Privacy Policy for Cook-Book

Effective Date: October 15, 2025

1. Introduction

This Privacy Policy (hereinafter, the “Policy”) describes how Cook-Book (hereinafter referred to as “the App,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards your personal data when you access or use the Cook-Book mobile or web application, any related services, and any associated digital infrastructure operated or controlled by the Cook-Book team.

By creating an account, accessing, or using Cook-Book, you acknowledge that you have read, understood, and agreed to the terms of this Policy. If you do not agree, you must not use the App or provide any personal data.

This Policy is drafted in compliance with applicable data-protection and privacy laws, including:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”);
French Law n° 78-17 of 6 January 1978 as amended (Loi Informatique et Libertés);
Any relevant decrees and recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL).

Cook-Book is owned and operated by David Kelen, who acts as the Data Controller under the meaning of Article 4(7) GDPR. For all inquiries, the contact email is support@davidkelen.com.

2. Definitions

For the purposes of this Policy:

“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, whether automated or not, such as collection, recording, storage, consultation, alteration, transmission, or deletion.
“User” or “you” refers to any individual who registers for, accesses, or uses the Cook-Book application.
“Account Data” refers to information required to create and maintain a user account, including your name and email address.
“User Content” includes any recipes, ingredients, text inputs, prompts, or other data submitted to Cook-Book by the user for generation, storage, or sharing.
“AI Services” refers to external artificial-intelligence processing systems, namely OpenAI, L.L.C. and Alibaba Cloud Computing Ltd. (Qwen), which may process User Content for the purpose of generating or refining recipes and related textual content.
“Firebase” refers to the backend cloud service provided by Google Ireland Ltd., used for user-account authentication and data storage.
“Data Controller” means the entity determining the purposes and means of data processing.
“Data Processor” means any third party that processes data on behalf of the Controller.

3. Scope

This Policy applies to all data collected through Cook-Book, including the mobile application, website, and related backend services. It covers:

Data voluntarily submitted by users (e.g., name, email, recipe inputs);
Data automatically processed by the system for authentication, functionality, and AI requests;
Any associated communications between users and the Cook-Book support team.

It does not apply to third-party platforms you may access via external links, including OpenAI’s or Alibaba’s websites or terms, which are governed by their own policies.

4. Information We Collect

4.1 Account Information

When you create a Cook-Book account, we collect the following mandatory information:

Name – used for personalisation, account identification, and correspondence.
Email address – used for login credentials, communication, and verification.

No other personal identifiers such as phone numbers, location data, or device IDs are required.

4.2 User Content

To deliver the app’s core features, you may enter or upload textual data including:

Recipes, ingredients, preparation steps;
Serving sizes and nutritional notes;
Prompts or commands directed to AI models (e.g., “make this gluten-free”);
Edits, comments, or saved recipe versions.

This User Content is transmitted to and temporarily stored within Cook-Book’s secure Firebase infrastructure and may be routed through AI Services for text generation or improvement.

4.3 Technical Data

Cook-Book automatically processes limited technical information to ensure functionality, including:

Authentication tokens for Firebase access;
Basic usage logs (time of request, API success/failure);
Non-personal error reports and crash diagnostics.

No advertising identifiers, tracking cookies, or analytics scripts are employed.

5. Legal Basis for Processing

Under Article 6 GDPR, Cook-Book processes Personal Data on the following legal grounds:

Contractual Necessity: Processing is necessary to perform the service contract established when you register an account and use the App (Art. 6 § 1(b)).
Legitimate Interest: Ensuring network and information security, preventing misuse, and maintaining service integrity (Art. 6 § 1(f)).
Legal Obligation: Compliance with French or EU laws where disclosure or retention is required (Art. 6 § 1(c)).
Consent: Certain operations, such as user communications, rely on your explicit consent, which you may withdraw at any time (Art. 6 § 1(a)).

6. Purposes of Processing

We use the collected information strictly for the following purposes:

To create and manage your user account;
To enable core functionality, including AI-powered recipe generation and editing;
To transmit User Content securely to AI Services (OpenAI and Qwen) for processing;
To maintain app stability, prevent errors, and provide technical support;
To communicate with you about account-related updates, security notices, or changes to terms;
To comply with applicable legal and regulatory obligations.

We do not use Personal Data for targeted advertising, marketing, or profiling.

7. AI Processing and Data Transmission

7.1 Use of Third-Party AI Providers

To fulfil Cook-Book’s core purpose of generating and refining culinary content, the App integrates third-party artificial-intelligence services:

OpenAI, L.L.C. – headquartered in San Francisco, California, United States;
Alibaba Cloud Computing Ltd. (Qwen) – headquartered in Hangzhou, People’s Republic of China.

All AI-related requests submitted through Cook-Book are mandatorily routed through these services using secure, encrypted channels.

7.2 Nature of Data Sent to AI Providers

The following data may be transmitted for AI processing:

Text prompts or recipe inputs that you enter in the App;
Related context necessary to generate relevant outputs (e.g., ingredient lists, dietary instructions).

No account identifiers (such as email) are transmitted alongside the content unless explicitly required for debugging or support.

7.3 Processing Characteristics

Data transmitted to AI providers is processed automatically to generate textual responses. Such data may be temporarily cached by the providers to deliver results but is not used for independent analytics or retraining by Cook-Book.

The AI providers act as independent Data Controllers under their respective jurisdictions. Their processing is governed by their own privacy policies:

OpenAI Privacy Policy: https://openai.com/privacy
Alibaba Cloud (Qwen) Privacy Policy: https://www.alibabacloud.com/privacy

By using Cook-Book, you acknowledge that these providers process your input text according to their terms, and that such transfers are inherent to the service.

