Culin AI ("Culin," "we," "us," or "our") operates the Culin mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.
1. Information We Collect
1.1 Personal Information You Provide
When you create an account or use the App, we may collect the following information:
- Account Information: Email address, name, and profile information provided through Google Sign-In.
- AI Interactions: Messages you send to the AI chat assistant, recipe generation requests, and ingredient scan images. These are processed in real time to deliver AI responses and are not stored on our servers or used for AI model training purposes.
- Feedback Data: If you voluntarily submit feedback (ratings, comments, or reports) about AI-generated content, we collect the feedback along with the associated conversation context to improve service quality. Only feedback you explicitly submit is stored.
- Payment Information: Subscription tier selection and purchase history. Payment processing is handled entirely by Apple (App Store) and RevenueCat; we do not directly collect or store credit card or payment instrument details.
1.2 Information Collected Automatically
When you use the App, we automatically collect:
- Device Information: Device type, operating system version, unique device identifiers, and app version.
- Usage Data: Feature usage patterns, screen views, interaction events, error logs, and session information.
- Analytics Data: Aggregated usage statistics to improve App performance and user experience.
1.3 Information from Third-Party Services
We use Google Sign-In for authentication. When you sign in, we receive your name, email address, and profile picture from Google, subject to your Google account privacy settings.
1.4 Information We Do Not Collect
- User-Generated Content: All content you create within the App — including recipes, meal plans, and related data — is stored exclusively on your device. We do not have access to, collect, or store your user-generated content on our servers.
- Location Data: The App does not collect or process location data.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the App: Operate core features including recipe management, meal planning, AI chat, and ingredient scanning.
- AI Services: Process your messages, images, and requests through AI models in real time to generate recipes, identify ingredients, and provide conversational assistance. Your prompts and conversations with the AI are not stored on our servers and are not used to train AI models.
- Account Management: Authenticate your identity, manage your subscription, and enforce usage limits based on your subscription tier.
- Improve the App: Analyze usage patterns, diagnose technical issues, and enhance features based on aggregated user behavior.
- AI Quality Improvement: Use only voluntarily submitted feedback data (ratings, reports) to improve the quality and safety of AI-generated responses.
- Communication: Send transactional notifications related to your account, subscription, or App updates.
- Legal Compliance: Comply with applicable laws, regulations, and legal processes.
3. Legal Basis for Processing (GDPR)
We are based in Finland and process your personal data under the following legal bases in accordance with the EU General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract (Article 6(1)(b)) |
| Providing App features and AI services | Performance of a contract (Article 6(1)(b)) |
| Subscription management and billing | Performance of a contract (Article 6(1)(b)) |
| Analytics and App improvement | Legitimate interest (Article 6(1)(f)) |
| AI feedback and quality improvement | Consent (Article 6(1)(a)) — only when user voluntarily submits feedback |
| Marketing communications (if any) | Consent (Article 6(1)(a)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
4. Data Sharing and Third-Party Services
We share your information with the following categories of third-party service providers, solely for the purposes described in this Privacy Policy:
4.1 Infrastructure and Backend
Supabase (Backend-as-a-Service): Hosts our authentication system, user account data, and serverless functions. Supabase does not store your user-generated content (recipes, meal plans, etc.), which remains on your device. Supabase Privacy Policy
4.2 AI Processing
- OpenAI: Processes AI chat messages and recipe generation requests in real time. OpenAI Privacy Policy
- Google (Gemini): Processes AI chat messages and recipe generation requests in real time. Google Privacy Policy
We send the content of your AI interactions (messages, images for ingredient scanning) to these providers for real-time processing. Your prompts and messages are not stored by us and are not used for AI model training. AI providers process this data according to their own privacy policies and data processing agreements.
