Privacy Policy of Cookara

Welcome to the privacy policy of Cookara. This policy explains how we process Personal Data in our mobile application specialized in recipe management and recipe-related calculations.

Latest update: March 31, 2026

Owner and Data Controller: Pavlo Stepura - sw. Wincentego 128/29, Warsaw, Mazovian, Poland

Owner contact email:[email protected]

Summary

Data we collect automatically

We automatically collect data from you, for example when you use the Cookara mobile application.

Trackers
Usage Data
Device information
Number of sessions
Session duration
Operating systems
Universally unique identifier (UUID)
Crash data

Trusted third parties help us process this data, including Google Ireland Limited, Google LLC, and RevenueCat, Inc.

We use this data for infrastructure monitoring and, where required by law, for analytics only with your consent.

Users are asked separately in the app whether they want to enable analytics. This choice can be changed later in app privacy settings.

Our analytics are limited to aggregate product usage metrics for service improvement purposes, such as counts of logins, sign-in provider usage, and item create/delete actions, together with similar in-app interaction counts.

Data you give to us

We collect the data you give to us, for example when you create an account on Cookara.

Email address
Password
Google account data (name, email address, profile image)
Apple account data (name and email address, where provided by Apple)
User-created recipes, ingredients, planner entries, and groceries
Recipe documents submitted for AI import (images, PDFs, or text)
PDF files attached to recipes

This content is treated as user intellectual data. It remains private to your account, is not shared with other users through the app, and is used only to provide your personal Cookara experience.

Passwords are handled by Firebase Authentication. Cookara does not store plaintext passwords.

We may use your email address to notify you about updates to our Terms and Conditions and this Privacy Policy.

Owner and Data Controller

Pavlo Stepura - sw. Wincentego 128/29, Warsaw, Mazovian, Poland

Owner contact email: [email protected]

Types of Data we collect

Among the types of Personal Data that this Application collects, by itself or through third parties, there are:

Trackers
Usage Data
Device information
Number of sessions
Session duration
Operating systems
Universally unique identifier (UUID)
Crash data
Email address
Password
Google account data (name, email address, profile image)
Apple account data (name and email address, where provided by Apple)
User-created recipes, ingredients, planner entries, and groceries
Recipe documents submitted for AI import (images, PDFs, or text)
PDF files attached to recipes

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services.

In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or functioning of the Service.

Users who are uncertain about which data is mandatory are welcome to contact the Owner.

This Application uses mobile app tracking technologies (for example SDK identifiers and similar tools) used by this Application and third-party services to provide the Service required by the User, in addition to other purposes described in this document.

This Application does not provide social feeds, public profiles, messaging, or other in-app user-to-user interaction features. User content is not shared between users through the app.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Data.

Data processing is carried out using computers and IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

As Cookara is operated by an individual developer, access to Personal Data is primarily limited to the Owner for app operation and support. Where needed, Data may also be processed by external third-party service providers (for example hosting, infrastructure, analytics, authentication, storage, subscription management, and support tools) acting as Data Processors on behalf of the Owner.

The updated list of these parties may be requested from the Owner at any time.

Place

Data is processed at the Owner's operating offices and in other places where the parties involved in processing are located. Depending on your location, Data transfers may involve transfer to another country.

International data transfers

Some providers used by Cookara process Data outside the EU/EEA, including in the United States. Where required by applicable law, such transfers are carried out using appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures implemented by the provider.

Examples of providers that may involve international transfers include Google services (Firebase, Vertex AI, Crashlytics, Analytics) and RevenueCat.

Retention time

Personal Data is processed and stored for as long as required by the purpose it was collected for. Unless a longer period is required by law, Cookara applies the following retention approach:

Account and authentication data: retained while the account is active and deleted or anonymized within 30 days after account deletion, unless legal obligations require longer retention.
User-created content (recipes, ingredients, planner entries, groceries, uploaded images): retained until account deletion and then removed from active systems; backup copies are removed within up to 30 days.
Crash and technical diagnostics data: typically retained up to 90 days for troubleshooting and service reliability.
Analytics data: retained up to 14 months, where analytics is enabled.
Subscription and transaction records: retained as required for legal, tax, and accounting obligations (typically up to 10 years).
AI import data: recipe documents are processed in real-time and not retained after processing; monthly usage counters are retained with the account.
PDF attachments: retained until removed by the User or until the associated recipe or account is deleted.

