Privacy Policy

1. Information We Collect

We collect various types of information to provide and improve the Service. The categories of information we collect include:

Contact and Authentication Information

• Email address
• Name and username
• Password (stored in hashed form only)
• Google or Apple OAuth tokens (for social sign-in)

Profile Data

• Profile avatar/photo
• Bio and personal description
• Location (optional)
• Website or social links (optional)
• Cooking skill level

Food Preferences and Dietary Information

• Dietary restrictions (vegetarian, vegan, halal, kosher, etc.)
• Food allergies (nuts, dairy, eggs, soy, wheat, fish, shellfish, sesame, and others)
• Cuisine preferences
• Serving size preferences
• Cooking time preferences
• Kitchen equipment available

Usage Data

• Recipe interactions (views, saves, ratings, reviews)
• Meal plans and schedules
• Grocery lists and shopping history
• Favorite recipes and collections
• Cooking session history
• Search queries

Device and Technical Data

• IP address
• Device type and model
• Operating system and version
• Browser type and user agent
• App version
• Error logs and crash reports (via Sentry)
• Performance metrics

2. How We Collect Information

We collect information through the following methods:

• Direct Collection: Information you provide when creating an account, setting preferences, or interacting with features
• Automatic Collection: Technical data automatically recorded by our servers when you use the Service
• Third-Party Authentication: Information received from Google or Apple when you use social sign-in
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to enhance functionality and analyze usage

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain the Service
• To personalize your experience with AI-powered recipe recommendations
• To filter recipes based on your dietary restrictions and allergies
• To create and manage your meal plans
• To generate shopping lists
• To notify you about account activity and Service updates
• To provide customer support
• To analyze usage patterns and improve the Service
• To detect, prevent, and address technical issues and security threats
• To send marketing communications (only with your consent)
• To comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Union (EU) and European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: For marketing communications, optional features, and processing of sensitive data like dietary restrictions and allergies
• Contract Performance: To provide account services, process your requests, and deliver the features you use
• Legitimate Interests: For security measures, fraud prevention, analytics to improve the Service, and internal administration
• Legal Obligation: To comply with applicable laws and regulations, respond to legal requests, and protect our rights

5. Third-Party Services and Data Sharing

We use trusted third-party service providers to operate and improve the Service. These providers are contractually obligated to protect your data and may only use it for the purposes we specify. The categories of service providers we work with include:

• Cloud Infrastructure & Database Providers: To securely store and manage user accounts, recipes, and app data
• AI & Machine Learning Providers: To power recipe recommendations, search, and personalization features
• Authentication Providers: To enable secure sign-in via Google and Apple
• Error Monitoring & Analytics Providers: To track and resolve technical issues, crashes, and performance metrics
• Email Service Providers: To deliver transactional and marketing emails
• Payment Processors: Payments are handled by the Apple App Store and Google Play Store (see Section 6)

We do not sell your personal information to third parties. We may also disclose your information when required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.

6. Billing and Payments

GosuChefs offers premium subscription features. When subscription services are available:

• Payments are processed through the Apple App Store (iOS) or Google Play Store (Android)
• GosuChefs does not directly collect or store payment card information
• We receive confirmation of your subscription status and plan type from the app stores
• For billing inquiries, please refer to the respective platform's privacy policy:
  • Apple Privacy Policy
  • Google Privacy Policy

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Specific retention periods are:

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Specifically:

• Our primary servers are located in the United States (AWS infrastructure)
• For transfers from the EU/EEA to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission
• All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• We ensure that any international transfers comply with applicable data protection laws

9. Your Privacy Rights

Regardless of your location, you have the following rights regarding your personal information:

• Right to Know: Request information about what personal data we collect about you
• Right to Access: Obtain a copy of your personal data
• Right to Correct: Request correction of inaccurate personal data
• Right to Delete: Request deletion of your personal data, subject to certain exceptions
• Right to Data Portability: Receive your data in a commonly used, machine-readable format
• Right to Opt-Out: Opt out of marketing communications at any time

