1. Introduction
ChefBear ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ChefBear mobile application and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
Data Controller: ChefBear
Contact: chefbearsupport@icloud.com
2. Data We Collect
We collect the following categories of personal data:
| Category | Data Collected | Collection Method |
|---|---|---|
| Account | Email address, display name, profile photo (optional), authentication tokens | User-provided at registration or via third-party sign-in (Apple, Google) |
| Device | Device model, operating system version, unique device identifiers, language & locale settings | Automatically collected |
| Camera | Menu images captured for scanning; images are processed and not permanently stored on our servers unless you save them | User-initiated camera capture |
| Usage | App feature usage, screen views, interaction events, search queries, saved dishes and preferences | Automatically collected via analytics |
| Purchase | Subscription status, purchase receipts, transaction IDs (payment details are handled entirely by Apple App Store/Google Play) | Via App Store / Google Play APIs |
| Crash & Diagnostics | Crash logs, performance metrics, error reports, stack traces | Automatically collected via crash reporting SDKs |
| AI Interaction | Menu scan inputs, AI-generated dish descriptions and images, user feedback on AI results, prompt metadata | Generated during AI feature usage |
3. How We Use Your Data
We use the collected data for the following purposes:
| Purpose | Data Categories Used |
|---|---|
| Provide and maintain the Service | Account, Device, Camera, AI Interaction |
| Process menu scans and generate AI dish descriptions & images | Camera, AI Interaction, Device |
| Personalize your experience and recommendations | Usage, AI Interaction, Account |
| Process and manage subscriptions | Account, Purchase |
| Improve and optimize the Service | Usage, Crash & Diagnostics, AI Interaction |
| Communicate with you (support, updates, announcements) | Account |
| Ensure security and prevent fraud | Device, Account, Usage |
| Comply with legal obligations | All categories as required |
4. Legal Basis for Processing
Depending on your jurisdiction, we process your personal data on one or more of the following legal bases:
- Consent: Where you have given explicit consent (e.g., camera access, optional analytics). You may withdraw consent at any time.
- Contract: Processing necessary to perform our contract with you (e.g., providing the Service, managing your subscription).
- Legitimate Interest: Processing necessary for our legitimate interests (e.g., improving the Service, security, fraud prevention), provided these interests do not override your fundamental rights.
- Legal Obligation: Processing necessary to comply with applicable laws and regulations.
5. AI & Automated Processing
ChefBear uses artificial intelligence and machine learning to provide core features including menu text recognition, dish identification, description generation, and AI-generated illustrative images of dishes.
- Menu images you capture are sent to our AI processing services to extract text, identify dishes, and generate descriptions.
- AI-generated images are illustrative representations and are not photographs of actual dishes. They are clearly labeled as AI-generated within the app.
- No profiling for legal effects: We do not use automated decision-making that produces legal or similarly significant effects on you.
- AI training: We may use aggregated, de-identified interaction data to improve our AI models. Individual menu images are not used to train third-party AI models without your explicit consent.
- You have the right not to be subject to decisions based solely on automated processing. Contact us if you wish to request human review of any automated decision.
6. Third-Party Services
We use the following third-party services that may receive your data:
| Service | Provider | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|---|
| Firebase Authentication | Google LLC | Email, auth tokens | User authentication | Link |
| Firebase Crashlytics | Google LLC | Crash logs, device info | Crash reporting & stability | Link |
| Firebase Analytics | Google LLC | Usage events, device info | App analytics | Link |
| RevenueCat | RevenueCat, Inc. | Purchase receipts, subscription status | Subscription management | Link |
| OpenAI API | OpenAI, L.L.C. | Menu text, prompts for image generation | AI dish recognition & image generation | Link |
| Apple App Store | Apple Inc. | Purchase & subscription data | Payment processing | Link |
| Google Play Store | Google LLC | Purchase & subscription data | Payment processing | Link |
These third-party services have their own privacy policies governing how they handle your data. We encourage you to review them.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
- Account data: Retained while your account is active, and for up to 30 days after deletion request to allow recovery.
- Camera/menu images: Processed in real-time and not permanently stored on our servers unless explicitly saved by you. Cached images on-device are managed by the app and can be cleared at any time.
- Usage & analytics data: Retained in aggregated or de-identified form for up to 24 months.
- Crash logs: Retained for up to 12 months.
- Purchase records: Retained as required by applicable tax and accounting laws (typically 5–7 years).
- AI interaction data: Prompt/response pairs may be retained in de-identified form for up to 12 months for quality improvement. Individual images are deleted within 30 days of processing.
When data is no longer needed, it is securely deleted or irreversibly anonymized.
8. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
Where required by applicable law, we ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Adequacy decisions by relevant data protection authorities
- Binding Corporate Rules where applicable
- Your explicit consent where other safeguards are not available
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. We honor these rights for all users to the maximum extent practicable:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal data.
- Deletion: Request that we delete your personal data, subject to legal retention requirements.
- Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
- Object: Object to the processing of your personal data for certain purposes, including direct marketing.
- Restriction: Request that we restrict the processing of your personal data under certain circumstances.
- Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
- Automated Decisions: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you.
- Complaint: Lodge a complaint with your local data protection authority if you believe your rights have been violated.
To exercise any of these rights, contact us at chefbearsupport@icloud.com. We will respond within 30 days (or sooner if required by applicable law).
10. Children's Privacy
ChefBear is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at chefbearsupport@icloud.com, and we will take steps to delete such information promptly.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication for internal systems
- Regular security assessments and monitoring
- Secure development practices
While we strive to protect your personal data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable laws.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by other appropriate means before the changes take effect. The "Effective Date" at the top of this policy indicates when it was last revised.
Your continued use of the Service after any changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ChefBear Privacy Team
Email: chefbearsupport@icloud.com