Privacy Policy

1. Overview

This Privacy Policy explains how Cookit handles information when you use the Cookit iOS app, the Cookit share extension, Cookit Pro subscriptions, and related support pages.

Cookit helps you turn recipe links, captions, pasted text, photos, screenshots, videos, product photos, notes, and cooking questions into recipe cards and cooking help. Cookit is designed to store your saved recipes, shopping list, notes, images, preferences, and app settings locally on your device. Cookit does not create user accounts and does not sell personal information.

Cookit uses AI features. When you use those features, the relevant input is sent to Cookit backend services on Cloudflare and to Google Gemini so the requested recipe, product scan, or AI Chef answer can be generated. Do not submit sensitive, confidential, medical, or private information that you do not want processed for this purpose.

2. Short Summary

3. Information Stored Locally on Your Device

Cookit stores the following information locally so the app can work without an account:

• Saved recipes, including title, summary, source URL, source platform, servings, prep time, cook time, difficulty, ingredients, steps, tags, storage tips, substitution tips, safety notes, favorite status, creation date, and update date.
• Estimated nutrition values, including calories, protein, carbohydrates, fat, fiber, and whether the nutrition is estimated.
• Recipe notes that you type in a saved recipe.
• Shopping list items, including item name, quantity, unit, category, checked status, creation date, and source recipe title.
• Recipe images and thumbnails saved by the app in local app storage.
• Your Cookit profile and preferences, such as cooking skill, diet goal, measurement units, preferred language, allergies you choose to enter, recipe sources, app goals, food likes, preferred cooking time, and cooking frequency.
• Onboarding completion, notification preference, and the local count of free AI uses.
• Pending shared links or text from the Cookit share extension until the main app reads and removes the pending import.

Local recipe images are written with iOS file protection when saved. If you uninstall Cookit, iOS normally removes the app's local data.

4. Information You Choose to Provide for AI Features

Cookit processes the information needed for the AI action you start:

• Recipe generation from text: pasted recipe text, captions, notes, ingredients, meal ideas, or similar text you enter.
• Recipe generation from links: the URL you enter or share, plus source metadata Cookit may fetch from that page, such as page title, description, caption, platform, preview image URL, and related public preview images.
• Recipe generation from media: selected photos, screenshots, or up to six extracted JPEG frames from a selected video or slideshow. Images are resized to a maximum dimension of about 1280 pixels and compressed before processing.
• Fridge scan or image-based recipe ideas: selected food or ingredient photos and any text you enter with them.
• Product scan: the product or food photo you choose or take with the camera, converted to JPEG, plus the image MIME type.
• AI Chef: the saved recipe details and your cooking question, plus relevant preferences used to personalize the answer.
• Cookit profile preferences sent with AI requests: cooking skill, diet goal, units, preferred language, allergies you entered, recipe sources, goals, food likes, cooking time, and cooking frequency.
• Subscription context: your anonymous RevenueCat app user ID may be sent with AI requests so the backend can check Cookit Pro status and enforce free-use limits.

5. How AI Requests Travel

Cookit uses the following production data flow for AI features:

1. You start an AI action in Cookit.
2. The app prepares the relevant text, URL metadata, photo, screenshot, video frames, product image, recipe details, preferences, and anonymous RevenueCat app user ID.
3. The app sends the request over HTTPS to the Cookit backend API hosted on Cloudflare Workers.
4. The backend may verify your Cookit Pro entitlement with RevenueCat, enforce rate limits, and reserve a free AI use if you are not subscribed.
5. For URL imports, the app and/or backend may fetch public metadata from the linked site. The linked website may receive a request from your device or from Cookit's backend infrastructure.
6. The backend sends the prompt and relevant attachments to Google Gemini API, currently using gemini-2.5-flash-lite.
7. Google Gemini returns generated content to the backend.
8. The backend returns the generated recipe, product scan result, or AI Chef answer to the app.
9. If you choose to save the result, Cookit stores it locally on your device.

The backend API routes used by Cookit include /api/generate-recipe, /api/scan-product, and /api/ai-chef.

6. Cookit Backend Processing

The Cookit backend is hosted on Cloudflare Workers. It receives the AI request body, validates request size, checks allowed origins when configured, can require an API access token, applies rate limiting, and forwards only the information needed for the AI feature to Google Gemini.

