PPrivateCookbook
Get started
Your privacy

Privacy Policy

Last updated April 11, 2026

The short version

We don't sell your data. We don't share it with advertisers. We don't train AI models on your private cookbook. The only people who can see your recipes are you, the people you explicitly share individual recipes with, and the AI cooking partner when you ask it for help. That's it.

What we store

  • Your recipes — title, description, ingredients, instructions, photos you upload, category, cook time
  • Your cooking history — every cook session as a permanent versioned snapshot, including your notes, ratings, and outcome
  • Your taste profile — dietary restrictions, allergies, cuisine preferences, household size, skill level. Some of this is filled in by you, the rest is auto-learned from your cook history.
  • Your chat conversations — every conversation you have with the AI cooking partner is saved so you can come back to it later
  • Your email address — for sign-in and account recovery only
  • Basic usage data — which features you use, error logs (so we can fix bugs)

What we don't store

  • Your payment details. If you pay for Premium, your card number is handled by Stripe. We never see it. We only store the Stripe customer ID and subscription status.
  • Your password in plain text. Passwords are hashed with Argon2 (a very strong, slow hashing algorithm) before being stored. Even we can't read your password.
  • Your photos after they're processed by AI. When you upload a photo for AI analysis, the photo is sent to the vision model, the response comes back, and the AI provider does not retain the image.
  • Browsing history outside the app. We don't have a tracking pixel. We don't have Google Analytics. We don't have Facebook Pixel.
  • Your location. We never request it.
  • Your contacts, calendar, photos library, microphone, or camera — except when you explicitly tap the photo upload button to attach an image to a chat message.

Cookies

We use exactly two cookies, both required for the app to function:

  • pcb_access — your JWT access token, used to authenticate API requests. Expires after 12 hours.
  • pcb_refresh — your JWT refresh token, used to get a new access token without making you sign in again. Expires after 30 days.

We do not use tracking cookies, advertising cookies, or third-party cookies.

How AI processing works

When you chat with the AI cooking partner:

  1. Your message and a summary of your taste profile are sent to our AI provider (currently OpenAI's GPT-4o or a self-hosted local model).
  2. The AI generates a response.
  3. The response is returned to you and stored in your chat history on our server.
  4. The AI provider does not retain or train on the request. We use API endpoints that are specifically committed by contract to not training on user content.

When you upload a photo for analysis, the same flow applies: photo goes to the vision API, response comes back, the AI provider does not retain the image.

If you want to use the cookbook without ever sending data to a third-party AI, just don't use the AI features. Everything else (recipes, versioning, cook mode, sharing, grocery lists, meal planner) runs entirely on our own servers.

Sharing

When you share a recipe with someone via the share button, that one specific recipe becomes readable by the email address you specified. Your full cookbook is not shared. The recipient can cook the recipe and track their own versions of it under their own account, but they cannot edit or delete your original. You can revoke a share at any time.

Third-party services we use

  • Stripe — handles all payment processing. We never see your card details.
  • OpenAI — processes AI chat messages and image analysis. Contractually committed to not training on API content.
  • Email provider — sends transactional emails (account verification, password reset). Does not have access to your recipes.

We do not use Google Analytics, Meta Pixel, advertising networks, or any other tracking service.

Your rights

  • Right to access — see everything we have on you. Email us, we'll send it.
  • Right to export — download all your recipes and cooking history.
  • Right to deletion — delete your account from Settings or by email. We permanently remove everything within 30 days.
  • Right to correction — edit anything inside your account at any time.
  • Right to opt out of AI — simply don't use the AI features. The rest of the app works fine without them.

Children

PrivateCookbook is not intended for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy

If we change how we handle your data in any meaningful way, we'll email you and post a notice in the app before the change takes effect. We won't quietly weaken your privacy.

Contact

Questions, requests, or concerns? Email Bobby directly at [email protected]. Real human, not a bot.

Back to home