Cooklyst is a mobile cooking application that helps users discover recipes, follow step-by-step cooking guides, and build a personal recipe collection. The app is operated and maintained by Cooklyst, reachable at privacy@cooklyst.app.
This Privacy Policy applies to the Cooklyst mobile application (available on Google Play and the Apple App Store), our website at cooklyst.app, and any related services or features we offer (collectively, the "Service").
This policy was last updated on April 6, 2026. We may update this policy periodically — see Section 9 for how we will notify you of changes.
Account Information
When you create a Cooklyst account, we collect:
- Name — used to personalise your in-app experience
- Email address — used for authentication, account recovery, and service communications
- Password — stored as a one-way cryptographic hash; we never store your plain-text password
- Profile photo (optional) — if you choose to upload one
You may also sign in via third-party providers (e.g., Google Sign-In), in which case we receive only the information those providers share with us under their own privacy policies.
Usage Data
We automatically collect information about how you use the app, including:
- Recipes viewed, saved, and cooked
- Search queries and filters applied
- Features and screens you interact with
- Session duration and frequency of use
- In-app preferences and settings
Device Information
We collect technical information about the device you use, including:
- Device model, operating system version, and unique device identifiers
- App version
- IP address (used for fraud prevention and approximate location)
- Crash reports and performance diagnostics
Optional: Recipe Photos
If you choose to upload photos of recipes or meals you have cooked, we store those images in order to display them within the app. This is entirely optional and requires your explicit action.
| Data type | Required? | Purpose |
|---|---|---|
| Name & email | Yes | Account creation & authentication |
| Usage data | Yes | App functionality & improvement |
| Device info | Yes | Security, crash reporting, performance |
| Profile photo | Optional | Personalisation |
| Recipe photos | Optional | Recipe collection display |
App Functionality
We use your information to operate and deliver the core features of Cooklyst: creating and managing your account, syncing your saved recipes across devices, providing personalised recipe recommendations, and enabling the step-by-step cooking mode.
Personalisation
We use your saved recipes, dietary preferences, and browsing behaviour to surface content that is relevant to you — such as recommending recipes based on ingredients you frequently use or cuisines you enjoy.
Analytics & Product Improvement
Aggregated and anonymised usage data helps us understand how the app is used so we can fix bugs, improve performance, and build features our users actually want. We use industry-standard analytics tools (see Section 4) for this purpose.
Communications
We may contact you by email for the following reasons:
- Transactional messages — password resets, account security alerts
- Service announcements — important updates about the app or this policy
- Marketing emails — only if you have opted in; you can unsubscribe at any time
Legal Basis for Processing (GDPR)
Where applicable, we rely on the following legal bases: contract performance (to provide the Service you signed up for), legitimate interests (to improve the app and prevent fraud), and consent (for optional features and marketing emails).
Service Providers
We share data with a small number of trusted third-party service providers who help us operate the app. These providers process data only on our behalf and under strict data-processing agreements:
| Provider | Purpose | Data shared |
|---|---|---|
| Firebase (Google) | Authentication, database, cloud storage, crash reporting | Account data, usage events, crash logs |
| Google Analytics for Firebase | In-app analytics and product metrics | Anonymised usage data, device info |
| Email provider | Transactional and notification emails | Email address only |
Legal Disclosures
We may disclose your information if required to do so by law or in response to valid legal process (e.g., a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the app before your data becomes subject to a different privacy policy.
Active Accounts
We retain your personal data for as long as your account is active or as needed to provide you with the Service. You can review and update your information at any time from the in-app settings screen.
Account Deletion
You may request permanent deletion of your account and associated personal data at any time by:
- Navigating to Settings → Account → Delete Account within the app, or
- Emailing us at privacy@cooklyst.app with the subject line "Account Deletion Request"
Upon receiving a valid deletion request, we will permanently delete your personal data within 30 days. Some data may be retained for a limited additional period where required by law (e.g., financial records) or for legitimate security purposes (e.g., fraud prevention logs), after which it is deleted.
Analytics & Aggregated Data
Aggregated, anonymised analytics data that cannot be linked back to you may be retained indefinitely for product research and improvement.
Depending on your location, you may have the following rights regarding your personal data:
For All Users
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request that we delete your personal data (see Section 5)
- Opt-out of marketing — unsubscribe from marketing emails at any time via the link in any email or by contacting us
EU / UK Residents (GDPR)
In addition to the above, if you are located in the European Economic Area or the United Kingdom, you have the right to:
- Data portability — receive your data in a structured, machine-readable format
- Restriction of processing — ask us to limit how we use your data in certain circumstances
- Object to processing — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing
- Lodge a complaint — with your local supervisory authority (e.g., the ICO in the UK)
California Residents (CCPA / CPRA)
California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information. To exercise your rights, contact us at privacy@cooklyst.app. We will respond within 45 days.
Cooklyst is not directed at, and we do not knowingly collect personal information from, children under the age of 13 (or the applicable age of digital consent in your jurisdiction — for example, 16 in certain EU member states).
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@cooklyst.app. We will take prompt steps to delete such information from our systems.
If we become aware that we have inadvertently collected personal information from a child under the relevant age threshold, we will delete it without delay.
We take the security of your personal information seriously and implement industry-standard technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
- Encryption in transit — all data transmitted between the app and our servers uses TLS (HTTPS)
- Encryption at rest — sensitive data stored in our databases is encrypted at rest
- Password hashing — passwords are hashed using industry-standard algorithms (we never store plain-text passwords)
- Access controls — access to production data is restricted to authorised personnel on a need-to-know basis
- Firebase security rules — we use Firebase Security Rules to prevent unauthorised read/write access to user data
- Regular security reviews — we periodically review our security practices and update them as threats evolve
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. If you suspect a security incident involving your account, please contact us immediately at privacy@cooklyst.app.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:
- Update the "Last updated" date at the top of this page
- Send a notification to the email address associated with your account for any material changes
- Display a prominent in-app notice for significant changes before they take effect
Your continued use of Cooklyst after the effective date of an updated policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you may close your account at any time (see Section 5).
We encourage you to review this policy periodically to stay informed about how we protect your information.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to reach out:
- Email: privacy@cooklyst.app
- Website: cooklyst.app
We aim to respond to all privacy-related enquiries within 5 business days and to resolve any requests within the timeframes required by applicable law.
Have a privacy question?
Our team typically responds within 5 business days.
✉️ privacy@cooklyst.app