Privacy Policy

Last updated: April 2026

CookBookBuddy ("we", "us", or "our") operates recipicius.com. This policy describes what personal information we collect, how we use it, and your rights regarding it.

1. Information We Collect

When you create an account or use the app, we may collect:

• Email address — used as your username and for password reset emails.
• Password — stored as a bcrypt hash (never in plain text, never returned by the API).
• OAuth profile data — if you sign in with Google, we receive your email address and display name from Google. No Google account data is stored beyond what is needed to identify your account.
• Recipe content — recipes, ingredients, instructions, images, and reviews you create or import.
• Usage data — basic server logs (IP address, request timestamps) for security and debugging. Logs are not used for advertising.

2. How We Use Your Information

• To provide and maintain the service (authentication, recipe storage, search).
• To send password reset emails when you request them.
• To enforce our Terms of Service (e.g. detecting and acting on reported content).
• To diagnose bugs and improve the service.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

3. Third-Party Services

The app relies on the following third-party services, which may process data as part of normal operation:

• MongoDB Atlas — cloud database hosted by MongoDB, Inc. Your account and recipe data is stored here.
• Google OAuth 2.0 — if you choose to sign in with Google.
• Google Gemini AI — processes recipe URLs and images you submit for import or scan. Content sent to Gemini is subject to Google's API terms.
• SMTP email provider — used only to deliver password reset emails.
• DigitalOcean — cloud hosting provider for the application server.

4. Cookies

We use two functional cookies:

• auth_token — an httpOnly JWT cookie used to authenticate your session (7-day lifetime). Not accessible to JavaScript.
• csrf_token — a CSRF protection token used to validate state-changing requests (7-day lifetime).

These are strictly necessary for the service to function. We do not use tracking, analytics, or advertising cookies.

5. Data Retention

Your account data is retained until you delete your account. Recipes you create remain in the database until you delete them. Server logs are rotated periodically.

6. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. You can:

• Delete your account — from your profile page, which permanently removes your account data.
• Delete your recipes — from each recipe's detail page.
• Request a copy of your data — by contacting us at the email below.

7. Children's Privacy

CookBookBuddy is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will remove it.

8. Changes to This Policy

We may update this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy. We will update the "Last updated" date at the top when changes are made.

9. Contact

For privacy-related questions or data requests, contact us at: [email protected]