Privacy Policy - ChefAi

Last updated: July 24, 2025
Contact us at chefaicontact1@gmail.com

This Privacy Policy describes how ChefAi ("we", "our" or "the application") collects, uses, protects and shares your information when you use our mobile application for AI-powered recipe generation.

1. Information We Collect

1.1 Account Information

Email address: To create and manage your account
Encrypted password: Stored securely using encryption algorithms
Google Authentication: When you choose to sign in with Google, we receive your email address and basic profile information (name) from Google to create and manage your account
OAuth Tokens: We receive secure identification tokens from Google that allow us to verify your identity without storing your Google password

1.2 Profile Information

Name: To personalize your experience
Age: To adapt nutritional recommendations
Dietary preferences: To generate recipes according to your diet (vegetarian, vegan, gluten-free, etc.)
Caloric goal: To adjust recipes to your nutritional needs
Preferred language: To customize the interface (Spanish/English)

1.3 Application Usage Data

Your pantry ingredients: Names and expiration dates you add manually
Ingredient photos: Images you upload for AI analysis
Generated recipes: History of recipes created and marked as favorites
Usage patterns: Number of recipes generated, scans performed (for limit management)

1.4 Subscription Information

Subscription status: Whether you have a free or Premium plan
Payment history: Managed securely through Stripe (see payments section)

2. How We Use Your Information

2.1 Core Functionality

Recipe generation: We use your ingredients and preferences to create personalized recipes using AI
Image analysis: We process ingredient photos to automatically identify foods
Pantry management: We store your ingredient inventory and expiration dates

2.2 Personalization

Dietary adaptation: Recipes are adjusted according to your selected diet type
Nutritional recommendations: We use your age and caloric goal to personalize suggestions
User experience: Language and settings are adapted to your preferences

2.3 Account Management

Google Sign-In: Alternative secure authentication method that allows you to use your existing Google account instead of creating a separate password
Authentication: To allow secure access to your account
Synchronization: To keep your data available between sessions
Usage limits: To manage quotas for free vs Premium plans

3. Information Sharing

3.1 We DO NOT Share Personal Information

We never sell your personal information to third parties
We don't share your data with marketing companies
We don't send information to social networks without your consent

3.2 Trusted Service Providers

Google (Authentication Service)

Purpose: Secure user authentication and account creation via Google Sign-In
Data received: Email address, name, and secure identification tokens
OAuth Scopes: We only request access to your basic profile information (email and name)
Security: Authentication handled through Google's secure OAuth 2.0 protocol
Data retention: We only store the necessary information to maintain your account; authentication tokens are not permanently stored

Supabase (Data Storage)

Purpose: Secure database and authentication
Location: Servers in the European Union
Security: End-to-end encryption and GDPR compliance

Stripe (Payment Processing)

Purpose: Secure management of Premium subscriptions
Information: Only data necessary for payment processing
Security: Complies with the highest security standards (PCI DSS Level 1)

Important: Your financial data is never stored on our servers

OpenAI (AI Services)

Purpose: Recipe generation and image analysis
Data sent: Only information necessary to generate recipes (ingredients, preferences)
Privacy: Data is processed anonymously and not permanently stored by OpenAI

4. Data Storage and Security

4.1 Security Measures

Encryption: All data is encrypted both in transit and at rest
Secure authentication: JWT tokens with automatic expiration
Passwords: Stored using secure hash (bcrypt)
Restricted access: Only authorized personnel can access systems

4.2 Data Location

Primary servers: Located in the European Union
Compliance: We adhere to GDPR regulations and European data protection standards

4.3 Data Retention

Non-favorite recipes: Automatically deleted after 7 days
Ingredient photos: They are processed and stored if the user employs it in a recipe and marks said recipe as favorite. They are deleted if not used in recipes or if after 7 days the recipe for which the photo was used is not marked as favorite.
Account data: Maintained while your account is active

5. Your Rights and Controls

5.1 Access and Control

Viewing: You can see all your information from profile settings
Modification: You can change your personal data at any time
Recipe deletion: Your recipes will be deleted if after 7 days you don't mark them as favorites, or if they are marked as favorites and you unmark them.

5.2 Account Deletion

Right to be forgotten: You can completely delete your account from settings
Immediate deletion: All your data is deleted permanently and irreversibly
Security confirmation: Confirmation process to prevent accidental deletions

5.3 Data Portability

Export: You can request a copy of your data
Format: Data is provided in readable and transferable format

6. Minors

6.1 Minors Policy

Minimum age: ChefAi is designed for users over 13 years old
Parental consent: Minors under 16 require consent from their parents or guardians
Sensitive data: We do not intentionally collect personal information from minors under 13

6.2 If We Detect Minor Data

Immediate deletion: We delete any data from minors under 13
Notification: We contact parents when necessary

7. Cookies and Tracking Technologies

7.1 Limited Use

Authentication: We only use session tokens necessary for operation
No tracking: We don't use tracking cookies or third-party analytics
Local: Session data is stored locally on your device

8. International Transfers

8.1 Data Protection

Secure transfers: Any international transfer complies with appropriate safeguards
Certified providers: We only work with providers that meet international standards
Minimization: We transfer only strictly necessary data

9. Changes to Privacy Policy

9.1 Notifications

Updates: We will notify you about significant changes to this policy
Consent: Important changes will require your explicit consent
History: We maintain a record of previous versions available upon request

10. Legal Compliance

10.1 Applicable Regulations

GDPR: Full compliance with the General Data Protection Regulation
LOPD: Adherence to Spain's Organic Law on Data Protection
Local regulations: Compliance with applicable regulations in your jurisdiction

10.2 Legal Requests

Transparency: We only share data when legally required
Minimization: We provide only specifically requested information
Notification: We inform you about legal requests when possible

11. Contact and Support

11.1 Privacy Questions

If you have questions about this Privacy Policy or the handling of your data:

Help Center: Available in the application ("Help/FAQ" section)
Exercise Rights: You can exercise your privacy rights directly from the application settings

11.2 Response to Inquiries

Response time: We respond to privacy inquiries within a maximum of 30 days
Languages: We offer support in Spanish and English
Follow-up: We provide confirmation and follow-up on your requests

12. Additional Technical Information

12.1 Application Permissions

Camera: Only for taking photos of ingredients (optional)
Gallery: Only for selecting existing photos (optional)
Network: To synchronize data and generate recipes
Local storage: To cache data and improve performance

12.2 Technical Data

We don't collect: Location, contacts, unique device identifiers
Minimal logs: We only maintain logs essential for operation and security
Anonymization: Technical data is anonymized when possible