10. GDPR Data Protection Rights (EU/EEA Residents)

If you are a resident of the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access (Article 15): Obtain confirmation of whether we process your data and access to that data
• Right to Rectification (Article 16): Have inaccurate personal data corrected without undue delay
• Right to Erasure (Article 17): Have your personal data deleted ("right to be forgotten") under certain circumstances
• Right to Restriction (Article 18): Restrict processing of your personal data in certain situations
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used format and transmit it to another controller
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
• Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that significantly affect you
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority in your EU member state

EU Representative

In accordance with GDPR Article 27, we have appointed an EU representative for data protection matters. EU residents may contact our representative at:

Email: support@gosuchefs.com

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Privacy Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information
• Right to Limit Use of Sensitive Personal Information: Limit how we use sensitive personal information such as allergy data
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

Do We Sell Personal Information?

No. GosuChefs does NOT sell your personal information. We do not exchange personal information for monetary or other valuable consideration.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization and we may require you to verify your identity directly.

Categories of Personal Information Collected

12. Children's Privacy (COPPA Compliance)

GosuChefs is committed to protecting the privacy of children. Our Service is not intended for children under the age of 13.

• Minimum Age: Users must be at least 13 years old to create an account and use GosuChefs
• EU Users: Users under 16 in the European Union require parental or guardian consent
• No Knowing Collection: We do not knowingly collect personal information from children under 13
• Discovery and Deletion: If we discover we have collected information from a child under 13, we will promptly delete that information

Rights of Parents and Guardians

Parents or guardians may:

• Review personal information collected from their child
• Request deletion of their child's personal information
• Refuse further collection of their child's information
• Contact us to exercise these rights at support@gosuchefs.com

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users via email within 72 hours of confirming the breach
• Notify relevant supervisory authorities as required by law
• Provide information about the nature of the breach and the types of data affected
• Describe the likely consequences of the breach
• Outline the measures taken or proposed to address the breach
• Provide recommendations for steps you can take to protect yourself

14. Information Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• Password hashing using bcrypt with salt
• JWT-based authentication with secure token handling
• Rate limiting to prevent brute-force attacks
• Regular security audits and vulnerability assessments

Organizational Safeguards

• Role-based access controls limiting data access to authorized personnel
• Employee security awareness training
• Vendor security assessments for third-party services
• Incident response procedures

While we implement these safeguards, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

15. How to Exercise Your Rights

You can exercise your privacy rights through any of the following methods:

• Email: support@gosuchefs.com
• In-App: Account Settings → Privacy → Manage My Data
• Mail: Gosu Chef LLC, Attn: Privacy Team, Milton, MA 02186

Verification Process

To protect your privacy, we may need to verify your identity before processing requests. This may include confirming your email address or other account information.

Response Timelines

• CCPA Requests: We will respond within 45 days, with a possible 45-day extension if necessary
• GDPR Requests: We will respond within 30 days, with a possible extension for complex requests
• General Requests: We aim to respond to all privacy requests within 30 days

16. Email Communications

We are committed to responsible email practices and comply with CAN-SPAM Act and GDPR requirements.

Types of Emails

• Transactional Emails: Account confirmations, password resets, security alerts, and important service updates
• Marketing Emails: Newsletters, promotions, and product updates (only with your explicit consent)

Managing Email Preferences

• Click "unsubscribe" at the bottom of any marketing email
• Update preferences in Account Settings → Notifications
• Contact support@gosuchefs.com

Note: You cannot opt out of essential transactional emails related to your account security and service.

17. Links to Other Websites

Our Service may contain links to third-party websites, including recipe sources, social media platforms, and partner services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.

• Material Changes: We will notify you via email and/or in-app notification before material changes take effect
• Notice Period: We will provide at least 30 days' notice when possible for significant changes
• Continued Use: Your continued use of the Service after changes become effective constitutes acceptance of the updated policy
• Policy History: We maintain previous versions of this policy and will provide them upon request

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Gosu Chef LLC
Milton, MA 02186
United States

• Privacy Inquiries: support@gosuchefs.com
• Abuse/Spam Reports: support@gosuchefs.com
• Legal Matters: support@gosuchefs.com
• EU Privacy Representative: support@gosuchefs.com

20. Acceptance of This Policy

By using GosuChefs, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our Service. Your continued use of the Service following the posting of changes to this policy will be deemed your acceptance of those changes.