The purposes of processing

Data concerning the User is collected to provide the Service, comply with legal obligations, respond to enforcement requests, protect rights and interests, detect malicious or fraudulent activity, and for the following purposes:

Analytics
Infrastructure monitoring
Registration and authentication
User content management and sync
Server-side logic and API operations
File storage for user-uploaded images
Subscription and purchase management
Freemium plan-limit enforcement and premium entitlement checks
Service communications about legal and policy updates
AI-assisted recipe import and ingredient matching
PDF attachment storage for recipes

Detailed information on the processing of Personal Data

Analytics

These services allow the Owner to monitor and analyze in-app usage and track User behavior inside the mobile application.

In the EU/EEA, analytics is enabled only after separate user consent in the app and can be withdrawn at any time in app privacy settings.

Service: Google Analytics for Firebase (for apps)
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Device information, related usage data, and aggregate counts of created items (recipes, ingredients, planner entries, groceries) used only for service improvement

User content management and sync

This service area stores and synchronizes user-created content required for core app functionality.

Data processed: User recipes, ingredients, planner entries, groceries, and related metadata
Data ownership note: This content is user intellectual data provided and controlled by the User
Visibility: This data is private to each user account and is not shared with other users through the app

Infrastructure monitoring

These services allow the Application to monitor use and behavior of components so that performance, maintenance and troubleshooting can be improved.

Service: Crashlytics
Company: Google LLC
Place of processing: United States
Personal Data processed: Crash data and related technical data

Registration and authentication

By registering or authenticating, Users allow this Application to identify them and provide access to dedicated services.

Service: Firebase Authentication
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Email address, password (where applicable), and related authentication data
Supported sign-in methods: Email and password, Google Sign-In, Sign in with Apple
Additional social sign-in data: Name, email address, and profile image (where provided by the identity provider)
Apple Sign In note: Apple may provide a private relay email address instead of a personal email, and may not provide the user's name after initial authorization.

Server-side logic and API operations

These services execute backend application logic required to deliver features and process requests securely.

Service: Firebase Functions
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: Usage Data, device information, identifiers, and data submitted in requests as required to provide the Service

File storage for user-uploaded images

These services store and serve files uploaded by Users, including images related to user content.

Service: Firebase Storage
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: User-uploaded files (including images), file metadata, and technical usage data

AI-assisted recipe import

Cookara offers an optional AI-assisted recipe import feature. When a User chooses to use this feature, the Application processes user-submitted recipe documents (images, PDFs, or text) to extract structured recipe data (ingredients, instructions, yield) and match extracted ingredient names against the User's personal ingredient dictionary.

AI is used as a utility tool — it performs optical character recognition (OCR), structured data extraction, and semantic ingredient name matching. It does not generate creative content, make autonomous decisions, or profile Users.

Service: Firebase Vertex AI (Gemini)
Company: Google Ireland Limited
Place of processing: Ireland (with potential international transfer via Google infrastructure)
Personal Data processed: Recipe documents submitted by the User (images, PDF files, or text), extracted recipe text, and a lightweight projection of the User's ingredient dictionary (name and identifier only)
Data not sent: Authentication credentials, email addresses, user IDs, or any data unrelated to the recipe import request

Automated decision-making: The AI feature assists the User by suggesting structured data and ingredient matches. All results are presented to the User for review and editing before being saved. No fully automated decisions with legal or significant effects are made.

Data retention: Recipe documents are processed in real-time by the Vertex AI API and are not stored by the Application after processing. Google's data processing terms for Firebase Vertex AI apply to data handled by the API.

Usage limits: AI import usage is subject to monthly limits based on the User's subscription tier. Usage counts are stored in the User's account.

Opt-in nature: This feature is entirely optional. Users who do not use AI import do not have any data sent to the AI service.

PDF attachment storage

Users may optionally attach a PDF document to a recipe for personal reference (e.g., original recipe printouts, scanned cookbook pages). This feature is available to paid-tier subscribers.

Service: Firebase Storage
Company: Google Ireland Limited
Place of processing: Ireland
Personal Data processed: PDF files selected and uploaded by the User, file metadata (file name, file size), and associated recipe identifier
Storage: PDF files are stored in Firebase Storage under the User's account and are private to that account. Each recipe may have one attached PDF (max 10 MB)

Data retention: PDF attachments are retained until the User removes them or deletes the associated recipe. When a recipe is deleted, its PDF attachment is also deleted. Upon account deletion, all attachments are removed with other user content.

