ChefAI Logo

Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains what information ChefAI ("we", "us", "our") collects when you use our web app (the "Service"), how we use it, and the choices you have. By using the Service, you agree to the practices described here.

1. Information We Collect

a. Account information

When you sign up, we collect basic account details through Firebase Authentication, such as your email address and, if you sign in with a third-party provider (e.g. Google), the name and profile information that provider shares with us.

b. Photos you upload

When you generate a recipe, the photo you upload is sent to our AI provider (Google's Gemini model, via Google Genkit) to identify the dish and produce a structured recipe. We do not use your photos for any purpose other than generating your recipe and operating the Service.

c. Content you create

We store the recipes you save, the collections you organize them into, your weekly meal plans, and the shopping lists you generate — all linked to your account so you can access them across sessions and devices.

d. Usage and subscription data

We track limited usage data needed to operate the Service and enforce tier limits, such as your number of photo-to-recipe generations and your subscription status (free or Pro, renewal dates, etc.).

e. Payment information

If you subscribe to ChefAI Pro, payment is handled entirely by Stripe. We do not collect or store your full card details — Stripe processes your payment and shares with us only what we need to manage your subscription (such as your subscription status and billing period).

f. Local device data

Some preferences — such as your shopping list check-off state and theme (light/dark) — are stored locally in your browser (localStorage) rather than on our servers, so they stay on the device you're using.

2. How We Use Your Information

  • To create and maintain your account, and authenticate your sign-ins;
  • To generate recipes from the photos you upload and return structured results to you;
  • To provide core features: your recipe library, collections, meal planner, and shopping lists;
  • To enforce free-tier limits and manage Pro subscriptions and billing;
  • To respond to support requests and communicate important updates about the Service;
  • To detect, investigate, and prevent abuse, fraud, or violations of our Terms of Service;
  • To improve the reliability and quality of the Service.

3. How We Share Your Information

We do not sell your personal information. We share information only with the service providers that power ChefAI, and only as needed for them to perform their function:

  • Google Firebase — authentication and database storage (Firestore) for your account and content;
  • Google Gemini / Genkit — processing the photos you upload to generate recipes;
  • Stripe — payment processing and subscription management.

We may also disclose information if required by law, to protect the rights, property, or safety of ChefAI, our users, or others, or in connection with a merger, acquisition, or sale of assets (in which case we'll let you know before your information becomes subject to a different policy).

4. Data Retention

We retain your account and content for as long as your account is active. If you delete a recipe, collection, meal plan, or shopping list, it is removed from your library. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we need to retain certain records (for example, billing records) to comply with legal or accounting obligations.

5. Your Choices and Rights

  • Access and control: you can view, edit, and delete your saved recipes, collections, meal plans, and shopping lists directly within the Service.
  • Account deletion: contact us to request deletion of your account and associated personal data.
  • Subscription management: you can cancel your Pro subscription at any time; this stops future billing but does not retroactively delete data tied to your account unless you also request account deletion.
  • Depending on where you live, you may have additional rights under laws like the GDPR or similar regulations — including the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details below.

6. Security

We rely on Firebase's security infrastructure and apply access-control rules so that your data is only readable and writable by you (with sensitive fields like subscription status writable only by our backend). No method of storage or transmission is 100% secure, but we work to protect your information using industry-standard practices.

7. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so we can remove it.

8. International Data Transfers

Our service providers (including Google and Stripe) may process and store data in countries other than your own. By using the Service, you understand that your information may be transferred to and processed in such locations, which may have different data protection laws than your country.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (for example, by posting a notice on the Service or updating the "Last updated" date above). Continued use of the Service after changes take effect means you accept the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us at support@chefai.app.