1. Introduction
This Privacy Policy describes how ChefBear ("we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with the ChefBear mobile application (the "App") and related services, and explains your rights and choices regarding your personal information. This policy applies to users located in the United States and is intended to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), and other applicable U.S. state privacy laws.
By using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the App.
2. Categories of Personal Information Collected
The following table describes the categories of personal information we have collected from consumers in the preceding twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Email address, unique user ID, Apple ID token, Google account ID, device identifiers | Yes |
| B. Personal Information (Cal. Civ. Code § 1798.80(e)) | Name (if provided during account creation), email address | Yes |
| C. Protected Classification Characteristics | None | No |
| D. Commercial Information | Subscription purchase history, in-app purchase records managed by Apple App Store and RevenueCat | Yes |
| E. Biometric Information | None | No |
| F. Internet or Network Activity | App usage data, feature interaction logs, crash reports, API call logs | Yes |
| G. Geolocation Data | Approximate location (if granted by user, for restaurant context only) | Optional |
| H. Sensory Data | Camera images of restaurant menus (processed locally or transmitted for AI analysis; not stored on our servers) | Yes |
| I. Professional or Employment Information | None | No |
| J. Non-Public Education Information | None | No |
| K. Inferences | Dietary preferences, cuisine preferences, allergen profiles (derived from user-provided settings) | Yes |
| L. Sensitive Personal Information | Camera-captured menu images (sensory data processed for core functionality); dietary/allergen preferences you voluntarily provide | Yes |
3. Categories of Sources of Personal Information
We collect personal information from the following categories of sources:
- Directly from you: Information you provide when creating an account, setting preferences, capturing menu images, or contacting support.
- Automatically from the App: Device information, usage data, crash reports, and performance metrics collected automatically when you use the App.
- Third-party authentication providers: Firebase Authentication (Google, Apple Sign-In, email/password) provides account identifiers and authentication tokens.
- Third-party service providers: RevenueCat provides subscription and purchase status; Firebase Crashlytics provides crash diagnostics.
4. Business and Commercial Purposes for Collecting Personal Information
We collect and use personal information for the following business and commercial purposes:
- Providing the Service: To operate the App's core features, including menu scanning, AI-powered dish recognition, personalized recommendations, and AI-generated dish images.
- Account management: To create and manage your user account, authenticate your identity, and maintain your preferences.
- Subscription management: To process and manage subscriptions, verify entitlements, and facilitate billing through the Apple App Store and RevenueCat.
- Improving the Service: To analyze usage patterns, diagnose technical issues, fix bugs, and improve App performance and user experience.
- Safety and security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
- Communications: To respond to your inquiries, send service-related notices, and provide customer support.
- Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
5. Categories of Third Parties with Whom We Share Personal Information
We may disclose personal information to the following categories of third parties for the business purposes described above:
- Firebase Authentication (Google LLC): Receives account identifiers and authentication tokens to provide sign-in and account management services.
- Firebase Crashlytics (Google LLC): Receives crash logs, device information, and anonymized usage data to diagnose and fix application errors.
- RevenueCat, Inc.: Receives anonymized user identifiers and purchase/subscription data to manage subscription entitlements and billing status.
- AI Service Providers (e.g., OpenAI, Google Gemini, Anthropic): Receive menu text, dish names, user-specified dietary preferences, and menu images solely for the purpose of generating dish information, translations, recommendations, and AI-generated dish images. We do not send your account credentials, name, or device identifiers to AI providers.
- Apple Inc. (App Store): Processes subscription and in-app purchase transactions.
We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.
6. We Do Not Sell or Share Your Personal Information
ChefBear does not sell your personal information. We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We also do not "share" your personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.
Because we do not sell or share personal information, we are not required to offer an opt-out mechanism for the sale or sharing of personal information. However, if our practices change in the future, we will update this policy and provide appropriate notice and opt-out mechanisms.
7. Your California Privacy Rights
If you are a California resident, you have the following rights under the CCPA/CPRA. You may exercise these rights free of charge, and we will not discriminate against you for doing so:
Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which personal information is collected, the business or commercial purposes for collecting personal information, and the categories of third parties with whom we share personal information.
Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions provided by law (e.g., where retention is necessary to complete a transaction, detect security incidents, comply with legal obligations, or for certain internal uses compatible with the context in which the information was provided).
Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes for processing it.
Right to Opt-Out of Sale/Sharing
As stated above, we do not sell or share your personal information. Should this change, you will have the right to opt out of such sale or sharing.
