Privacy Policy
Last updated: 20 June 2026
Kuchenly (“we”, “us”, “the app”) helps you capture recipes, plan meals, and build shopping lists. This policy explains what we collect, why, who we share it with, and your choices. It applies to the Kuchenly mobile app, wherever you use it. Region-specific rights for Australia, the EEA/UK, and the United States are set out in Section 6.
1. Information we collect
Account information. When you sign up we collect your email address and an authentication identifier. Passwords are handled by our authentication provider and are never stored by us in readable form. If you sign in with Google, we receive your email and basic profile identifier from Google.
Content you create. Recipes, meal plans, shopping lists, pantry items, and your unit-display preference. This is stored against your account so it syncs across sessions and devices.
Recipe capture inputs.
- Photos you take or choose for recipe capture are sent to our AI service for text extraction (see Section 3). We do not browse or store your wider photo library.
- Microphone / voice. Voice dictation uses your device’s on-device speech recognition. The audio is transcribed locally on your phone; we do not receive or store your voice audio. Only the resulting text — which you can review and edit — is sent for recipe parsing.
Technical data. Standard data needed to operate the service (e.g. authentication tokens, app/device diagnostics from the platform).
Crash & error reports. When the app crashes or hits an error, we send a diagnostic report (device model, OS version, app version, and the error/stack trace) to our crash-reporting provider Sentry to find and fix bugs. These reports are configured to exclude personal identifiers (no IP address or user profile). We do not run advertising trackers.
2. How we use your information
- To provide the core features (capture, plan, shop) and sync your content.
- To authenticate you and keep your account secure.
- To process recipe photos and dictated/typed text into structured recipes.
- To send essential account emails (e.g. sign-up confirmation, password reset).
We do not sell your personal information, and we do not share it for cross-context behavioural advertising — we run no advertising or analytics SDKs. The only third-party SDK in the app is Sentry, used solely for crash diagnostics (above).
Legal bases (EEA/UK — GDPR Art. 6). Where GDPR applies, we rely on:
| Purpose | Legal basis |
|---|---|
| Providing the app, syncing your content, account emails | Performance of a contract (Art. 6(1)(b)) |
| Photo and voice/text recipe capture you initiate | Consent (Art. 6(1)(a)) — you choose to capture; withdraw any time by not using it |
| Keeping accounts and the service secure | Legitimate interests (Art. 6(1)(f)) — securing the service |
You can withdraw consent at any time; this does not affect processing already carried out.
3. Third-party services (sub-processors)
We share the minimum data needed with:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication + database hosting | Account email, your saved content |
| Google Gemini (via our secure server proxy) | Convert recipe text and photos into structured recipes/plans | The recipe text or image you submit for capture |
| Google Play services | App distribution and platform functions | Platform-level identifiers |
| Sentry | Crash & error diagnostics | Crash reports: device model, OS/app version, error stack traces — no PII |
Recipe text and photos you submit for AI capture are processed by Google’s Gemini API through our server-side proxy. We send only what’s needed to perform the capture you requested. Our API keys are held server-side and are never shipped in the app.
4. Where your data is stored, international transfers, and security
Your content is stored in our database with row-level security so that each account can access only its own data. Data is encrypted in transit. Access is restricted to the operator for support and maintenance.
International transfers. We operate from Australia and use service providers (Supabase, Google, Sentry) that may process data in the United States and other countries, so your data may be transferred outside your home country — including outside the EEA/UK. Where we transfer personal data of EEA/UK users to a country without an “adequacy” decision, we rely on Standard Contractual Clauses (SCCs) (and the UK Addendum) with those providers as the transfer safeguard. You can request details of these safeguards via hello@kuchenly.com.
5. Data retention and deletion
We keep your account and content only for as long as your account is active (so the service works for you). When you delete your account, the account and its associated content are removed. You can delete your account from within the app (Settings → Delete account), or request deletion by contacting hello@kuchenly.com. Recipe photos sent for capture are processed transiently and are not retained after extraction. Backups, if any, are purged on our provider’s rolling schedule.
6. Your rights
To exercise any right below, use in-app account deletion or contact hello@kuchenly.com. We respond within the time your local law requires and do not discriminate against you for exercising your rights.
Australia. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth). You may access and correct your personal information. If you have a privacy concern we can’t resolve, you may complain to the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
EEA & UK (GDPR / UK GDPR). You have the rights to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority (in the EEA, your national Data Protection Authority; in the UK, the Information Commissioner’s Office, ico.org.uk). We do not use your data for automated decisions producing legal or similarly significant effects.
United States (California and similar states). You have the right to know what personal information we collect and how it’s used, to access and delete it, to correct it, and to opt out of sale/sharing — we do not sell or share personal information for cross-context behavioural advertising, so there is nothing to opt out of. We will not discriminate against you for exercising these rights. California residents may designate an authorised agent to make a request on their behalf.
7. Children’s privacy
Kuchenly is not directed to children under 15 and we do not knowingly collect their personal information. If you believe a child has provided us personal information, contact hello@kuchenly.com and we will delete it.
8. Changes to this policy
We may update this policy. Material changes will be reflected by the “Last updated” date above and, where appropriate, an in-app notice.
9. Contact
Questions or requests: hello@kuchenly.com.