Privacy Policy
Last updated: 25 May 2026
This policy explains what data CulinoFood (the "app", operated by Click Webstudio Inc.) collects, why we collect it, how we store it, and the rights you have over it.
1. Data we collect
- Account: email, name, handle, optional avatar and bio.
- Cooking data: pantry items, shopping lists, meal logs, weight entries, planned meals, cook history, favorites, recipes you create.
- Community content: posts, comments, likes, follows, blocks, reports you submit.
- Chat: messages exchanged with Chef Mila (our AI sous-chef).
- Photos: dish/pantry/receipt/profile photos you upload. Stored on Cloudflare R2.
- Diagnostic: crash reports and basic device info (model, OS version) used only to fix bugs.
- Authentication: Google ID tokens when you sign in with Google. We never receive your Google password.
2. Why we collect it
- To operate the features you use (meal planning, scans, chat, community).
- To send transactional email (welcome, password reset).
- To enforce community safety (moderation, reports, blocks).
- To improve the product (error tracking).
We do not sell personal data. We do not show third-party ads.
3. Third-party processors
- Google Gemini — recipes, image generation, photo analysis, content moderation. Sent: your prompts, conversation history, and uploaded photos. Not used by Google to train models for our requests.
- Cloudflare R2 — image storage.
- Resend — transactional email delivery.
- Apple (App Store, Sign in with Apple) — billing, account.
- Google Sign-In — authentication.
4. Data retention
We keep your data as long as your account is active. Deleting your account permanently erases all personal data within 30 days. You can delete your account from Profile → Delete account.
5. Your rights (GDPR / CCPA / CPRA)
- Access & export: in-app at Profile → Export my data.
- Correction: edit your profile in-app.
- Deletion: in-app at Profile → Delete account.
- Portability: the export includes all data in JSON.
- Withdraw consent: stop using the app and delete your account.
- Complaint: contact your local data protection authority.
6. Children
CulinoFood is not directed at children under 13 and we don't knowingly collect their data. If you believe a child has created an account, email us and we'll remove it.
7. Security
Passwords are stored hashed with bcrypt. Tokens are HMAC-signed JWTs. Transport is HTTPS only. Photos are served over a CDN with HTTPS. We rate-limit AI endpoints to prevent abuse.
8. Changes
We'll update this page when our practices change and bump the date at the top. Significant changes will be notified inside the app.
9. Contact
Privacy questions: hello@culinofood.com
Click Webstudio Inc., Canada.
© CulinoFood. Terms of Service