Right to Limit Use of Sensitive Personal Information
You have the right to limit our use of sensitive personal information to purposes necessary to provide the services you request. The sensitive personal information we collect (camera-captured menu images and dietary preferences) is used solely for the App's core functionality and is not used for purposes that would require offering this right under the CCPA/CPRA. Nevertheless, you may contact us to make such a request.
How to Exercise Your Rights
To submit a verifiable consumer request to know, delete, or correct your personal information, please contact us at:
- Email: chefbearsupport@icloud.com
We will verify your identity before fulfilling your request by matching information you provide with information we have on file. We will respond to your request within forty-five (45) days. If we need more time, we will inform you of the reason and the extension period (up to an additional 45 days). You may designate an authorized agent to submit a request on your behalf; we may require the agent to provide proof of authorization.
8. Sensitive Personal Information
Under the CCPA/CPRA, certain types of personal information are considered "sensitive." The sensitive personal information we process includes:
- Camera data (sensory data): When you use the menu scanning feature, the App accesses your device camera to capture images of restaurant menus. These images are processed to extract menu text and are transmitted to our AI service providers solely for the purpose of dish recognition, translation, and recommendation. Menu images are processed in real-time and are not permanently stored on our servers. Temporary processing may occur in the AI provider's infrastructure subject to their data handling policies.
- Dietary/allergen preferences: You may voluntarily provide dietary restrictions and allergen information. This is used solely to personalize dish recommendations and is stored in your user profile.
We use sensitive personal information only as necessary to provide the services you request and do not use it for purposes that would require offering you the right to limit its use under the CCPA/CPRA.
9. Biometric Information
We do not collect biometric identifiers or biometric information. The App does not use facial recognition, fingerprint scanning, voiceprint analysis, or any other biometric technology. While the App uses your device camera to capture menu images, no biometric data is extracted, generated, or stored from these images.
10. Artificial Intelligence and Machine Learning Disclosure
ChefBear uses artificial intelligence (AI) and machine learning (ML) technologies to provide its core services. We believe in transparency about how these technologies process your data:
- Menu text extraction: AI models analyze camera-captured images of restaurant menus to identify and extract dish names, descriptions, and prices.
- Dish recognition and information: AI models process extracted menu text to provide dish descriptions, ingredient information, preparation methods, and translations.
- Personalized recommendations: AI models use your stated dietary preferences, allergen information, and cuisine preferences to generate personalized dish recommendations.
- AI-generated dish images: When a menu does not include photographs, AI image generation models create illustrative images based on dish names and descriptions. These images are AI-generated illustrations, not actual photographs of specific dishes.
Data sent to AI providers for processing is used solely to generate responses for you. As of the effective date of this policy, our AI providers' API terms state that data submitted through their APIs is not used to train or improve their models unless the customer explicitly opts in. We have not opted in to any such training programs.
AI-generated content (including dish descriptions, recommendations, and images) is provided for informational and illustrative purposes only. It should not be relied upon as medical advice, dietary guidance, or a guarantee of any restaurant's actual offerings, ingredients, or preparation methods.
11. Data Retention
We retain personal information for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information (email, user ID) | Duration of account existence, plus 30 days after deletion request |
| User preferences (dietary, allergens, language) | Duration of account existence |
| Camera-captured menu images | Not stored on our servers; processed in real-time only |
| AI processing inputs (menu text, prompts) | Not stored beyond the request/response cycle; AI providers may retain for up to 30 days for abuse monitoring per their policies |
| Crash reports and diagnostics | 90 days (Firebase Crashlytics default) |
| Subscription and purchase records | Duration of account existence, plus as required by tax and accounting laws (typically up to 7 years) |
| Cached dish data (on-device) | Until you clear app data or uninstall the App; not stored on our servers |
When personal information is no longer needed for the purposes for which it was collected, or upon a verified deletion request, we will securely delete or anonymize such information, unless retention is required by law.
12. Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights under the CCPA/CPRA or other applicable law. Specifically, unless permitted by law, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
13. Children's Privacy
This App is not intended for children under 13. We do not knowingly collect personal information from children under the age of 13. If we learn that we have inadvertently collected personal information from a child under 13, we will promptly take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at chefbearsupport@icloud.com so we can take appropriate action.
We also do not knowingly sell or share the personal information of consumers under 16 years of age.
14. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest;
- Secure authentication via Firebase Authentication;
- Access controls limiting employee and contractor access to personal information;
- Regular security assessments of third-party service providers.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy within the App or on our website with a revised "Last updated" date. If the changes are significant, we may provide additional notice (e.g., an in-app notification). Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
- Email: chefbearsupport@icloud.com
When contacting us, please include sufficient detail to help us understand and respond to your request. We will make every effort to respond to your inquiry within a reasonable timeframe.