Cookit does not intentionally store the full text, photos, videos, video frames, recipes, AI Chef questions, or Gemini responses in a Cookit database. The backend does maintain free-use enforcement data for non-subscribers. That data is stored as a SHA-256 hash of the RevenueCat app user ID together with a completed-use count, using Cloudflare Durable Objects or KV depending on backend configuration.

Cloudflare may process technical and network information needed to operate the backend, such as IP address, request routing information, request timing, status code, endpoint, and security or operational logs. Cookit Worker observability is used for reliability and debugging. Cookit backend logs are intended to avoid storing raw AI request content. Parse failure logs record the context and response length, not the full AI response text.

7. Google Gemini Processing

Cookit uses Google Gemini API to generate recipes, analyze food and product images, process selected video frames, and answer AI Chef questions. The model configured in the app and backend is currently gemini-2.5-flash-lite.

The information sent to Gemini may include prompts created by Cookit, your text input, recipe links and metadata, selected photos or screenshots, selected video frames, product photos, saved recipe details, AI Chef questions, preferences, allergy text you entered, and generated output. Google may also process technical usage information necessary to operate and secure the Gemini API.

Google states in its Gemini API terms that paid Gemini API prompts, files, and responses are not used to improve Google products, and that prompts and responses may be logged for a limited period for safety, abuse prevention, and required legal or regulatory disclosures. Google's handling depends on the Gemini API terms, account configuration, region, and billing status that apply at the time of processing.

If Cookit or its backend were configured to use unpaid Gemini API services, Google may use submitted content and generated responses to provide, improve, and develop Google products and machine learning technologies according to Google's Gemini API terms. For that reason, do not submit sensitive, confidential, medical, or private information to Cookit AI features.

Cookit does not use your submissions to train its own AI model.

8. Purchases and Subscriptions

Cookit Pro subscriptions are handled through Apple in-app purchase and RevenueCat. Apple processes the payment transaction through your Apple Account. Cookit does not receive your full payment card number.

RevenueCat may process subscription and purchase information, including your anonymous RevenueCat app user ID, Apple receipt data, product identifiers, active subscription product IDs, entitlement status, transaction history, app/device technical information needed for purchases, and last-seen app activity. Cookit uses this information for app functionality, purchase validation, fraud prevention, restoring purchases, enabling Cookit Pro, enforcing free usage limits, and subscription analytics in RevenueCat dashboards.

Cookit Pro uses the entitlement ID cookit_pro and the configured product identifiers monthly and yearly. Product names, durations, and prices are shown by Apple and RevenueCat in the purchase flow.

9. Camera, Photos, Videos, and Notifications

Cookit asks for camera access only when you choose to take a product or food photo. Cookit asks for photo library access only when you choose to select a photo or video from your library or when you choose an action that requires saving to your photo library. The app processes only the media you select or capture for the feature you start.

Cookit may ask for notification permission if you choose to be notified when recipe generation is finished. These are local iOS notifications used to tell you that a recipe is ready. Cookit does not use notification permission for advertising.

10. Support Emails

If you contact support, we receive the email address you use, the contents of your message, and any app details you choose to include. Cookit's support email template may include the app name, app version, and bundle identifier. Do not include sensitive information in support emails unless it is necessary for your request.

11. Information We Do Not Use

Cookit does not knowingly collect or use the following unless you voluntarily include it in recipe content, a photo, a screenshot, a link, or a support message:

• Precise location.
• Contacts or address book.
• Health records.
• Calendar events.
• Microphone audio.
• Advertising identifiers.
• Third-party advertising data.
• Account username or password, because Cookit does not create accounts.

12. Why We Use Information

• To generate recipes from your text, links, photos, screenshots, videos, and product photos.
• To answer cooking questions through AI Chef.
• To save and organize recipes, recipe images, notes, tags, and shopping list items locally.
• To personalize recipe output using the preferences you choose.
• To validate subscriptions, restore purchases, and unlock Cookit Pro.
• To enforce free AI use limits and protect the backend from abuse.
• To fetch public metadata from recipe links so generated recipes match the source better.
• To provide support and respond to privacy requests.
• To maintain security, reliability, and performance of the app and backend.

