cloudcook ← Home
Draft — not legal review Placeholder language written by the founder, not a lawyer. Before CloudCook takes payment or expands beyond the beta, this document needs a real pass by qualified counsel (ideally one familiar with GDPR and CCPA). Questions: jjtoubia@gmail.com.

Privacy Policy.

Last updated: April 17, 2026 · Applies to all CloudCook users.

1. The short version

CloudCook is built so that your data lives in your own isolated database. We don't sell it, don't use it to train AI models, and share it only with the infrastructure vendors needed to run the service. You can export it anytime. You can delete it anytime.

2. What we collect

Account information:

  • Email address (required for sign-in and password reset).
  • Display name (optional, shown in the app UI).
  • A hashed password (we never see your actual password).
  • Sign-up timestamp and last sign-in timestamp.

Application content (stored in your tenant database):

  • Recipes you create, import, or generate.
  • Inventory items (pantry, fridge, freezer).
  • Meal plans and planned-meal servings.
  • Ratings, cooking history, and session notes.
  • Dietary restrictions and default servings preference.
  • Backup archives while they're being assembled for download.

Operational metadata:

  • AI usage logs — per-call token counts, model id, feature name, timestamp, estimated cost. Used for platform billing integrity and the admin "AI spend" view. Does not contain the prompt text or the AI response.
  • Server logs (request path, status code, duration) for debugging. Retained 30 days then rotated.

3. What we don't collect

  • We don't use analytics trackers, advertising pixels, or third-party fingerprinting scripts.
  • We don't track you across other websites.
  • We don't sell, rent, or trade your information with anyone.
  • We don't use your recipes, inventory, or AI conversations to train machine-learning models — ours or anyone else's.

4. Cookies

One cookie: the ASP.NET Core Identity authentication cookie, set when you sign in. It's HTTPS-only, HTTP-only (not readable by JavaScript), and expires on sign-out or after 14 days of inactivity. No tracking cookies, no analytics cookies.

5. Third-party processors

CloudCook uses a small number of vendors to operate the service. Your data flows to them only as needed:

  • Anthropic — processes your AI queries (recipe generation, meal planning, cook-mode chat). Anthropic's API terms state that they do not train on submitted content. Prompts contain the context needed for a good answer (your dietary rules, relevant inventory items, the recipe at hand) but never your email, password, or billing data.
  • Resend — delivers transactional email (password reset, account notifications). Receives your email address and the message content.
  • Fly.io — hosts the web application and stores your tenant database on an encrypted persistent volume. They have operational access to servers; they don't inspect application data in the ordinary course.
  • Open Food Facts — queried (without personal info) to resolve barcodes you scan. We send the barcode number; we don't send who scanned it.

6. Where your data lives

Application servers and databases run in Fly.io's primary region (currently US-East). Your tenant database is a SQLite file on a Fly volume, logically isolated per user. Backups you trigger are generated on-demand and streamed directly to your browser — we don't retain copies on the server after the download completes.

7. Data retention

  • Account + tenant data: kept until you delete your account, then removed within 7 days (immediately from the running database; up to 7 days longer in rolling Fly volume snapshots).
  • AI usage logs: retained indefinitely for billing reconciliation. These contain no personal content — only token counts, timestamps, and model ids.
  • Server logs: 30 days, then rotated.
  • Inactive accounts: we may delete accounts with no sign-in for 24+ months, with an email warning 30 days prior.

8. Your rights

You can, at any time, from the Account page:

  • Export everything — one click produces a ZIP of your full tenant database plus settings database.
  • Edit or delete individual records — recipes, inventory, meal plans, ratings, dietary rules are all editable and deletable from their respective pages.
  • Delete your account — removes your identity record and the entire tenant directory. Irreversible.

If you're in a jurisdiction with additional rights (GDPR, CCPA, etc.) and want to exercise something not covered by the in-app controls above, email jjtoubia@gmail.com and we'll handle it manually.

9. Security

Passwords are hashed with ASP.NET Core Identity's default hasher (PBKDF2, currently). All traffic is HTTPS via LetsEncrypt. Tenant databases are isolated per user at the file-system level; a compromise of one user's session can't reach another user's data. No system is perfectly secure, and this is a solo-operated beta — treat anything you put in with the same care you'd treat a recipe notebook, not a medical record.

10. Children

CloudCook is not directed at children under 13. If we learn we've collected data from someone under 13 without a parent or guardian's consent, we'll delete it.

11. Changes

We'll update this policy as the service evolves. Material changes (new processors, new data categories, changed retention) will be announced by email to the address on file before taking effect.

12. Contact

Privacy questions, data requests, or general concerns: jjtoubia@gmail.com.

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.