Skip to content
Let Them Cook
About Download Legal
Get the app

Privacy Policy

Let Them Cook

Last updated: 09-07-2026

Let Them Cook ("we", "us", "the app") helps you cook with what you have — turning your pantry into recipes, meal plans and shopping lists. This policy explains what personal data we collect, why, who we share it with, how long we keep it, and the rights you have over it.

The operator and data controller is Let Them Cook. You can reach us about privacy at contact@letthemcookapp.com.


In short

  • We collect the account and cooking data you give us, plus a small amount of automatic diagnostic and anonymous-usage data.
  • Your allergies and dietary restrictions are treated as sensitive health data — we only collect and use them with your explicit consent, and you can turn that off at any time.
  • Our AI features run through our own backend. We never send your name, email, account id or IP address to the AI providers — only the recipe/pantry/chat content needed to answer you.
  • We never sell your personal data, and we do not use it for advertising.
  • You can delete your account and all its data from within the app at any time.
  • Our database is hosted in Europe (Switzerland); we and some providers also operate from India and the United States.
  • US residents: your California (CCPA/CPRA) and other state privacy rights are in §10; a consumer health-data notice is in §11. India: your rights and grievance contact are in §12.

1. Information we collect

Information you give us

What When
Email address When you create an account (by email, or with "Continue with Google", which returns your Google account email to us).
Allergies and dietary restrictions During onboarding, only if you consent (see §4). Used to personalise and to keep recipes safe for you.
Cooking profile & preferences Optional: an optional per-meal calorie target and nutrition goal, heat/spice tolerance, household size, budget, kitchen appliances, favourite cuisines, measurement units, and free-text notes about your go-to meals and cuisines.
Your cooking content Pantry items, generated recipes, meal plans, shopping lists, and the recipes you mark as cooked (your cooking history).
Photos Optional: when you "snap" a pantry item. The image is re-encoded on your device (location/EXIF metadata removed) before it is sent for food recognition. It is not stored as a photo.
Voice input Optional: only while you hold or toggle the microphone. The audio is transcribed by your phone's built-in speech service (Apple on iOS, Google on Android); we keep only the resulting text.
Feedback Optional: if you send feedback, your rating and message, stored with your account email so we can follow up and fix issues.

Information collected automatically

What Purpose
Crash & error diagnostics To find and fix bugs. Pseudonymous — tagged only with an opaque account id; passwords, tokens and emails are stripped out. If an error occurs, a short screen replay may be captured with all text and images masked.
Anonymous usage analytics Screen views and feature-usage events, with no name, email or account id attached. You can switch this off in Settings (see §6).
Push notification token Only if you enable notifications, so we can send the reminders you asked for.
Device network data Like any app, connecting to our services and to content-delivery networks exposes your device's IP address to those services (for example, our hosting provider, the app-update service, and the image CDN used for the first-run "inspiration" images).

We do not collect your precise location or your contacts, and we do not currently collect payment information. If we introduce in-app purchases in future, Apple or Google will process the payment and we will not receive your full card details. We do not collect health data beyond the allergy/dietary information and optional calorie target above.


2. How we use your data

  • To provide the app — store your pantry, recipes, meal plans and shopping lists, and generate recipes and answers you ask for.
  • To personalise recipes — using your cooking profile and (with consent) your allergies and dietary needs.
  • To send you what you enable — account emails (sign-up confirmation, password reset) and, if enabled, reminder notifications.
  • To keep the service working and safe — crash monitoring, anonymous product analytics, and abuse/security logging.

We do not use your data for advertising, and we do not sell it.


3. Legal bases (EU / EEA / UK)

Purpose Legal basis
Running the app you signed up for (storing your content, generating recipes, account login, transactional emails) Performance of a contract (Art. 6(1)(b))
Using your allergies and dietary restrictions to personalise recipes Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)) — you can withdraw it any time
Crash monitoring, anonymous analytics, and security/abuse logging Legitimate interests (Art. 6(1)(f)) in keeping the app reliable and secure — you can opt out of analytics

4. Allergies and dietary data (sensitive data)

Your allergies and dietary restrictions can reveal health, and sometimes religious or philosophical beliefs. We treat them as special-category data and handle them only on your explicit consent:

  • We ask for this consent separately during onboarding. If you decline, we do not collect this data, and we do not share it with our AI providers — you simply receive more generic recipes.
  • You can withdraw or re-grant this consent at any time in Settings → Dietary Profile. When you withdraw it, we remove your stored allergy and dietary details and stop using them to personalise recipes.

Withdrawing consent does not affect anything we lawfully did before you withdrew it.


5. Who we share data with

We use a small set of trusted service providers ("processors") to run the app. We share only what each needs, and we require them to protect your data. We never sell your data.

