Last updated: March 13, 2026
This Privacy Policy ("Policy") describes how Pick & Cook ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Pick & Cook mobile application and related services (collectively, the "Application"). By accessing or using the Application, you acknowledge that you have read, understood, and consent to the practices described in this Policy.
DISCLAIMER: This document is provided for informational purposes only and does not constitute legal advice. Consult a qualified attorney before relying on this policy.
1.1 Pick & Cook acts as the data controller for personal data processed through the Application, as defined under the European Union General Data Protection Regulation ("GDPR") and other applicable data protection laws.
1.2 For questions regarding our data processing practices, you may contact our Privacy Contact at: pickncook0@gmail.com
We collect information you provide during account registration, including your username and a cryptographically hashed password. If you provide an email address for account recovery or communication purposes, we store that information as well.
The Application processes health-related and nutritional data, including but not limited to: (a) caloric intake and macronutrient data (protein, carbohydrates, fats, sodium, fiber, etc.); (b) meal logs and dietary history; (c) allergen profiles and dietary restrictions; (d) nutritional goals and progress tracking; and (e) data exchanged with Apple HealthKit when integration is enabled. This data may constitute "sensitive personal data" or "special category data" under applicable data protection laws, and we process it with heightened safeguards.
We collect and store information about the ingredients in your pantry, shopping lists, meal plans, saved recipes, and dietary preferences. This data is stored locally on your device and, if you enable Cloud Sync, on our servers.
When you use the Store Finder feature, the Application may access your device's geolocation data to identify nearby grocery stores via the Google Places API. Location data is processed transiently for this purpose only, is not stored on our servers, and is not used for profiling or behavioral tracking.
If you submit product edits, barcode scans, ingredient information, or recipe contributions, this User Content is associated with your account and may be visible to other users and moderators for quality assurance and community purposes.
We may automatically collect certain technical information, including device type, operating system version, application version, and anonymized usage analytics to improve Application performance and user experience.
We process your personal data on the following legal bases, as applicable under the GDPR and similar data protection frameworks:
3.1 Contractual Necessity. Processing of account information, pantry data, and recipe data is necessary for the performance of our contract with you (i.e., providing the Application's services).
3.2 Consent. Processing of Health Data (including Apple HealthKit integration), location data, and Cloud Sync is based on your explicit, informed consent, which you may withdraw at any time through the Application's settings.
3.3 Legitimate Interests. Processing of device and usage data for Application improvement, security, and fraud prevention is based on our legitimate business interests, balanced against your rights and freedoms.
3.4 Legal Obligation. We may process personal data as required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
We use your personal data for the following purposes:
(a) To provide, operate, maintain, and improve the Application's core functionality, including pantry management, recipe recommendations, and nutritional tracking;
(b) To track and display your nutritional goals, caloric intake, and dietary progress;
(c) To synchronize your data across devices when Cloud Sync is enabled;
(d) To display personalized allergen warnings based on your allergy profile;
(e) To facilitate community contributions, including product edits, barcode data, and recipe sharing;
(f) To enable the Store Finder feature using your location (with your express permission);
(g) To exchange nutritional data with Apple HealthKit (with your express permission);
(h) To communicate with you regarding service updates, security alerts, and account notifications;
(i) To detect, prevent, and address fraud, abuse, security vulnerabilities, and technical issues; and
(j) To comply with applicable legal obligations and enforce our Terms of Service.
5.1 Integrated Third-Party Services. The Application integrates with the following third-party services, each of which may receive limited data necessary to provide their respective functionality:
(a) Google Places API — receives location queries to provide grocery store location results for the Store Finder feature. Subject to Google's Privacy Policy.
(b) USDA FoodData Central — receives food product queries to retrieve nutritional information. Operated by the U.S. Department of Agriculture.
(c) Edamam API — receives recipe and food queries to return nutritional analysis and recipe data. Subject to Edamam's Privacy Policy.
(d) Open Food Facts — receives barcode and product queries to retrieve product information and nutritional data. An open-source, community-driven database.
(e) Apple HealthKit — reads and writes nutritional data to Apple Health on your device when integration is enabled. Governed by Apple's Privacy Policy.
(f) OpenAI — provides natural language processing for the Nomi AI recommendation assistant and intelligent notification features. Data sent to OpenAI's API includes your natural language queries, anonymized dietary preferences, and ingredient category information. We do not send your username, password, or other directly identifiable information to OpenAI. Data is processed in accordance with OpenAI's data usage policy; OpenAI does not use data submitted via its API to train its models. See OpenAI's privacy policy at https://openai.com/privacy.
(g) Open-Meteo API — receives approximate geographic location data to provide weather information used to improve the contextual relevance of meal recommendations (e.g., suggesting warm soups in cold weather). Open-Meteo is an open-source weather API and does not store personally identifiable information.
5.2 No Sale of Personal Data. We do not sell, rent, or lease your personal data to third parties for their marketing or advertising purposes.
