Privacy Policy

Last updated: 2026-05-18

This Privacy Policy explains how LetsCookIt ("we", "us", "our") collects, uses, protects, and shares your information when you use the LetsCookIt mobile app and related services. By using LetsCookIt, you agree to the practices described below.

1. Information We Collect

We collect information in the following categories:

Information you provide directly: email address, date of birth, username, display name, profile picture, bio, and recipes you create (titles, ingredients, steps, photos, tags, and cook/prep times).

Account activity: likes, bookmarks, follows, comments, reports you file, search history, and notification preferences — all visible to you in the app and used to operate features such as the personalized feed.

Device data: push notification tokens for the devices you sign in on, so we can deliver notifications you have opted into.

Diagnostic data (crash reports): When the app crashes or encounters an unhandled error, we collect a stack trace, your device model, operating system version, app version, and a small set of recent in-app actions ("breadcrumbs") to help us diagnose and fix the issue. Crash payloads are automatically scrubbed of email addresses, authentication tokens, and other identifying strings before being sent. This data is processed by Sentry GmbH on our behalf (see Section 7).

Product analytics: We collect events that describe how you interact with the app — for example, when you view a recipe, start cooking, post a comment, or perform a search. Each event is associated with your user identifier (a random UUID generated when you signed up — never your email or name) and includes only IDs, counts, and basic flags (e.g., whether a search included a tag filter). We do not send recipe titles, comment bodies, search queries, or other free-text content. This data is processed by PostHog Inc. on our behalf (see Section 7).

The diagnostic and analytics data above is used solely to keep the app stable and to understand which features are working — never for advertising, and never sold to third parties.

2. Device Permissions

LetsCookIt requests the following device permissions:

• Camera: We access your camera solely to allow you to take photos for your recipes and profile picture. We do not capture, record, or store any photos without your explicit action.
• Photo Library: We access your photo library only when you explicitly choose to select a photo for a recipe or profile picture. We do not access or store any photos beyond what you select.
• Notifications: We send push notifications to inform you of activity on your account (likes, comments, follows, and cooking timers). You can manage or disable notifications at any time in the app settings or your device settings.

No permission data is shared with third parties or used for advertising purposes.

3. Personal Information We Protect

Your personal information that we protect includes: your email address (used for authentication and account recovery), password (stored only as a salted hash — we never have access to your plain-text password), date of birth (collected during registration for age verification and legal compliance — stored securely and only accessible by you and authorized personnel when required for legal purposes), and any private account settings you configure. Your public information (username, display name, profile picture, bio, and recipes you post publicly) is visible to other users by design.

4. How We Protect Your Information

We protect your personal information through: secure authentication via Supabase (industry-standard auth provider), encrypted password storage (your password is hashed and never stored in plain text), secure HTTPS connections for all data transmission, Row Level Security (RLS) policies ensuring users can only access and modify their own data, and regular security audits of our database policies.

5. How We Secure Your Information

Your data is secured using: Supabase's enterprise-grade infrastructure with automatic backups, a PostgreSQL database with Row Level Security enforced at the database level, secure cloud storage for images with access controls, session-based authentication with automatic token refresh, and rate limiting to prevent abuse and protect against automated attacks.

6. How We Use Your Information

We use your information to:

• Provide and operate the service (showing you recipes, processing your posts, sending notifications you opted into).
• Personalize your experience (the home feed algorithm uses your follows, likes, and tag interests).
• Keep the app stable and secure (diagnostic data from Section 1).
• Understand which features are working and which need improvement (product analytics from Section 1). Aggregated metrics from analytics also inform our decisions about when to launch new features.
• Communicate with you about important updates, security notices, and product changes.
• Detect, investigate, and prevent fraud, abuse, or violations of our Terms.

We do not use your information for advertising and we do not sell it.

7. Information Sharing & Third-Party Service Providers

We do not sell your personal information. We share data only with the service providers we rely on to operate the app, and where required by law.