AI providers are pseudonymous. Recipe generation, pantry recognition and the chat assistant run through our own backend. We send those providers only the content needed to answer you (your pantry items, recipe text, chat text, and — for photo recognition — the EXIF-stripped image). We do not send your name, email, account id or IP address to them.

Provider What they receive Why
OpenAI, Google (Gemini) Pantry contents, cooking preferences and chat text (Gemini also receives EXIF-stripped photos) — no account identifiers Recipe generation, pantry parsing, chat assistant. These providers do not train on our API data.
Runware A recipe's title, description and cuisine only — no account data Generating recipe thumbnail images
Supabase Your account and service data Our database, login, file storage and backend
Sentry (EU) Pseudonymous crash diagnostics (opaque id; emails/tokens removed) Crash and error monitoring
PostHog (EU) Anonymous usage events (no identifiers) Product analytics — you can opt out
Apple / Google (APNs / FCM) Your push token and notification content Delivering notifications
Expo / EAS Build metadata and, on each launch, your device IP for app-update checks App delivery and over-the-air updates
Google ("Continue with Google") Authenticates you and returns your account email Optional Google sign-in
Email provider (Hostinger) Your email address and the sign-up/reset code Sending account emails
Apple / Google speech recognition Your voice audio, only while you use voice input Transcribing speech to text
[Unsplash] Your device IP, when first-run inspiration images load Placeholder images on the empty home screen (being replaced with bundled images)

We may also disclose data if required by law, or to protect our rights, users or the public.


6. Analytics and your choices

Our product analytics (PostHog) are anonymous — we never attach your identity to them, and we do not record your screen for analytics. Analytics are on by default to help us improve the app; you can turn them off any time in Settings → Support ("Anonymous analytics"). Turning them off stops collection on your device.


7. International data transfers

We operate from, and use service providers in, several countries — including India, the European Union, and the United States. Our primary database and backend (Supabase) are hosted in Switzerland (recognised by the EU as providing adequate data protection); error-monitoring (Sentry) and analytics (PostHog) run in the EU; and some providers (such as the AI providers, Apple, and Google) process data in the United States. Where we transfer personal data across borders, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, data-processing agreements, and transfer impact assessments.


8. How long we keep your data

Data How long
Your account and cooking content (pantry, recipes, meal plans, shopping lists, cooking history, preferences) Until you delete your account
Pantry items you delete Up to 90 days, then permanently removed
Consent records Until you delete your account
Feedback Until you delete your account
Account-deletion record (proof we erased your data) 24 months — your email is kept only as a one-way hash, never in readable form

When you delete your account, we remove your account and its associated data. We keep only the minimal, hashed deletion record above. Short-lived caches (for example recipe images and "ask about a step" answers) are held only briefly and are cleared on your device.


9. Your rights

Depending on where you live, you have rights over your personal data. For users in the EU / EEA / UK, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Data portability — receive your data in a portable form;
  • Withdraw consent at any time (for example, your dietary-data consent).

You can exercise several of these directly in the app: delete your account (which erases your data) and change your consent choices in Settings. For access or portability requests, email us at contact@letthemcookapp.com and we will respond within the timeframe the law requires (normally one month). If you believe we have mishandled your data, you can complain to your local data protection authority.

Residents of the United States and India have additional rights described in §§10–12.


10. United States state privacy rights (California CCPA/CPRA and other states)

This section applies to residents of U.S. states with consumer-privacy laws — including California (CCPA, as amended by the CPRA), Virginia, Colorado, Connecticut, Utah, and other states with comparable laws. It adds to, and does not replace, the rest of this policy.

We do not sell or "share" your data

We have not sold your personal information, and we do not "share" it for cross-context behavioral advertising — as those terms are defined under the CCPA — as of the effective date of this Policy. We do not use your data for targeted advertising, and we do not knowingly sell or share the personal information of anyone under 16. Because we do neither, there is no "Do Not Sell or Share My Personal Information" action for you to take — but you can always contact us with a question.

Categories of personal information we collect

In the last 12 months we have collected these CCPA categories (see §1 for the detail, §2 for purposes, and §5 for who receives them):

CCPA category Collected? Examples
Identifiers Yes Email address, account ID, device push token, IP address
Customer records (Cal. Civ. Code §1798.80) Yes Email address
Commercial information No —
Biometric information No We do not create voiceprints or faceprints
Internet or network activity Yes Anonymous product-usage events, crash diagnostics
Geolocation data No precise location Photo location metadata is stripped; a coarse region may be inferred from your IP
Sensory information Yes Pantry photos and voice input you choose to provide
Professional, employment, or education information No —
Inferences Limited Cooking preferences drawn from what you tell us
Sensitive personal information Yes Allergies and dietary information (health data — and, via some diets, potentially religious or philosophical beliefs)
  • Sources: you (account creation, onboarding, in-app use, feedback) and automatic collection (diagnostics, analytics, network).
  • Business purposes: to provide and personalize the app, keep it safe and reliable, and communicate with you (see §2).
  • Disclosed to: our service providers and contractors (see §5) — hosting, AI providers, analytics, crash monitoring, email delivery, notifications, and the image CDN — under written contracts, and only to run the service. These disclosures are not sales.

