CookNow

CookNow – Privacy Policy

Last updated: 8 June 2025

This Privacy Policy explains how famwa – c/o Alexa Wagner (“we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use the CookNow mobile application (the “App”). By downloading or using the App, you acknowledge that you have read and understood this Privacy Policy.

1. Key Points at a Glance

  • No account needed. You can use CookNow without registering or creating a profile.
  • Minimal data. We collect only what is necessary to run and improve the App, manage subscriptions, and meet our legal duties.
  • Optional photos. If you choose to upload a food photo for ingredient recognition, the image is sent to the OpenAI API only for your request and is not stored on our servers.
  • Subscription management. RevenueCat® and Apple handle all payments; we receive only non‑identifying transaction metadata.
  • Your rights. As an EU user you have full GDPR rights: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent.

2. Data Controller & Contact

famwa – c/o Alexa Wagner
Thierschstrasse 51
80538 Munich, Germany
Email: privacy@cooknow.app

Data‑protection officer. Under Art. 37 GDPR/§38 BDSG our business is not required to appoint a DPO. All privacy enquiries should be sent to the address above.

3. What Data We Collect

We collect four categories of data:

Device & App‑Usage Data – e.g. device model, iOS version, time‑zone, language, crash logs, and anonymised analytics events. We use this to ensure the App works, diagnose bugs, and improve features. Legal basis: legitimate interest in keeping the service stable and secure (Art. 6 (1)(f)).

Subscription Metadata – your subscription status, plan type, renewal dates (via RevenueCat), and Apple‑provided transaction identifiers (non‑identifying). We need this to unlock paid features and provide support. Legal basis:performance of a contract (Art. 6 (1)(b)).

Photo Content (optional) – images you upload for ingredient recognition. They are forwarded to the OpenAI API, processed, and then discarded; no copy is kept on our servers. Legal basis: your consent (Art. 6 (1)(a)).

User Communications – emails or messages you send us. Used solely to answer enquiries and troubleshoot issues. Legal basis: legitimate interest (Art. 6 (1)(f)).

We do not collect full payment‑card numbers, Apple‑ID credentials, precise location data, or any health data you do not explicitly provide.

Statutory/contractual requirement. Providing photos is optional; if you do not, ingredient recognition will not work. Subscription metadata is required to deliver paid features. All other data is voluntary but certain functions may not operate without it.

4. How We Use Your Data

  1. Provide core functions (ingredient recognition & AI‑generated recipes).
  2. Manage subscriptions and verify entitlements.
  3. Improve and secure the App via aggregated analytics and crash logs.
  4. Respond to support requests and enforce our Terms & Conditions.
  5. Comply with bookkeeping, tax, and other legal obligations.

We do not use your personal data for advertising or share it with advertisers.

5. AI & Third‑Party Processing

5.1 OpenAI API (USA)

  • Your photo and text prompt are transmitted to OpenAI, L.L.C. for one‑off processing.
  • OpenAI does not use your data to train its models.
  • No photo is stored on our servers; only the ingredient list and recipe text are returned to your device.

5.2 RevenueCat (USA)

  • Manages subscription status using anonymised transaction identifiers supplied by Apple. No payment details reach us.

5.3 Apple In‑App Purchases (EU)

  • Apple Distribution International Ltd. processes all payments. We never see your payment‑card details.

5.4 International Transfers & Safeguards

Where data is sent to the United States (OpenAI, RevenueCat) we rely on Standard Contractual Clauses (SCCs) and, where applicable, their certification under the EU–US Data Privacy Framework. Copies of the SCCs are available on request.

6. Data Retention

  • Subscription metadata: kept for the life of your subscription and up to 10 years thereafter to meet German accounting rules.
  • Photos: never stored on our servers; remain only on your device unless you delete them.
  • Analytics logs: anonymised and retained for 24 months.
  • Support emails: retained for 18 months after the ticket is closed.

Data may be kept longer if required by law or to establish or defend legal claims.

7. Your Rights under the GDPR

You may:

  • Access your personal data;
  • Rectify inaccuracies;
  • Erase data (“right to be forgotten”);
  • Restrict or object (Art. 21 (1)) to processing based on legitimate interest;
  • Obtain data portability;
  • Withdraw consent at any time (affects future processing only).

Requests should be sent to privacy@cooknow.app. We reply within 30 days.

8. Children

CookNow is not intended for children under 16 years. We do not knowingly collect data from children. If you believe a child has provided personal data, contact us so we can delete it.

9. Security Measures

We apply industry‑standard safeguards such as:

  • TLS encryption in transit;
  • Secure Enclave & Keychain storage for subscription tokens on‑device;
  • Least‑privilege access controls for staff;
  • Regular security and penetration tests.

No system is 100 % secure; you use the Service at your own risk.

10. Automated Decision‑Making

We do not perform automated decision‑making or profiling that produces legal or similarly significant effects on you.

11. Push Notifications & TTDSG Device Access

With your device‑level consent CookNow may send you push notifications (e.g. recipe reminders). You can disable them in iOS Settings → Notifications. The App does not store or read tracking identifiers or cookies on your device beyond what is strictly necessary to provide the Service (§ 25 (2) TTDSG).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in‑app or via email (if provided). Continued use of the App after changes take effect constitutes acceptance.

13. Contact & Complaints

Questions? Email privacy@cooknow.app or write to the address above. You also have the right to lodge a complaint with your local supervisory authority; in Bavaria‑South it is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).