A current list of our service providers — what data they receive, where they store it, and links to their own privacy policies — is maintained in our Subprocessors document, available on request via support@letscookit.app. At the time of this Policy's last update, our service providers include:

• Supabase Inc. — database, authentication, and image storage (EU region).
• Sentry GmbH — crash reporting and diagnostics (EU region).
• PostHog Inc. — product analytics (US region).
• Expo (650 Industries, Inc.) — push notification delivery and build infrastructure.
• Google LLC / Apple Inc. — push notification transit to your device (FCM / APNs).

Each of these providers is bound by contractual data-processing terms and uses your data only on our instructions.

In addition:

• Other users: your public profile and the recipes you post publicly are visible to other users of the app.
• Legal compliance: we may disclose information if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of our users or others.

8. Data Security

We implement administrative, technical, and physical safeguards to protect your information. However, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password for your account and to keep your sign-in credentials confidential. If we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.

9. Data Deletion

You can delete your account and personal data at any time from inside the app. When you delete your account, all your personal data is permanently removed from our systems — including your profile, recipes, likes, bookmarks, follows, blocks, comments, notifications, and push tokens. This process is irreversible.

For step-by-step instructions, see Delete Your Account and Delete Your Data.

Diagnostic events (Sentry) and analytics events (PostHog) tied to your user identifier are retained on those platforms according to their own data-retention policies (typically 30–90 days for diagnostics, up to 7 years for aggregated analytics), but are not joined to your other personal data after deletion.

Recipes you have saved from other users may also be removed if those users delete their accounts or recipes.

If your account is suspended or banned, you cannot sign in, and therefore cannot delete the account yourself for the duration of the suspension or ban. This is an intentional safeguard that prevents a banned user from evading enforcement by deleting and re-creating an account. You may still request deletion by emailing support@letscookit.app; we will action your request, subject to retaining the minimum information needed to enforce the suspension or ban and to prevent further abuse.

10. Data Retention During App Updates

As LetsCookIt evolves, we may add, update, or remove features. While we make every effort to preserve your data during these changes, we cannot guarantee that all information will be retained during major updates or changes to the app's structure.

11. Moderation Records

When you report content or another user, and when a moderator takes action — restricting, suspending, or banning an account, or removing a recipe or comment — we record the report and the moderation action, including the reason, in our systems.

If a moderation action affects your account or content, we may show you the reason for it — for example, in an in-app banner, or on the sign-in screen if your account can no longer sign in. Where sign-in is blocked, the reason may be shown to anyone who attempts to sign in to that account.

These records are retained so we can enforce our Terms, review appeals, and prevent repeat abuse.

12. Your Rights

You can access, update, or delete your account information at any time through the app settings:

• Access and update your profile via Profile → Edit Profile.
• Delete your account and personal data via Profile → Settings → Delete Account.
• Export your data as a JSON file via Profile → Privacy Settings → Download My Data.
• Opt out of diagnostic data by disabling crash reporting in the Privacy section of app settings (defaults to on).
• Opt out of product analytics by disabling analytics in the Privacy section of app settings (defaults to on).
• Withdraw consent for non-essential processing by adjusting your settings or deleting your account.

If you live in a jurisdiction with additional rights under GDPR, CCPA, or similar laws (rights to access, rectify, delete, restrict processing, data portability, or object to processing, and the right to lodge a complaint with a data protection authority), you may exercise those rights by emailing support@letscookit.app.

13. Children's Privacy

LetsCookIt is not intended for children under 13. We do not knowingly collect personal information from children under 13. During registration we ask for date of birth to verify age. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@letscookit.app.

14. International Users

LetsCookIt is operated using infrastructure provided by the service providers listed in Section 7. By using the app, you understand that your information may be processed and stored in countries other than your own, which may have different data protection laws.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you in-app. Your continued use of LetsCookIt after changes take effect means you accept the updated policy.

16. Contact

For privacy-related questions or requests, contact us at support@letscookit.app. You can also reach us through the Contact Us option in the app menu.