CuocoMitraCuocoMitra
Get started
CuocoMitra Logo

Privacy Policy

Last Updated: April 26, 2026

1. Introduction

Welcome to CuocoMitra ("we", "our", or "us"). CuocoMitra is operated as a sole proprietorship registered in the Netherlands. We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection legislation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered kitchen assistant service - including our website and our iOS and Android mobile applications (together, the "Service").

This Privacy Policy forms part of our Terms of Service. Terms defined in the Terms of Service have the same meaning when used here.

2. Data Controller

The data controller responsible for the processing of your personal data is:

CuocoMitra
Sole proprietorship registered in the Netherlands
KvK (Chamber of Commerce) number: [to be assigned upon registration]
Email: privacy@cuocomitra.com

3. Information We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, and authentication data from social logins (e.g., Google, Apple).
  • Profile & Dietary Information: Dietary preferences, allergies, dietary restrictions, cooking skill level, fitness goals, body metrics (if provided), and kitchen equipment. This data is used to personalise your experience and may be sensitive in nature - we process it only to deliver and improve the Service.
  • User Content: Recipes you save or create, ingredients in your digital pantry/fridge, shopping lists, meal plans, and chat interactions with our AI assistants.
  • AI Interaction Data: Conversations with our AI-powered assistants, including recipe queries, ingredient substitution requests, and meal planning conversations. This data is used to deliver responses and improve our AI features.
  • Nutritional & Dietary Logs: Information about your diet profile, macro targets, nutrition logs, daily intake records, and food consumption patterns.
  • Usage Data: Recipes viewed, search queries, feature usage, browsing history within the platform, and interaction patterns.
  • Device & Technical Information: IP address, browser type, operating system, device model, app version, language, time zone, network information, anonymous device identifier, and crash diagnostics.
  • Mobile Permission Data: Only when you grant the corresponding permission - camera (ingredient/recipe scanning), photo library (image upload for search), and notifications (cooking timers, meal-plan reminders, account notices). You may revoke any of these permissions in your device settings at any time.
  • Payment Information: If you subscribe to a paid Plan, our third-party payment processor (web) or the platform store (Apple App Store / Google Play, in-app) collects your payment details. We do not store full credit card numbers - we receive only a transaction reference, billing address, plan, and last four digits where provided.

4. Legal Bases for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service - account management, recipe recommendations, meal planning, AI-assisted features, and subscription management.
  • Legitimate Interests (Art. 6(1)(f)): Improving the Service, ensuring security, preventing fraud, analysing usage patterns, and improving AI quality - where these interests are not overridden by your fundamental rights.
  • Consent (Art. 6(1)(a)): Marketing communications, optional analytics, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable Dutch and EU laws, including tax, accounting, and regulatory requirements.

Where we process special categories of data (e.g., health-related dietary restrictions or allergy information), we rely on your explicit consent (Art. 9(2)(a)) or the fact that you have manifestly made such data public by entering it into your profile.

5. How We Use Your Information

  • Provide personalised recipe recommendations based on your preferences, dietary restrictions, allergens, and available ingredients
  • Offer cooking assistance and meal planning through our AI-powered assistants
  • Calculate and display estimated nutritional information for recipes and meal plans
  • Manage your account, subscriptions, and AI Credit usage
  • Process payments and manage billing (via third-party payment processors)
  • Provide customer support and respond to your enquiries
  • Improve and develop our services, including improving AI quality and accuracy
  • Send you transactional communications (e.g., account confirmations, billing receipts)
  • Send you marketing communications (only with your consent)
  • Ensure the security and integrity of our platform
  • Comply with legal obligations

6. AI Processing & Automated Decision-Making

CuocoMitra makes extensive use of AI technologies for recipe generation, ingredient matching, nutritional estimation, meal planning, and conversational assistance. Your interactions with these features are processed by third-party AI service providers.

Important information about AI data processing:

  • Your chat messages, recipe queries, and dietary preferences may be sent to third-party AI providers (such as OpenAI and Google) to generate responses. We do not share your name, email, password, payment data, or account credentials with these providers - only the content necessary to generate a response.
  • We do not use your personal data or User Content to train third-party AI models. If this ever changes, we will seek your explicit opt-in consent.
  • AI systems can and do make mistakes. Recipes, ingredient suggestions, substitutions, nutritional estimates, and dietary recommendations are approximations and must not be treated as medical, clinical, or therapeutic advice.
  • We do not use AI-generated outputs for fully automated decisions that produce legal or similarly significant effects on you. Under GDPR Article 22, you have the right not to be subject to such automated decision-making.

