Privacy Policy

Last updated: February 1, 2025

1. Introduction

cooked.nl ("we", "us", "our") is a recipe management service that lets you import, organize, and cook from recipes without clutter. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data we collect

We collect the following categories of personal data:

  • Account information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google password.
  • Recipe data: Recipes you import, save, and organize within your account, including any notes or modifications you make.
  • Payment information: If you subscribe to our Pro plan, payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never have access to your full card number or bank details.
  • Usage data: Basic information about how you use the service, such as pages visited and features used, to help us improve the product.

3. How we use your data

  • Providing the service: To authenticate you, store your recipes, and manage your subscription.
  • Recipe processing: When you import a recipe, the URL content is processed using AI services to extract and format the recipe. This processing is transient and the raw URL content is not stored.
  • Payment processing: To handle subscription payments, manage billing, and provide invoices.
  • Service improvement: To understand how the service is used and make improvements.
  • Communication: To send you essential service updates related to your account or subscription. We do not send marketing emails.

4. Third-party services

We use the following third-party services to operate cooked.nl:

  • Supabase: Database hosting and authentication. Your account data and recipes are stored on Supabase infrastructure within the EU.
  • Google: Authentication provider. When you sign in with Google, Google's privacy policy applies to the authentication process.
  • Stripe: Payment processing for Pro subscriptions. Stripe handles all payment data under their own privacy policy and PCI-DSS compliance.
  • OpenAI / Anthropic: AI services used to parse and format recipes from URLs. Only the recipe content from the URL is sent for processing — no personal data is included.
  • Vercel: Hosting and content delivery. Vercel may process basic request data (IP address, user agent) as part of serving the application.

5. Cookies

We use essential cookies only, to manage your authentication session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. These essential cookies are strictly necessary for the service to function and do not require consent under the GDPR.

6. Data retention

Your account data and recipes are retained for as long as you maintain an active account. If you delete your account, all associated personal data and recipes will be permanently deleted within 30 days. Payment records may be retained longer as required by tax and accounting regulations.

7. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of all personal data we hold about you.
  • Rectification: You can ask us to correct any inaccurate data.
  • Erasure: You can request deletion of your account and all associated data.
  • Portability: You can request an export of your data in a machine-readable format.
  • Objection: You can object to our processing of your personal data.
  • Restriction: You can request that we restrict the processing of your data.

To exercise any of these rights, please contact us at the email address below.

8. Data security

We take appropriate technical and organizational measures to protect your personal data. All data is transmitted over encrypted connections (HTTPS/TLS). Access to personal data is restricted to authorized personnel only. Our service providers maintain their own security certifications and compliance standards.

9. Children's privacy

cooked.nl is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the service. Your continued use of cooked.nl after any changes constitutes your acceptance of the updated policy.

11. Contact

If you have any questions about this privacy policy or want to exercise your rights, you can reach us at:

lowie@diffuse.nl