Privacy Policy

Last updated: February 2026

1. Who We Are

Home Cook Assistant is operated by KiloByte Software LLC, a Georgia limited liability company ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and share your information when you use the Home Cook Assistant application and related services (the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information: When you create an account, we collect your email address and display name. If you sign in with Google, we receive your name and email from Google's authentication service.

User Content: Recipes you create or import, pantry items, shopping lists, menu plans, and any other content you submit to the Service.

Usage Data: We log AI feature usage (timestamps, token counts, provider used) for credit tracking and service analytics. We collect aggregate usage statistics to improve the Service.

Device and Technical Data: IP addresses (for rate limiting and security), browser user-agent strings, and platform information (web, iOS, or Android).

API Keys (BYOK Users): If you choose to bring your own API keys, we store them in encrypted form (AES-256 via Fernet encryption) on our servers. Keys are only decrypted at the moment of use to make API calls on your behalf.

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service (store your recipes, manage your pantry, generate shopping lists)
  • Process AI requests (recipe parsing, generation, recommendations, chat)
  • Track credit usage and enforce rate limits
  • Send transactional emails (account confirmation, security notices)
  • Send promotional emails about new features (you may opt out at any time)
  • Prevent abuse and ensure security (rate limiting, SSRF protection)
  • Generate aggregate, anonymized analytics to improve the Service

We do not sell your personal information to third parties.

4. Third-Party Services

We use the following third-party services that may process your data:

Supabase: Database hosting and user authentication. Your account data and content are stored on Supabase's infrastructure.

Google Gemini (Google AI): When you use AI features with the Gemini provider, your input text (recipe URLs, ingredient lists, chat messages) is sent to Google's API for processing.

Anthropic Claude: When you use AI features with the Claude provider, your input text is sent to Anthropic's API for processing.

Google Cloud Platform: Our servers run on Google Cloud Run.

Resend: We use Resend to deliver transactional and promotional emails. Your email address is shared with Resend for this purpose.

When using BYOK, your AI requests go directly through the provider's API using your own key — the same data is transmitted, but usage and billing are tied to your personal provider account rather than ours.

5. Data Storage and Security

Your data is stored on servers in the United States. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage of sensitive credentials (API keys encrypted with AES-256)
  • Row-level security policies on database tables
  • SSRF protection to prevent server-side request forgery
  • Security headers (HSTS, X-Content-Type-Options, X-Frame-Options)
  • Rate limiting to prevent abuse

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Collaborative Homes

When you create or join a "Home," your pantry items, shopping lists, and menu plans are shared with all members of that Home. Your display name and email are visible to other Home members. Recipes remain individually owned but can be shared within a Home. If you leave a Home, your contributed pantry and shopping list items remain with the Home.

7. Public Recipes

If you choose to publish a recipe, it becomes publicly accessible on the internet. Published recipes include the recipe title, ingredients, instructions, tags, and your display name as the author. Published recipes are indexed by search engines via our sitemap. You can unpublish a recipe at any time, which removes public access but does not guarantee removal from search engine caches.

8. Data Retention

We retain your account and content data for as long as your account is active. If your account is deleted (by you or by us), we will delete your personal data from our active systems. Some data may persist in encrypted backups for a limited period. Anonymized, aggregate data (such as usage statistics) may be retained indefinitely.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: You can view your data within the app at any time (recipes, pantry, shopping list, settings).

Correction: You can update your display name and other settings directly in the app.

Deletion: You can request account and data deletion by contacting us at hello@homecookassistant.app. We will process deletion requests within 30 days.

Data Export: You can request a copy of your data by contacting us at hello@homecookassistant.app.

Opt Out of Promotional Emails: Click the unsubscribe link in any promotional email, or contact us directly.

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and the right to request its deletion. If you are located in the European Economic Area, you have rights under the GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13 without parental consent. If you believe a child under 13 has provided us with personal information, please contact us at hello@homecookassistant.app and we will delete it promptly.

11. Cookies and Local Storage

The Service uses browser local storage and cookies for:

  • Authentication session management (Supabase auth tokens)
  • Theme and display preferences
  • Visitor identification for anonymous recipe ratings (localStorage only)

We do not use third-party tracking cookies or advertising cookies. We do not use any analytics tracking scripts (no Google Analytics, no Facebook Pixel, etc.).

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you within the app. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

KiloByte Software LLC
Email: hello@homecookassistant.app