6a. Mobile Application Specifics

When you use the iOS or Android app, the following also applies:

  • Apple App Store / Google Play: Subscription billing, refunds, family sharing, and crash diagnostics for in-app purchases are processed by Apple or Google under their own privacy policies. We receive a pseudonymous purchase token and the plan you bought.
  • Push notifications: Sent only after you opt in. Used for cooking timers, reminders, and account notices. You can disable them in your device settings.
  • Camera and photo library: Accessed only when you actively trigger an action (e.g. scan a recipe, attach a photo). Images may be sent to AI providers for analysis and are not retained by them for training.
  • No advertising identifiers: The app does not collect IDFA (iOS) or AAID (Android), does not perform cross-app tracking, and does not share data with advertising networks.

7. Personalisation

The Service personalises your experience based on data you provide (diet profile, allergens, preferences, kitchen equipment) and your usage patterns (recipes viewed, search history). This personalisation determines recipe recommendations, meal plan suggestions, and AI assistant behaviour.

This personalisation is not used for automated individual pricing. If we ever introduce personalised pricing, we will provide the specific disclosures required by EU law and obtain separate consent.

8. Nutritional Data Sources

Nutritional information in CuocoMitra is derived from multiple sources, including the USDA FoodData Central database, Open Food Facts (an open, collaborative food products database), and various branded food label research. AI-assisted matching is used to map recipe ingredients to nutrient profiles.

This nutritional data is provided for informational purposes only. CuocoMitra is not a medical application and nutritional information should not be used for medical, clinical, or therapeutic dietary decisions. See Section 12 of our Terms of Service for full details.

9. How We Share Your Information

We may share your information with the following categories of recipients:

  • Cloud Hosting & Infrastructure Providers: For storing and serving the Service, operating under GDPR-compliant data processing agreements.
  • AI Service Providers: Third-party AI services that power recipe generation, conversational assistants, and nutritional analysis. We share only the minimum data necessary to generate responses (not your identity). Data processing agreements are in place.
  • Payment Processors: For processing subscription payments. They act as independent data controllers for payment data.
  • Analytics Providers: To understand usage patterns and improve the Service, using anonymised or pseudonymised data where possible.
  • Open Food Facts: We query the Open Food Facts database to retrieve product and nutritional information. No personal data is shared with Open Food Facts.
  • Legal & Regulatory: When required by law, court order, or regulatory authority, or to protect our rights, safety, or property.

We do not sell your personal information to third parties. We do not share your data for third-party advertising purposes.

10. Your Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the Netherlands, you have the following rights under the GDPR:

  • Right of Access (Art. 15): Obtain a copy of your personal data we process and information about how we process it
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Art. 17):Request deletion of your personal data ("right to be forgotten") where applicable grounds exist
  • Right to Restriction (Art. 18): Restrict processing of your personal data in certain circumstances
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority

To exercise these rights, contact us at privacy@cuocomitra.com. We will respond within 30 days as required by the GDPR. If your request is complex, we may extend this by up to two additional months, and we will inform you of any extension within the initial 30-day period.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, or destruction, in accordance with GDPR Article 32. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and role-based permissions
  • Regular security assessments and monitoring
  • Secure credential management (passwords are hashed, never stored in plaintext)

However, no system is completely secure. We cannot guarantee the absolute security of your information. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority and, where required, affected individuals in accordance with GDPR Articles 33 and 34.

12. Data Retention

We retain your personal data as follows:

  • Account data: For the duration of your account, plus a reasonable period for backup and legal compliance (typically 30 days after account closure)
  • AI conversation history: Retained to maintain your chat history and improve the Service; you may request deletion at any time
  • Payment records: As required by Dutch tax and accounting law (typically 7 years)
  • Usage and analytics data: Anonymised or pseudonymised data may be retained indefinitely for statistical purposes

When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.

13. Children's Privacy

Our Service is not intended for children under 16 years of age (in accordance with Dutch law). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@cuocomitra.com and we will take steps to delete such information promptly.

14. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including when processed by our AI service providers. We ensure that such transfers comply with the GDPR by relying on:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other lawful transfer mechanisms recognised under the GDPR

You may request a copy of the relevant safeguards by contacting us at privacy@cuocomitra.com.

15. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience. In accordance with EU ePrivacy rules, we obtain your consent before placing non-essential cookies.

Essential cookies are necessary for the Service to function (e.g., authentication, session management) and do not require consent. Non-essential cookies (e.g., analytics, preferences) require your consent, which you can manage through our cookie settings or your browser configuration.

If you disable or refuse cookies, some features of the Service may become inaccessible or not function properly.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide a prominent notice (e.g., in-app banner, email notification) and update the "Last Updated" date at the top of this page. We recommend reviewing this Privacy Policy periodically. Material changes take effect 30 days after notice unless applicable law requires otherwise.

17. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us at:

CuocoMitra
Registered in the Netherlands
KvK number: [to be assigned]
Email: privacy@cuocomitra.com

You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens.