Privacy Policy
Last Updated: June 25, 2026
1. Introduction
Welcome to CuocoMitra ("we", "our", or "us"). CuocoMitra is operated as a sole proprietorship registered in the Netherlands. We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection legislation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered kitchen assistant service - including our website and our iOS and Android mobile applications (together, the "Service").
This Privacy Policy forms part of our Terms of Service. Terms defined in the Terms of Service have the same meaning when used here.
2. Data Controller
The data controller responsible for the processing of your personal data is:
CuocoMitra - a sole proprietorship (eenmanszaak) owned by S.M. Abu Hena
Marathonstraat 54, 1442 VC Purmerend, Netherlands
KvK (Chamber of Commerce) number: 98279246
VAT (BTW) identification number: NL005321124B21
Email: privacy@cuocomitra.com
3. Information We Collect
We collect the following categories of personal data:
- Account Information: Name, email address, and authentication data from social logins (e.g., Google, Apple, Facebook).
- Profile & Dietary Information: Dietary preferences, allergies, dietary restrictions, cooking skill level, fitness goals, body metrics (if provided), and kitchen equipment. This data is used to personalise your experience and may be sensitive in nature - we process it only to deliver and improve the Service.
- Health & Fitness Data (mobile, optional): If you connect Apple Health (HealthKit) on iOS or Google Health Connect on Android, we read only the metrics you authorise - steps, active energy burned, workouts, body weight, height, and body-fat percentage - to calculate net calories and personalise your plan. The integration is read-only; we never read heart rate, sleep, blood pressure, or location. See Section 6b.
- User Content: Recipes you save or create, ingredients in your digital pantry/fridge, shopping lists, meal plans, and chat interactions with our AI assistants.
- AI Interaction Data: Conversations with our AI-powered assistants, including recipe queries, ingredient substitution requests, and meal planning conversations. This data is used to deliver responses and improve our AI features.
- Nutritional & Dietary Logs: Information about your diet profile, macro targets, nutrition logs, daily intake records, and food consumption patterns.
- Usage Data: Recipes viewed, search queries, feature usage, browsing history within the platform, and interaction patterns.
- Device & Technical Information: IP address, browser type, operating system, device model, app version, language, time zone, network information, anonymous device identifier, and crash diagnostics.
- Mobile Permission Data:Only when you grant the corresponding permission - camera (ingredient/recipe scanning), photo library (image upload for search), notifications (cooking timers, meal-plan reminders, account notices), Siri & voice input (hands-free meal and water logging via iOS App Intents), and optional location (used only to autofill your address if you choose to). You may revoke any of these permissions in your device settings at any time.
- Payment Information: If you subscribe to a paid Plan, our third-party payment processor (web) or the platform store (Apple App Store / Google Play, in-app) collects your payment details. We do not store full credit card numbers - we receive only a transaction reference, billing address, plan, and last four digits where provided.
4. Legal Bases for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service - account management, recipe recommendations, meal planning, AI-assisted features, and subscription management.
- Legitimate Interests (Art. 6(1)(f)): Improving the Service, ensuring security, preventing fraud, analysing usage patterns, and improving AI quality - where these interests are not overridden by your fundamental rights.
- Consent (Art. 6(1)(a)): Marketing communications, optional analytics, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
- Legal Obligation (Art. 6(1)(c)): Compliance with applicable Dutch and EU laws, including tax, accounting, and regulatory requirements.
Where we process special categories of data (e.g., health-related dietary restrictions or allergy information), we rely on your explicit consent (Art. 9(2)(a)) or the fact that you have manifestly made such data public by entering it into your profile.
5. How We Use Your Information
- Provide personalised recipe recommendations based on your preferences, dietary restrictions, allergens, and available ingredients
- Offer cooking assistance and meal planning through our AI-powered assistants
- Calculate and display estimated nutritional information for recipes and meal plans
- Manage your account, subscriptions, and AI Credit usage
- Process payments and manage billing (via third-party payment processors)
- Provide customer support and respond to your enquiries
- Improve and develop our services, including improving AI quality and accuracy
- Send you transactional communications (e.g., account confirmations, billing receipts)
- Send you marketing communications (only with your consent)
- Ensure the security and integrity of our platform
- Comply with legal obligations
6. AI Processing & Automated Decision-Making
CuocoMitra makes extensive use of AI technologies for recipe generation, ingredient matching, nutritional estimation, meal planning, and conversational assistance. Your interactions with these features are processed by third-party AI service providers.