8. Data Storage and Security

All account and content data is stored using Firebase, operated by Google Ireland Ltd., located at Gordon House, Barrow Street, Dublin 4, Ireland.

Firebase ensures compliance with GDPR through:

Data hosting within the European Economic Area (EEA);
Encryption of data in transit (TLS) and at rest (AES-256);
Access restrictions based on authentication tokens;
Regular security audits by Google’s Cloud Security team.

Cook-Book implements additional internal measures:

Minimum-privilege access control for developers;
Secure password hashing and user authentication;
Continuous software updates and vulnerability monitoring.

No manual access to user recipes or prompts is performed except when strictly necessary for technical or legal reasons.

9. Data Retention

We retain Personal Data only as long as necessary for the purposes outlined above. Typical retention periods are:

After these periods, data is permanently deleted or anonymised.

10. Data Subject Rights

Under GDPR and French law, you have the following rights regarding your Personal Data:

Right of Access (Art. 15): Obtain confirmation whether data is processed and access a copy.
Right of Rectification (Art. 16): Request correction of inaccurate or incomplete information.
Right of Erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
Right to Restriction (Art. 18): Limit processing under certain circumstances.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing based on legitimate interests.
Right to Withdraw Consent (Art. 7 § 3): Withdraw any previously given consent.
Right to Lodge a Complaint: File a complaint with CNIL (www.cnil.fr).

Requests may be submitted to support@davidkelen.com. Proof of identity may be required for verification. We respond within one month in accordance with Article 12 GDPR.

11. Data Sharing and Disclosure

Cook-Book does not sell, rent, or trade Personal Data. Data may be disclosed only in the following limited circumstances:

Service Providers: Firebase (Google Ireland Ltd.), OpenAI L.L.C., and Alibaba Cloud Computing Ltd. act as processors or independent controllers for the purpose of hosting or AI processing.
Legal Compliance: If required by law, judicial order, or administrative request, we may disclose data to competent authorities.
Security or Abuse Prevention: To protect rights, property, or safety of Cook-Book, users, or the public.

No other third-party sharing, analytics, or marketing partnerships exist.

12. International Data Transfers

Given the involvement of OpenAI (U.S.) and Alibaba Cloud (China), some data transfers may occur outside the European Economic Area.

To safeguard such transfers:

OpenAI is subject to the EU–U.S. Data Privacy Framework, providing adequacy under Commission Implementing Decision (EU) 2023/1795.
Alibaba Cloud applies Standard Contractual Clauses (SCCs) in accordance with Commission Decision (EU) 2021/914.

By using the App, you acknowledge that your User Content may transit through these jurisdictions solely for AI processing purposes.

13. Children’s Privacy

Cook-Book is not intended for use by children under 13 years of age. We do not knowingly collect data from minors.

If a parent or guardian believes a child has provided information, they should contact support@davidkelen.com. Upon verification, we will delete the information promptly in accordance with Article 8 GDPR.

14. Data Security Measures

Cook-Book maintains appropriate technical and organisational security measures, including:

Encrypted communications (HTTPS / TLS 1.3);
Password hashing (bcrypt or stronger);
Role-based access controls for internal personnel;
Automatic security patching of servers;
Incident response plan and breach notification procedures (Art. 33–34 GDPR).

In the unlikely event of a personal-data breach, affected users will be notified and CNIL informed within 72 hours.

15. Automated Decision-Making and Profiling

Cook-Book does not engage in automated decision-making or profiling producing legal effects concerning the user. AI responses are purely functional and contextual, generated from user prompts and not linked to identity or behaviour.

16. Cookies and Tracking

Cook-Book does not use cookies, web beacons, advertising trackers, or analytics scripts. The App operates without any cross-site tracking technologies.

Session identifiers created by Firebase are used solely for secure authentication and expire automatically upon logout or inactivity.

17. Data Retention upon Account Deletion

When you request account deletion:

Your authentication credentials and personal identifiers are removed from Firebase;
Associated recipes and prompts are permanently deleted from Firestore databases;
Backups are purged within 30 days;
Correspondence and logs are deleted after the applicable retention period.

Deletion is irreversible.

18. Changes to This Privacy Policy

Cook-Book reserves the right to modify this Policy at any time to reflect changes in technology, legal requirements, or business operations.

When revisions occur:

The “Effective Date” at the top of this page will be updated;
Notice will be provided in-app or via email;
Continued use of the App constitutes acceptance of the revised Policy.

We encourage users to review this Policy periodically.

19. Data Controller and Contact

Data Controller:
David Kelen
Email: support@davidkelen.com

For any questions, complaints, or data-subject requests, contact us at the above address.

If unresolved, you may lodge a complaint with:

Commission Nationale de l’Informatique et des Libertés (CNIL)
Service des Plaintes
3 Place de Fontenoy – TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr

20. Governing Law and Jurisdiction

This Policy and any dispute arising from its interpretation or execution shall be governed by and construed in accordance with French law.

Any dispute not resolved amicably shall fall under the exclusive jurisdiction of the competent courts of Paris, without prejudice to mandatory provisions granting rights to consumers in their habitual residence under EU Regulation 1215/2012.

21. Miscellaneous

If any clause of this Policy is held invalid, the remaining provisions remain in full force.
Failure to enforce any provision shall not constitute a waiver of rights.
The original English version prevails over any translated copies.

Summary for Users (Non-binding Overview)

Cook-Book collects only your name, email, and recipe data to let you use your account and interact with AI models. Your text inputs are securely transmitted to OpenAI and Qwen to generate results. Everything is stored safely in Firebase (Google Ireland), within Europe.

We don’t sell or share your data, and you can delete your account anytime. The app doesn’t use ads, cookies, or trackers. Cook-Book complies with French and EU privacy law and answers all requests at support@davidkelen.com.

Page updated

Google Sites

Report abuse