4.3 Subscription and Payments
- RevenueCat: Manages subscription state, entitlements, and purchase validation. RevenueCat Privacy Policy
- Apple (App Store): Processes payments for in-app purchases and subscriptions. Apple Privacy Policy
4.4 Analytics
PostHog (EU-hosted): Collects anonymized usage analytics hosted on EU infrastructure (eu.i.posthog.com). PostHog Privacy Policy
4.5 Authentication
Google Sign-In: Facilitates OAuth-based authentication. Google Privacy Policy
4.6 Other Disclosures
We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
- Comply with a legal obligation or valid legal process.
- Protect and defend our rights or property.
- Prevent or investigate possible wrongdoing in connection with the App.
- Protect the personal safety of users or the public.
We do not sell your personal data to third parties.
5. Data Storage and Security
5.1 Data Storage
- On-Device Storage: All user-generated content (recipes, meal plans, and related data) is stored exclusively on your device. We do not store, access, or back up this content on our servers.
- Cloud Storage: Only account data (authentication credentials, subscription status) is stored on Supabase infrastructure with encryption at rest.
- Regional Processing: Analytics data is processed on PostHog's EU infrastructure. Our backend infrastructure is hosted within the EU.
5.2 Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) for all network communications.
- Encryption at rest for stored account data.
- Row-Level Security (RLS) policies ensuring users can only access their own data.
- JWT-based authentication for all API requests.
- Secure OAuth flows for third-party authentication.
- Secure storage for sensitive credentials on-device.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the App's services. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of account, deleted upon account deletion |
| User-generated content (recipes, meal plans) | Stored on-device only; not retained by us |
| AI conversation history | Not stored on our servers; processed in real time only |
| AI feedback data (voluntarily submitted) | 12 months from submission, then anonymized or deleted |
| Analytics data | 12 months, then aggregated/anonymized |
| Subscription and billing records | As required by applicable tax and accounting laws |
When you delete your account, we delete or anonymize your personal data held on our servers within 30 days, except where retention is required by law. User-generated content stored on your device is managed entirely by you.
7. Your Rights
7.1 Rights Under GDPR (EEA, UK, Switzerland)
As a Finland-based company, we are directly subject to the GDPR. You have the following rights:
- Right of Access (Article 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Article 16): Request correction of inaccurate personal data.
- Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
- Right to Restriction of Processing (Article 18): Request that we limit how we use your data.
- Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object (Article 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent.
- Right to Lodge a Complaint: File a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local Data Protection Authority.
7.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information is collected about you.
- Know whether your personal information is sold or disclosed and to whom.
- Request deletion of your personal information.
- Opt out of the sale of your personal information (we do not sell personal data).
- Non-discrimination for exercising your CCPA rights.
7.3 Exercising Your Rights
To exercise any of these rights:
- Account Deletion: Use the "Delete Account" feature in App Settings. This permanently deletes your account and all associated data held on our servers.
- Data Export: Contact us to request a copy of your data.
- Other Requests: Contact us at the email address listed in Section 12.
We will respond to verified requests within 30 days (or as required by applicable law).
8. Device Permissions
The App may request the following device permissions:
| Permission | Purpose | Required |
|---|---|---|
| Camera | Scan ingredients using AI image recognition | Optional |
| Photo Library | Select images for ingredient scanning | Optional |
All permissions are optional and requested only when you use the corresponding feature. You can manage permissions at any time through your device's Settings.
9. Children's Privacy
The App is not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us.
10. International Data Transfers
Our company is based in Finland within the European Union. Your information may be transferred to and processed in countries outside the EU/EEA for the purpose of AI processing (e.g., to providers located in the United States).
Where we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Data processing agreements with our service providers.
- Adequacy decisions where applicable.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated Privacy Policy within the App and at https://culin.app/privacy.
- Updating the "Last Updated" date at the top of this document.
- Sending a notification through the App for significant changes.
Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
12. Contact Us
If you have questions or concerns about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us at:
For GDPR-related inquiries, you may also contact the Finnish Data Protection Ombudsman at https://tietosuoja.fi.
13. Data Protection Officer
If required under applicable law, you may contact our Data Protection representative at:
Email: dpo@culin.app
This Privacy Policy is effective as of January 30, 2026.