Important information about AI data processing:
- Your chat messages, recipe queries, and dietary preferences may be sent to third-party AI providers (such as OpenAI and Google) to generate responses. We do not share your name, email, password, payment data, or account credentials with these providers - only the content necessary to generate a response.
- We do not use your personal data or User Content to train third-party AI models. If this ever changes, we will seek your explicit opt-in consent.
- AI systems can and do make mistakes. Recipes, ingredient suggestions, substitutions, nutritional estimates, and dietary recommendations are approximations and must not be treated as medical, clinical, or therapeutic advice.
- We do not use AI-generated outputs for fully automated decisions that produce legal or similarly significant effects on you. Under GDPR Article 22, you have the right not to be subject to such automated decision-making.
6a. Mobile Application Specifics
When you use the iOS or Android app, the following also applies:
- Subscriptions: In-app purchases of paid Plans are billed by Apple or Google and managed through our subscription-management provider. That provider receives your purchase events and the plan you bought, linked to your CuocoMitra account identifier (your internal user ID) so we can activate and restore your subscription across your devices. Apple and Google process the actual payment and any refunds, family sharing, and billing disputes under their own privacy policies.
- Facebook (Meta) login:If you choose "Continue with Facebook", we use Meta's SDK to authenticate you, and Meta processes the login data it receives as an independent controller under its own privacy policy. You can sign in with email, Google, or Apple instead.
- Push notifications: Sent only after you opt in. Used for cooking timers, reminders, and account notices. You can disable them in your device settings.
- Camera and photo library: Accessed only when you actively trigger an action (e.g. scan a recipe, attach a photo). Images may be sent to AI providers for analysis and are not retained by them for training.
- Advertising identifiers & tracking:The app does not collect the IDFA (iOS) or AAID (Android), does not ask you to opt in to App Tracking Transparency, and does not use your data for cross-app advertising or sell it to data brokers. The app does include Meta's SDK to offer "Continue with Facebook" login; when you use that option, Meta receives the limited login and measurement data described above. Meta's advertising-attribution component is present in the build, but we do not run advertising campaigns through it.
6b. Health & Fitness Data (Apple Health & Health Connect)
On mobile, you can optionally connect Apple Health (HealthKit) on iOS or Google Health Connect on Android so CuocoMitra can show your net calories and tailor your plan. This is entirely opt-in, and you control which data types you share.
- What we read: steps, active energy burned, workouts, body weight, height, and body-fat percentage - and only the types you authorise. The integration is read-only: we never write data back to Apple Health or Health Connect, and we never read heart rate, sleep, blood pressure, or location.
- How it is stored: the values you sync are stored on our own first-party infrastructure in the European Union and are used solely to operate the health and nutrition features you asked for.
- Never used for advertising, never sold: health and fitness data is not used for advertising or marketing, is not shared with data brokers, and is not sold - in line with Apple HealthKit and Google Health Connect requirements.
- Revoking access: you can disconnect at any time inside the app and revoke permissions in Apple Health or Health Connect settings. You can also request deletion of synced data under Section 10.
7. Personalisation
The Service personalises your experience based on data you provide (diet profile, allergens, preferences, kitchen equipment) and your usage patterns (recipes viewed, search history). This personalisation determines recipe recommendations, meal plan suggestions, and AI assistant behaviour.
This personalisation is not used for automated individual pricing. If we ever introduce personalised pricing, we will provide the specific disclosures required by EU law and obtain separate consent.
8. Nutritional Data Sources
Nutritional information in CuocoMitra is derived from multiple sources, including the USDA FoodData Central database, Open Food Facts (an open, collaborative food products database), and various branded food label research. AI-assisted matching is used to map recipe ingredients to nutrient profiles.
This nutritional data is provided for informational purposes only. CuocoMitra is not a medical application and nutritional information should not be used for medical, clinical, or therapeutic dietary decisions. See Section 12 of our Terms of Service for full details.
9. How We Share Your Information
We may share your information with the following categories of recipients:
- Cloud hosting & storage: We host the Service and store uploaded images (meal photos, profile pictures) with a cloud hosting and storage provider, with image storage located in the European Union (Frankfurt), under a GDPR-compliant data processing agreement.
