Privacy Policy

Last updated: April 12, 2026

CookSnap ("we", "our", or "us") is operated by Lumino Apps. This Privacy Policy explains what data we collect, why we collect it, and how you can control it when you use the CookSnap mobile application.

1. Information We Collect

• Account data (Google Sign-In): When you choose to sign in with Google, we receive your name, email address, and profile picture from Google. Sign-in is optional — you can use CookSnap anonymously.
• Anonymous user ID: If you use the app without signing in, Firebase Authentication assigns you an anonymous identifier. No name or email is linked to this ID.
• Device identifier (fraud prevention): To prevent abuse of our free credits system, we collect a hardware-bound device identifier (Android ID) the first time free credits are granted on a device. This identifier is stored in our database solely to prevent the same device from claiming free credits multiple times. It is not used for advertising, analytics, or any other purpose, and is not shared with third parties.
• App activity: We store your generated recipes, liked and disliked recipes, scanned ingredient inventories, credit balance, and locale/country preference in Firebase Firestore to provide the core functionality of the app.
• Camera & photos: The app accesses your camera or photo library only when you explicitly choose to scan ingredients. The photos you take are sent to our AI providers (Anthropic and OpenAI) for ingredient identification and are not stored on our servers.
• AI-generated recipe images: Images generated for your recipes are stored in Firebase Storage under your user ID and are displayed in the app. They are deleted when you delete your account.
• Purchase records: If you purchase credits, we record the transaction token, product ID, credits granted, and your user ID to fulfill the purchase and prevent duplicate credits. We do not store payment card details. See Section 4 for retention details.
• Usage analytics: We collect anonymised behavioural data (e.g. which features you use, how often you generate recipes, whether you complete a purchase) via Firebase Analytics to understand how the app is used and improve it. We have disabled advertising identifier (GAID) collection — analytics data cannot be used for cross-app tracking or advertising profiling.

2. How We Use Your Information

• To identify ingredients in photos and generate personalised recipe suggestions
• To maintain your credit balance and process in-app purchases
• To sync your recipes and preferences across sessions and devices (when signed in with Google)
• To understand how the app is used and improve its features
• To diagnose technical issues and errors

3. Third-Party Services

We do not sell your personal data. We use the following services, each of which processes data on our behalf under their own privacy policies:

• Google Firebase (Authentication, Firestore, Storage, Analytics, Cloud Functions) – Privacy Policy
• Anthropic – Processes ingredient photos and generates recipe text. Photos are submitted as base64 data and are not retained by Anthropic beyond the API request. Privacy Policy
• OpenAI – Used as a fallback for ingredient analysis, recipe generation, and recipe image generation (DALL-E 3 / gpt-image-1). Photos and ingredient data may be processed by OpenAI. Privacy Policy
• Spoonacular – Ingredient names (translated to English if necessary) are sent to the Spoonacular recipe API to find reference recipes that match your inventory. No account data or personal identifiers are sent. Terms
• Google Play Billing – Processes in-app purchases. Privacy Policy

4. Data Retention and Deletion

Account deletion (in-app): You can permanently delete your account and all associated data at any time directly within the app — go to the Account section and tap "Delete account". This will immediately and irreversibly delete:

• Your Firestore data (recipes, favourites, inventory, credits, preferences)
• Your AI-generated recipe images from Firebase Storage
• Your Firebase Authentication account

Purchase records: Transaction records (purchase token, product ID, credits granted, and user ID) are retained after account deletion for financial record-keeping purposes. These records do not contain payment card information or contact details and are not used for any other purpose.

Device identifier (fraud prevention): The device identifier collected for free-credits fraud prevention is retained after account deletion. This is necessary for the fraud prevention measure to remain effective — without retention, deleting and recreating an account would bypass the protection.

Anonymous accounts: Data associated with anonymous accounts (accounts not linked to a Google login) is retained until you delete the account via the in-app option or uninstall the app.

You may also contact us at the email below to request deletion if you are unable to use the in-app option.

5. Your Rights (EEA / UK Users)

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR / UK GDPR:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate data.
• Right to erasure: You can delete all your data at any time using the in-app "Delete account" feature, or by contacting us.
• Right to object: You may object to processing based on legitimate interest (e.g. analytics). To opt out of analytics, contact us.
• Right to data portability: You may request an export of your personal data in a structured format.

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

6. Legal Basis for Processing (EEA / UK)

• Contract performance: Account data, recipe storage, credit management — necessary to provide the service you signed up for.
• Legitimate interest: Anonymised usage analytics — used to improve the app. We have minimised this by disabling advertising identifiers.
• Legitimate interest: Device identifier for fraud prevention — used to protect the integrity of the free credits system. We collect only a single hardware-bound identifier, retain it only for this purpose, and do not use it for tracking or advertising.
• Legal obligation: Purchase records retained for financial and legal compliance.

7. Children's Privacy

CookSnap is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Security

All data is transmitted over HTTPS. Your data is stored in Google's Firebase infrastructure, which is protected by Google's enterprise security controls. We do not have access to your Google account password or payment card details.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to request data deletion, contact us at:
luminoapps.dev@gmail.com