Sensitive personal information

We collect your allergies and dietary information only with your consent, and we use it only to provide the recipe personalization you asked for — never to infer characteristics about you, and never for advertising or profiling. You can turn it off at any time in Settings → Dietary Profile. Under the CPRA you have the right to limit the use of sensitive personal information; because we already use it solely for this service you requested, turning it off in Settings fully exercises that right. (See also the consumer health-data notice in §11.)

Your rights

Depending on your state, you may have the right to:

  • Know / access the categories and specific pieces of personal information we hold about you;
  • Delete your personal information;
  • Correct inaccurate personal information;
  • Portability — receive a copy in a portable format;
  • Opt out of the sale or sharing of personal information, and of targeted advertising and certain profiling — not applicable here, because we do none of those;
  • Limit the use of sensitive personal information (see above);
  • Non-discrimination — we will not deny service, change prices, or give you a lesser experience for exercising your rights.

How to exercise your rights

  • In the app: delete your account (which erases your data), and change your consent choices in Settings.
  • By email: write to contact@letthemcookapp.com. We will verify your request against information tied to your account, and respond within the time your law requires (for California, generally 45 days, extendable once by a further 45 days with notice).
  • Authorized agents: you may use an authorized agent to make a request; we may ask the agent for proof of authorization and ask you to verify your identity directly.

Appeals

If we decline your request, you may appeal by emailing contact@letthemcookapp.com with "Appeal" in the subject line; we will review and respond within the time your state law requires. If we deny your appeal, you may contact your state Attorney General. (Virginia, Colorado, Connecticut, and similar states provide a statutory right to appeal.)

Opt-out preference signals

Because we do not sell or share personal information or serve targeted advertising, we do not need to act on Global Privacy Control (GPC) or "Do Not Track" browser signals for those purposes.


11. U.S. consumer health data

Some U.S. states — for example under Washington's My Health My Data Act, Nevada's SB 370, and Connecticut's health-data amendments — treat information about your health as regulated "consumer health data." For this app, that can include your allergies, dietary restrictions, and nutrition goals.

  • We collect this data only with your consent and use it only to provide and personalise the Service, power allergy/safety filtering, generate relevant recipes, and respond to your requests.
  • We do not sell consumer health data, and we do not use it for advertising.
  • We disclose it only to the service providers in §5 acting on our behalf, or as required by law.

Where your state grants these rights, you may request access to, correction of, deletion of, or withdrawal of consent for this data, and a list of the third parties with whom we have shared it — by contacting contact@letthemcookapp.com.


12. India privacy rights and grievance contact

If you are in India, we handle your digital personal data in line with applicable Indian data-protection law, including the Digital Personal Data Protection Act, 2023. You may request access to, correction, completion, updating, or erasure of your personal data, and you may withdraw consent where our processing relies on it, by contacting our grievance channel below.

  • Grievance contact: contact@letthemcookapp.com
  • Response: we aim to acknowledge and address grievances within 3 days.

If you are not satisfied with how we handle your grievance, you may escalate to the Data Protection Board of India as provided under applicable law.


13. Cookies and similar technologies

Our website and web pages may use cookies, local storage, SDKs, and similar technologies for sign-in, remembering your preferences, security, analytics and performance. The mobile app uses on-device storage (including your device's secure store for your login session) rather than advertising cookies, and we do not use cookies for cross-site tracking or advertising. For details about our website, see our Cookie Policy at www.letthemcookapp.com/cookie-policy/. You can control cookies through your browser settings; disabling some may affect functionality.


14. Security

  • Your login session is stored in your device's secure hardware store (iOS Keychain / Android Keystore).
  • All traffic to our backend uses encrypted HTTPS/TLS.
  • Your data is isolated from other users at the database level, so one account cannot read another's data.
  • Pantry photos are re-encoded on your device to remove location/EXIF metadata before they are uploaded.

No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.


15. Children

Let Them Cook is intended for users who are at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided us data, contact contact@letthemcookapp.com and we will delete it.


16. Changes to this policy

We may update this policy as the app evolves. When we make material changes, we will update the "Last updated" date and, where appropriate, ask you to review the changes in the app. Your continued use after an update means you accept the revised policy.


17. Contact

  • Operator: Let Them Cook
  • Support, privacy, and grievance: contact@letthemcookapp.com
Let Them Cook logo Let Them Cook

Download

Google Play App Store

Contact

contact@letthemcookapp.com

Follow us

© Let Them Cook. All rights reserved.