Local caching: Downloaded PDFs are cached on the User's device for faster access. The cache is managed automatically and does not transmit data to third parties.

Subscription and purchase management

Cookara uses a freemium model: Users can use the app for free up to certain usage limits and can purchase a subscription to unlock higher limits or premium functionality.

These services help manage in-app subscriptions, purchases, plan-limit enforcement, and entitlement status through Apple App Store and Google Play billing systems.

Service: RevenueCat
Company: RevenueCat, Inc.
Place of processing: United States
Payment processors/platforms: Apple App Store and Google Play
Personal Data processed: Purchase events, subscription status, app user identifiers, store transaction identifiers and receipts/tokens, device information, and usage data related to billing and entitlement operations

Further Information for Users in the European Union

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

Provision of Data is necessary for the performance of an agreement with the User and/or pre-contractual obligations.
Processing is necessary for compliance with a legal obligation to which the Owner is subject.
Processing is necessary for the purposes of legitimate interests pursued by the Owner (including bug fixing, infrastructure monitoring, fraud prevention, and service improvement).
Processing is based on User consent where consent is required by law (for example, optional analytics in the EU/EEA).
Processing for AI-assisted recipe import and PDF attachment storage is based on the User's explicit action of initiating the feature (contract performance / service delivery).

Further information about retention time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on Users' consent.

Personal Data collected for contract performance is retained until the contract has been fully performed.
Personal Data collected for legitimate interests is retained as long as needed to fulfill such purposes.
Where consent is used for optional features, Data may be retained until consent is withdrawn.
The Owner may retain Personal Data longer where required to fulfill a legal obligation or upon order of an authority.

Rights under GDPR

Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following, to the extent permitted by law:

Withdraw consent at any time.
Object to processing of their Data.
Access their Data.
Verify and seek rectification.
Restrict the processing of their Data.
Have their Personal Data deleted or otherwise removed.
Receive their Data and have it transferred to another controller.
Lodge a complaint.

Details about the right to object to processing

Where Personal Data is processed for legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation.

How to exercise these rights

Users can delete their account directly in the app. Any other requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law.

Additional information about Data collection and processing

Application scope

Cookara is a mobile application for recipe creation, recipe-related calculations, planning, and grocery management. The app is designed for private personal use and does not include user-to-user interaction features.

Legal action

The User's Personal Data may be used for legal purposes by the Owner in court or in stages leading to possible legal action arising from improper use of this Application or related services.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Application and third-party services may collect files that record interaction with this Application and use other Personal Data, such as IP address.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

Children's privacy

Cookara is not directed to children under the age of 13, and we do not knowingly collect Personal Data from children under 13. If we become aware that such data has been provided, we will delete it.

Where a higher minimum age applies under local law (including in parts of the EU/EEA), Users must meet that age requirement or have valid parental authorization as required by law.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, where technically and legally feasible, within the Application.

Definitions and legal references

Personal Data: Any information that allows the identification or identifiability of a natural person.

Usage Data: Information collected automatically through this Application or third-party services used by this Application.

User: The individual using this Application.

Data Subject: The natural person to whom the Personal Data refers.

Data Processor: The natural or legal person processing Personal Data on behalf of the Controller.

Data Controller (Owner): The person or entity determining purposes and means of processing Personal Data.

This Application: The means by which the Personal Data of the User is collected and processed.

Service: The service provided by this Application.

EU: References include EU and EEA member states unless otherwise specified.

Tracker: Any technology used in a mobile application that enables analysis or monitoring of app usage.

Artificial Intelligence (AI): Technology used by this Application as a utility tool to assist with structured data extraction and matching from user-submitted recipe documents. AI is not used for profiling, autonomous decision-making, or content generation beyond the recipe import feature.

Legal information: This privacy policy relates solely to this Application, if not stated otherwise within this document.

How can we help?

What you can do

Ask us to know and access the information we hold on you.
Ask us to correct information we hold on you.
Ask us to be forgotten (delete the information we hold on you).
Manage your privacy preferences.

In case of issues

While we strive to create a positive user experience, we understand that issues may occasionally arise between us and our users. If this is the case, please feel free to contact us.

Contact us

Cookara
Pavlo Stepura - sw. Wincentego 128/29, Warsaw, Mazovian, Poland
Owner contact email: [email protected]