- AI service providers (such as OpenAI and Google): Power recipe generation, conversational assistants, image analysis, and nutritional estimation. We share only the minimum content needed to generate a response (not your identity), under data processing agreements.
- Subscription & payment providers: Our subscription-management provider activates your plan; Apple and Google process the actual in-app payments as independent controllers, and a payment processor handles payments made on our website.
- Analytics & diagnostics providers: Website-analytics and error/performance-monitoring providers help us understand usage and collect crash diagnostics. Our error and performance monitoring is EU-resident. We use anonymised or pseudonymised data where possible, and analytics cookies load only with your consent.
- Authentication providers (Google, Apple, Meta/Facebook): If you use social login, the relevant provider authenticates you and shares basic profile data (such as name and email) as an independent controller under its own privacy policy.
- Open Food Facts: We query the Open Food Facts database to retrieve product and nutritional information. No personal data is shared with Open Food Facts.
- Legal & Regulatory: When required by law, court order, or regulatory authority, or to protect our rights, safety, or property.
We do not sell your personal information to third parties. We do not share your data for third-party advertising purposes.
A current list of the specific sub-processors we rely on is available on request at privacy@cuocomitra.com.
10. Your Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or the Netherlands, you have the following rights under the GDPR:
- Right of Access (Art. 15): Obtain a copy of your personal data we process and information about how we process it
- Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
- Right to Erasure (Art. 17):Request deletion of your personal data ("right to be forgotten") where applicable grounds exist
- Right to Restriction (Art. 18): Restrict processing of your personal data in certain circumstances
- Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
- Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
- Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority
To exercise these rights, contact us at privacy@cuocomitra.com. We will respond within 30 days as required by the GDPR. If your request is complex, we may extend this by up to two additional months, and we will inform you of any extension within the initial 30-day period.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, or destruction, in accordance with GDPR Article 32. These measures include:
- Encryption of data in transit (TLS) and at rest
- Access controls and role-based permissions
- Regular security assessments and monitoring
- Secure credential management (passwords are hashed, never stored in plaintext)
However, no system is completely secure. We cannot guarantee the absolute security of your information. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority and, where required, affected individuals in accordance with GDPR Articles 33 and 34.
12. Data Retention
We retain your personal data as follows:
- Account data: For the duration of your account, plus a reasonable period for backup and legal compliance (typically 30 days after account closure)
- AI conversation history: Retained to maintain your chat history and improve the Service; you may request deletion at any time
- Payment records: As required by Dutch tax and accounting law (typically 7 years)
- Usage and analytics data: Anonymised or pseudonymised data may be retained indefinitely for statistical purposes
When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.
13. Children's Privacy
Our Service is not intended for children under 16 years of age (in accordance with Dutch law). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@cuocomitra.com and we will take steps to delete such information promptly.
14. International Data Transfers
We keep personal data in the European Union wherever we can. Our error and performance monitoring is EU-resident, and uploaded images are stored in the EU (Frankfurt). Some processors are located outside the EEA - in particular our AI providers (such as OpenAI and Google), our website-analytics provider, and our subscription-management provider (United States). Where data is transferred outside the EEA, we ensure that such transfers comply with the GDPR by relying on:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other lawful transfer mechanisms recognised under the GDPR
You may request a copy of the relevant safeguards by contacting us at privacy@cuocomitra.com.
15. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience. In accordance with EU ePrivacy rules, we obtain your consent before placing non-essential cookies.
Essential cookies are necessary for the Service to function (e.g., authentication, session management) and do not require consent. Non-essential cookies (e.g., analytics, preferences) require your consent, which you can manage through our cookie settings or your browser configuration.
If you disable or refuse cookies, some features of the Service may become inaccessible or not function properly.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. For material changes, we will provide a prominent notice (e.g., in-app banner, email notification) and update the "Last Updated" date at the top of this page. We recommend reviewing this Privacy Policy periodically. Material changes take effect 30 days after notice unless applicable law requires otherwise.
17. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us at:
CuocoMitra - sole proprietorship (eenmanszaak), owner S.M. Abu Hena
Marathonstraat 54, 1442 VC Purmerend, Netherlands
KvK number: 98279246
VAT (BTW) number: NL005321124B21
Email: privacy@cuocomitra.com
You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens.