This Privacy Policy explains how Webonmaster ("Data Controller" or "we") collects, uses, processes, and protects your personal data when you use the CookLore mobile application (the "App") and its services, in strict accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).
1. About CookLore & Data Minimization
CookLore is a mobile application that allows users to create, catalog, and share food recipes. In alignment with the principles of data minimization and privacy-by-design under the Swiss FADP and EU GDPR, CookLore restricts personal data processing to the absolute minimum necessary to deliver its functionalities.
2. Account Registration & Authentication
To preserve integrity and accountability in our cooking community, users must register an account to add, edit, or publish recipes. You may browse certain public features without an account, but account registration is required to upload content.
We collect and process the following account details during registration:
- Email Address: Used to uniquely identify you, secure your account, send transaction receipts, and verify your identity.
- Username & Profile Info: A display name of your choice and an optional profile picture, displayed publicly when you publish recipes or interact with other members.
- Federated OAuth Data: If you register using Apple Sign-In or Google Sign-In, we receive a unique token and basic profile information from the provider to establish your account securely.
3. Recipe Management & Visibility Controls
CookLore provides robust controls to maintain your privacy. When you create or upload a recipe (including instructions, ingredients, notes, and photos), you can select one of two visibility levels:
- Private Visibility (Default/User Controlled): Recipes designated as private are accessible only to you. They are uploaded to secure, authenticated cloud storage allocated to your account. No other user can search for, view, or access your private recipes.
- Public Visibility: Recipes designated as public are published to the CookLore recipe directory. Public recipes are visible to all CookLore users and can be searched, shared, and followed. By making a recipe public, you consent to making it available to the community. You can change a public recipe back to private at any time, which immediately removes it from the public directory.
4. Social Interactions & Following
CookLore features a social networking layer enabling users to follow other cooks and stay updated on their culinary creations.
- When you choose to **follow** another user, your connection is recorded. The other user is notified that they have a new follower, which displays your username and profile picture.
- Your feed will aggregate public recipes published by the accounts you follow.
- You can **unfollow** any user at any time. Once unfollowed, the connection is instantly severed, and your feed will no longer showcase their updates.
5. Legal Bases for Data Processing
We process your data strictly under the following legal grounds (Art. 6 GDPR / Art. 31 FADP):
- Performance of a Contract (Art. 6(1)(b) GDPR): To register your account, host your personal recipes, apply visibility controls, and facilitate social interactions you initiate (like following others).
- Consent (Art. 6(1)(a) GDPR): For specific marketing communication, or for third-party cookie/advertising consent where applicable on local platforms.
- Legitimate Interests (Art. 6(1)(f) GDPR): To ensure app security, prevent fraudulent accounts, debug crash logs, and evaluate technical performance.
6. Third-Party Processors & Data Transfers
We do not sell, lease, or rent your personal data. We utilize trusted sub-processors under strict Data Processing Agreements (DPAs) that comply with Swiss and EU regulations:
- Supabase (Supabase, Inc.): Provides our secure PostgreSQL cloud database, authentication layer, and file storage for recipe images. Data is hosted primarily on secure infrastructure within the European Union (Frankfurt, Germany).
- RevenueCat (RevenueCat, Inc.): Handles purchase validation and billing state for CookLore Pro features. Standard Contractual Clauses (SCCs) are implemented to protect any data transfer.
- Google AdMob (Google LLC): Displays advertisements to support our free tiers. Personal data processing for personalized ads is strictly subject to your explicit consent in compliance with the ePrivacy Directive and Swiss FADP.
7. Data Retention & The Right to Erasure (Account Deletion)
We retain your personal data and recipes only for as long as your account is active or as needed to provide our services. You maintain complete control over your data:
- Self-Service Account Deletion: You can initiate complete account deletion at any time directly through the CookLore App settings screen.
- Data Deletion Scope: Upon deleting your account, all associated personal data, your follow records, all your private recipes, and all your public recipes are **permanently and irreversibly deleted** from our active databases within 30 days. Backups are completely overwritten within standard retention cycles.
- Data Portability: You have the right to request a download of your recipes in a standard structured format (such as JSON or CSV) prior to account deletion. Please contact support to initiate a portability transfer.
8. Your Rights
Under the Swiss FADP and EU GDPR, you have the following rights regarding your personal data:
- Right to Access (Information): Request details and copies of all personal data held about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal records.
- Right to Erasure ("Right to be Forgotten"): Request permanent deletion of your account and files.
- Right to Restrict or Object: Restrict processing under certain circumstances, or object to processing based on legitimate interests.
- Right to Portability: Obtain your data in a structured, readable digital format.
To exercise any of these rights, please send your request directly to our privacy team at info@webonmaster.com.
9. Legal Disclosures & Impressum
This service is operated by Webonmaster, a digital design and development agency based in Switzerland. Under Swiss Federal Law (Art. 3 Abs. 1 lit. s UWG), we provide the following mandatory contact details:
For regulatory complaints under GDPR, you can contact your local national Data Protection Authority (DPA). For Swiss residents, the competent authority is the **Federal Data Protection and Information Commissioner (FDPIC)** in Bern (CH-3003 Bern, Switzerland).