Privacy Policy

Last updated: May 2026

1. What data we collect

When you register, we collect your name, email address, and password (stored as a secure bcrypt hash — we never store your plain-text password). You may optionally provide a profile photo URL, location, bio, and links.

If you register or sign in with Google, we receive your name, email, and profile picture from Google.

If you use a BYOK (Bring Your Own Key) subscription and save an AI API key, it is stored encrypted with AES-256-GCM — it is never stored or transmitted in plain text.

Recipes you create or save, comments, and likes are stored to provide the service.

We set a session cookie (cookbook_session) to keep you logged in for up to 7 days.

2. How we use your data

Your data is used solely to provide the Cookbook Social recipe-sharing service: to authenticate you, display your profile, store your recipes, and enable social features (likes, comments, follows).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-party services

Google OAuth (optional): if you choose to sign in with Google, your authentication is handled by Google. Google's privacy policy applies to that interaction.

AI providers (optional, BYOK only): if you save your own OpenAI or Groq API key, it is sent to those providers only when you explicitly request AI-powered recipe parsing. We do not share it otherwise.

4. Data security

Passwords are hashed with bcrypt (12 rounds) and never stored in plain text.

AI API keys are encrypted at rest with AES-256-GCM using a server-side secret.

Data is stored in a PostgreSQL database on Railway infrastructure.

5. Your rights

You can edit or delete your profile and all your recipes at any time from your Profile → Settings page.

Deleting your account schedules removal after a 14-day restoration window. During that period the account is inactive and can be restored by signing in again.

After the window expires, your profile, recipes, likes, comments, follows, credentials, jobs, and other account-linked data are removed. Recipe copies already saved by other users remain in their accounts, but the link back to your deleted account is removed.

To request data export or deletion by email, contact us below.

6. Contact

For any privacy-related questions, contact us at: [email protected]