Privacy Policy

Account and profile. When you register or sign in, we collect identifiers such as username, email address, and authentication details. If you use Google sign-in, Google shares certain profile information with us according to your Google account settings and Google's privacy policy.

Content you provide. We store recipes, imports, chat messages, preferences (such as dietary settings and kitchen tools), and other content you add to the Service so we can provide features to you.

Usage and technical data. We collect information about how you interact with the Service, including device or browser type, approximate location derived from IP address, log and error data, and product analytics events. See our Cookie & analytics page for more on cookies and similar technologies.

Payments. If you subscribe to a paid plan, Stripe collects billing and payment information. We receive limited information from Stripe (for example, subscription status and identifiers) as needed to operate billing.

• Provide, maintain, and improve the Service, including personalization and AI-assisted features.
• Authenticate users, secure accounts, prevent fraud and abuse, and enforce our terms.
• Send service-related and transactional messages (such as verification and password reset).
• Analyze usage so we can understand performance and improve the product.
• Comply with law and respond to lawful requests.

Some features send prompts, recipe text, or related context to AI models so we can generate or adapt content for you. That processing is performed by our AI providers under contractual terms. Do not submit highly sensitive personal information in free-text fields if you can avoid it.

We use third-party services that process data on our behalf, including as applicable:

• Hosting and analytics: Vercel (privacy policy), including Vercel Analytics as described on our Cookie & analytics page.
• Error monitoring: Sentry when enabled, for crash and error reports that may include technical context (such as device, browser, and application state) Sentry privacy policy.
• Database: Turso (LibSQL) for storing application data.
• AI: OpenAI or other model providers we configure for the Service (OpenAI privacy policy).
• Email: Resend for transactional email (privacy policy).
• Authentication: Google, when you choose “Sign in with Google.”
• Payments: Stripe for paid subscriptions (Stripe privacy center).
• Optional imagery: Unsplash when we fetch stock photos for some recipes (search queries derived from recipe text; see Unsplash privacy policy). This is only used if the feature is enabled for our deployment.

We may update this list as our infrastructure changes.

We retain information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account where the product supports it; some information may remain in backups for a limited period or where retention is required by law.

We use commercially reasonable technical and organizational measures designed to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We may process and store information in the United States and other countries where we or our providers operate. Those countries may have data protection laws that differ from your country of residence.

The Service is not directed at children under 16, and we do not knowingly collect personal information from them. If you believe we have collected information from a child, please contact us so we can take appropriate steps.

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, or to object to or restrict certain processing. You can manage some information in your account settings. You may also contact us using the details below. If you are in the European Economic Area or UK, you may lodge a complaint with your local supervisory authority.

We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the “Last updated” date. Where changes are material, we will provide additional notice as appropriate.

Contact: legal@cotta-ai.com.

Related: Terms of Service · Cookie & analytics