13. Sharing With Service Providers

Cookit shares information only as needed to provide the app and its features:

14. Tracking, Advertising, and Selling Data

Cookit does not sell personal information. Cookit does not share personal information for cross-app or cross-website advertising tracking. Cookit does not use IDFA. Cookit does not include a third-party advertising SDK.

RevenueCat subscription dashboards may provide subscription analytics, such as purchase and entitlement information. Cloudflare may provide operational logs and security or traffic information. These are used for app functionality, security, reliability, and subscription operations, not third-party advertising.

15. Retention

• Local recipes, shopping list items, notes, local images, preferences, notification preferences, and local free-use count remain on your device until you delete them, delete all local data, or uninstall the app.
• Pending share extension imports remain in the shared app container until Cookit reads and removes the pending import or until local data is deleted.
• The Cookit backend does not intentionally keep a database of AI prompts, media, generated recipes, or AI Chef answers.
• The backend may keep a hashed RevenueCat app user ID and completed free-use count to enforce the free AI limit.
• Cloudflare, Google, RevenueCat, Apple, and linked websites may retain data according to their own policies and legal obligations.
• Support emails are retained as long as reasonably needed to respond, maintain records, resolve disputes, and comply with legal obligations.

16. Deletion and Privacy Choices

Cookit does not create an account, so most data deletion is handled on your device.

• To delete a recipe, delete it inside the app.
• To delete shopping list items, delete them inside the app.
• To delete recipes, shopping list items, local recipe images, preferences, and the local free-use counter, open Settings > Data > Delete all local data.
• To stop notifications, disable recipe generation notifications in Cookit or in iOS Settings.
• To stop photo or camera access, change permissions in iOS Settings.
• To manage or cancel subscriptions, use your Apple Account subscription settings.
• To request help with backend, support, or privacy questions, email support@soldra.lt.

Because Cookit does not have user accounts, we may not be able to locate backend or provider records from your email address alone. We may ask for limited information needed to find or verify a request.

17. Security

Cookit uses HTTPS for network requests to the backend and third-party services. Local image files are written using iOS complete file protection where supported. Backend secrets, such as Google AI and RevenueCat API keys, are configured as server-side secrets and are not intended to be bundled in the production app.

No method of transmission or storage is perfectly secure. You are responsible for avoiding sensitive information in recipe inputs, photos, screenshots, videos, links, AI Chef questions, and support emails.

18. International Processing

Cookit and its service providers may process information in the United States, the European Economic Area, and other countries where Cloudflare, Google, RevenueCat, Apple, or their service providers operate. These countries may have data protection laws different from those where you live.

19. Children

Cookit is not directed to children. Because Cookit uses Google Gemini API for AI features, Cookit's AI features are intended for users who are at least 18 years old. Do not use Cookit AI features if you are under 18.

If you believe a child has provided personal information to Cookit, contact support@soldra.lt.

20. Your Rights

Depending on where you live, you may have rights to access, delete, correct, restrict, object to, or receive a copy of certain personal information. Because Cookit does not create accounts and stores most app data locally, many rights can be exercised directly in the app by deleting local data or changing permissions. You may contact support for additional requests.

21. App Store Privacy Disclosure Summary

Cookit's App Store privacy disclosures should match the actual app behavior. Based on the current app implementation, Cookit may collect or process the following data types for app functionality and, for RevenueCat purchase history, subscription analytics:

• Photos or videos, when you choose media for AI recipe generation or product scans.
• Other user content, such as pasted recipe text, links, captions, recipe notes, shopping list items, AI Chef questions, and generated recipe content.
• Purchase history, processed through Apple and RevenueCat for subscription functionality, entitlement validation, restore purchases, fraud prevention, and subscription analytics.
• An anonymous user identifier, such as the RevenueCat app user ID, used for subscription status and free-use limit enforcement.
• Diagnostics or operational data may be processed by service providers as part of network, security, and backend operation.

Cookit does not use these data types for third-party advertising tracking.

22. Third-Party Policies

You can review the policies and terms for providers used by Cookit:

• Cloudflare Privacy Policy
• Google Gemini API Additional Terms
• Google Privacy Policy
• RevenueCat Privacy Policy
• Apple Privacy Policy

23. Changes

We may update this Privacy Policy when Cookit changes, when service providers change, or when legal requirements change. The updated policy will be posted on this page with a new effective date.

24. Contact

For privacy or support questions, contact support@soldra.lt.