Privacy Policy
How we collect, use, and protect your information
Last updated: May 29, 2025
1. Who We Are
Potluck Club ("Potluck Club", "we", "us", or "our") is owned and operated by a developer based in the United States.
Privacy contact: getcookbook.ai@gmail.com
2. Information We Collect
| Category | Data Elements | Source | Purpose |
|---|---|---|---|
| Account | Name, email, username, password (hashed & salted), optional bio, avatar | Provided by you | Create and secure your account |
| Content | Recipes (title, description, ingredients, instructions, images), ratings, comments | Provided by you | Publish and share content in the app |
| Derived Preferences | Dietary inferences from saved/created recipes | Generated by app | Personalise feed and search results |
| Authentication Tokens | OAuth tokens for Google Sign‑In and Apple Sign‑In | Third‑party providers | Authenticate you securely |
| Device & Log Data | IP address, device model, OS version | Automatic | Security, debugging |
| Usage Analytics | Screen views, button taps, scrolls, crash traces, performance metrics | Automatic via in‑app analytics SDK | Diagnose bugs, measure feature adoption, improve UX |
We do not collect precise location data or health‑specific data.
3. How We Use Information
- Provide core functionality (create, save, share recipes)
- Authenticate and secure accounts
- Personalise content based on your activity
- Analyse aggregated usage analytics to debug and improve the app
- Comply with legal obligations
We do not currently:
- Send marketing emails
- Train AI models on personal data for unrelated purposes
If these activities begin in the future, we will update this policy and, where required, request your consent. Marketing emails will always include an opt‑out link.
4. Legal Bases (GDPR)
| Processing Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation and app delivery | Contract (Art. 6 (1)(b)) |
| Personalisation, security, usage analytics | Legitimate interests (Art. 6 (1)(f)) |
| Compliance with law | Legal obligation (Art. 6 (1)(c)) |
| Marketing emails (if introduced) | Consent (Art. 6 (1)(a)) |
5. How We Share Information
| Recipient | Purpose |
|---|---|
| Supabase (United States) | Cloud database and file storage |
| PostHog Cloud (US or EU) | Product analytics |
| Google Sign‑In / Apple Sign‑In | OAuth authentication |
| OpenAI API | Generate recipe suggestions per request (recipe text only) |
| Law‑enforcement or regulators | When legally required |
Service providers process data only on our instructions and under appropriate confidentiality and security obligations.
6. Data Retention
- Account data & user‑generated content: retained until you delete your account.
- Server logs: retained for up to 30 days for security, then anonymised.
- Analytics events: retained for up to 24 months, then aggregated or deleted.
7. Security Measures
- TLS/HTTPS encryption for data in transit
- Bcrypt‑hashed passwords
- JSON Web Tokens for sessions
- Role‑based access control in Supabase
While we follow industry best practices, no security system is perfectly secure.
8. Your Rights
| Region | Rights & How to Exercise |
|---|---|
| European Economic Area / United Kingdom (GDPR) | Access, rectify, erase, restrict, port, object. Email getcookbook.ai@gmail.com. |
| California (CCPA) | Know, delete, opt‑out of sale (we do not sell data), equal service. Email getcookbook.ai@gmail.com. |
We will verify your identity before fulfilling any request.
9. Children's Privacy
The app is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us for removal.
10. International Data Transfers
User data is stored on Supabase servers located in the United States. If you reside outside the United States, your data will be transferred to and processed in the United States or other regions where Supabase operates. Where required, we rely on legally recognised transfer mechanisms to protect your information.
11. Changes to This Policy
If we make material changes (for example, begin marketing emails), we will notify you in‑app and update the "Last updated" date above. Continued use of the app after changes become effective constitutes acceptance of the revised policy.
12. Contact Us
For privacy questions or requests, email getcookbook.ai@gmail.com.