Controls

• Strict access controls to protect your data
• Regular security audits and updates

🔒 Data Minimization

• We collect only data necessary for service functionality
• Automatic deletion of inactive accounts after 3 years

4.2 Your Responsibility

Please help protect your account:

• Use a strong, unique password
• Don’t share your login credentials
• Log out on shared devices

4.3 Data Breaches

In the unlikely event of a data breach:

• We will notify affected users within 72 hours
• We will report to relevant authorities as required by law
• We will provide guidance on protective measures

5. Your Privacy Rights

5.1 Access and Portability

Right to Access: Request a copy of all data we have about you Right to Portability: Export your data in machine-readable format (JSON)

How to exercise: Contact privacy@cookwins.com with subject “Data Access Request”

5.2 Correction and Deletion

Right to Correction: Update inaccurate information Right to Deletion: Request permanent deletion of your account and data

How to exercise: Settings → Account → Edit Profile or Delete Account

See our Data Deletion Policy for details.

5.3 Marketing Opt-Out

Right to Opt-Out: Unsubscribe from marketing emails and push notifications

How to exercise:

• Email: Click “Unsubscribe” at bottom of any marketing email
• Push: Settings → Notifications → Marketing & Updates (toggle off)

5.4 California Residents (CCPA)

If you’re a California resident, you have additional rights:

• Right to Know: What data we collect and how we use it
• Right to Delete: Request deletion of personal data
• Right to Opt-Out: Opt-out of “sale” of data (note: we don’t sell data)
• Right to Non-Discrimination: Equal service regardless of rights exercised

Contact: privacy@cookwins.com with subject “CCPA Request”

5.5 European Residents (GDPR)

If you’re in the EU/EEA, you have additional rights:

• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing
• Right to Lodge Complaint: File complaint with your data protection authority

Legal basis for processing: Consent, contract performance, legitimate interests

Contact: privacy@cookwins.com with subject “GDPR Request”

5.6 Swiss Residents (FADP)

We comply with the Swiss Federal Act on Data Protection (FADP). If you’re a Swiss resident, you have rights similar to GDPR:

• Right to Access: Request information about what data we process
• Right to Correction: Correct inaccurate data
• Right to Deletion: Request deletion of your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Lodge Complaint: File complaint with the Federal Data Protection and Information Commissioner (FDPIC)

Legal basis for processing: Consent, contract performance, legitimate interests, legal obligations

Contact: privacy@cookwins.com with subject “FADP Request”

6. Data Retention

After retention periods, data is permanently deleted from all systems including backups.

7. Children’s Privacy

CookWins is not intended for children under 13 (or 16 in Europe).

• We do not knowingly collect data from children
• If we discover a child’s account, we will delete it immediately
• Parents: Contact privacy@cookwins.com if you believe your child created an account

8. International Data Transfers

Our servers are primarily located in the United States. If you access CookWins from outside the US:

• Your data may be transferred to and processed in the US
• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We ensure adequate protection as required by GDPR and other regulations

9. Cookies and Tracking Technologies

For details on cookies used on our website, see our Cookie Policy.

Summary:

• Essential cookies: Required for website functionality
• Analytics cookies: Help us improve the website (Google Analytics with IP anonymization)
• Preference cookies: Remember your theme and language settings

You can control cookies via browser settings.

10. Third-Party Links

Our app may link to third-party websites (e.g., app stores, social media). We are not responsible for their privacy practices. Please review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in legal requirements
• New features or services
• Improvements to privacy practices

Notification:

• Minor changes: Updated “Effective Date” at top
• Material changes: Email notification + in-app banner
• Continued use after changes constitutes acceptance

Previous versions available upon request: privacy@cookwins.com

12. Contact Us

Privacy Questions or Requests:

• Email: privacy@cookwins.com
• Subject line: “Privacy Inquiry” or “Data Request”
• Response time: Within 30 days (as legally required)

Mailing Address: CookWins Privacy Officer Alberweg 1 9470 Buchs SG Switzerland

For EU/Swiss residents with data protection inquiries: privacy@cookwins.com