5.3 Disclosure Circumstances. We may disclose your personal data: (a) to comply with a legal obligation, court order, or governmental request; (b) to protect and defend our rights, property, or safety; (c) to enforce our Terms of Service; (d) in connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality obligations; or (e) with your prior consent.
6.1 If you access the Application from outside the United States, your personal data may be transferred to, stored, and processed in the United States or other jurisdictions where our servers or service providers are located.
6.2 For transfers of personal data from the European Economic Area ("EEA"), the United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected in accordance with applicable law.
7.1 We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including but not limited to:
(a) Encryption of data in transit using TLS/HTTPS protocols;
(b) Cryptographic salting and hashing of passwords using industry-standard algorithms;
(c) Secure cloud infrastructure with access controls and regular security audits;
(d) Secure local storage on your device using platform-provided encryption; and
(e) Principle of least privilege access controls for internal personnel.
7.2 Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal data and shall not be liable for any unauthorized access resulting from circumstances beyond our reasonable control.
8.1 Active Accounts. Your personal data is retained for as long as your account remains active and as necessary to provide you with the Application's services.
8.2 Account Deletion. Upon your request to delete your account, we will permanently erase your personal data from our servers within thirty (30) calendar days, subject to any legal obligations requiring longer retention.
8.3 Anonymized Data. Community contributions (such as product edits, barcode data, and recipes) may be retained in anonymized or de-identified form after account deletion, such that the data can no longer be linked to your identity.
8.4 Legal Retention. We may retain certain data beyond the above periods where required by applicable law, regulation, or legal proceedings, or to establish, exercise, or defend legal claims.
Subject to applicable law, you have the following rights with respect to your personal data:
9.1 Right of Access. You have the right to request confirmation of whether we process your personal data and to obtain a copy of such data.
9.2 Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure. You have the right to request deletion of your personal data, subject to applicable legal retention requirements.
9.4 Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request transmission of such data to another controller where technically feasible.
9.5 Right to Restriction. You have the right to request restriction of processing of your personal data under certain circumstances, such as when you contest the accuracy of your data.
9.6 Right to Object. You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
9.7 Right to Withdraw Consent. Where processing is based on your consent (e.g., Cloud Sync, Apple HealthKit integration), you may withdraw your consent at any time through the Application's settings without affecting the lawfulness of processing prior to withdrawal.
To exercise any of the above rights, please contact us at pickncook0@gmail.com. We will respond to your request within thirty (30) days, or such shorter period as required by applicable law.
10.1 The Application is not directed at, and we do not knowingly collect personal information from, children under the age of thirteen (13) in compliance with the U.S. Children's Online Privacy Protection Act ("COPPA").
10.2 If we become aware that we have inadvertently collected personal data from a child under 13, we will take reasonable steps to promptly delete such data from our records.
10.3 If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at pickncook0@gmail.com.
11.1 If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:
(a) Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your data;
(b) Right to Delete: The right to request deletion of your personal information, subject to certain exceptions;
(c) Right to Opt-Out of Sale: We do not sell your personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" mechanism;
(d) Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
11.2 To submit a verifiable consumer request, please contact us at pickncook0@gmail.com. We will verify your identity before processing your request and will respond within forty-five (45) days.
12.1 If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, you are entitled to the rights set forth in Section 9 of this Policy, as well as the following additional protections under the General Data Protection Regulation ("GDPR"):
(a) The right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe your data protection rights have been violated;
(b) The right to be informed of appropriate safeguards for international data transfers as described in Section 6;
(c) The right to obtain human intervention in any automated decision-making or profiling that produces legal effects or similarly significant effects concerning you.
12.2 Pick & Cook does not engage in automated decision-making or profiling that produces legal or similarly significant effects on Users.
13.1 The Application is primarily a mobile application and does not use browser cookies in its native form. However, if you access any web-based interfaces associated with the Application, we may use:
(a) Essential Cookies: Required for the proper functioning of authentication and session management;
(b) Analytics Cookies: Used to collect anonymized usage data for Application improvement.
13.2 The Application may use local storage mechanisms on your device (such as AsyncStorage or SecureStore) to persist your preferences, session tokens, and application data. These are essential to Application functionality and do not track your activity across other applications or websites.
13.3 We do not use third-party advertising trackers or cross-app tracking technologies.
14.1 We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective upon posting the revised Policy within the Application, with an updated "Last updated" date at the top of this page.
14.2 For material changes that substantively affect how we collect, use, or share your personal data, we will provide you with prominent notice through one or more of the following methods: (a) an in-app notification; (b) a notice on the Application's settings page; or (c) an email to the address associated with your account, if provided.
14.3 Your continued use of the Application following the posting of a revised Policy constitutes your acceptance of and consent to the updated practices. If you do not agree to the revised Policy, you must discontinue use of the Application and delete your account.
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or wish to exercise any of your data protection rights, please contact us at:
Privacy Contact: pickncook0@gmail.com
General Support: pickncook0@gmail.com