Your recipes are yours. We built it that way on purpose.

1. Who we are

Chef Notebook (in this policy, "Chef Notebook," "we," or "us") is the data controller for any data described on this page, within the meaning of the GDPR and equivalent privacy regulations.

Privacy contact: privacy@chefnotebook.com

2. What stays on your device

Almost everything in the app is local. The following data is stored on your device only and, if you have iCloud enabled, mirrored to your private CloudKit container under your Apple ID:

• Your recipes (titles, ingredients, steps, components, notes, equipment, photos, version history, scaling history)
• Your tags, favorites, and folders
• Your timer state, Cook Mode progress, and step history
• Your saved scaling preferences and unit preferences
• App settings (theme, default servings, sort orders)

Apple stores your iCloud data in your private CloudKit database. Chef Notebook does not have a server-side copy of your recipes. We cannot read them, search them, sell them, or recover them if you delete them. Apple's iCloud privacy practices are described at apple.com/legal/privacy.

3. What our server does see

The app calls a small backend service at api.chefnotebook.com for three optional features: importing a recipe from a URL or photo, scaling a recipe with assistance, and submitting feedback. The server does the minimum work it needs to do and stores only what is described below.

3.1 Anonymous device registration

The first time the app needs to call the server, it generates a random UUID on your device and exchanges it for an API key and secret stored in the iOS Keychain. This UUID is not derived from any Apple identifier (it is not the IDFA, IDFV, advertising ID, or your Apple ID). It exists only so we can rate-limit abusive clients and so the server can recognize repeat callers without knowing who they are.

3.2 Recipe import (URL)

When you import a recipe from a URL, the app sends that URL to our server. The server fetches the page and forwards its text to a third-party recipe-parsing service (see section 6) to extract a structured recipe. The server returns the recipe to the app and discards the URL and the page contents. We do not keep a copy of the URL, the page text, or the resulting recipe.

For cost control, we maintain a small list of URLs that have been confirmed not to contain a recipe, so we don't keep paying to re-parse them. That list contains the URL only; it has no link back to the device that submitted it.

3.3 Recipe import (photo)

When you import a recipe from a photo, the app sends the photo as base64 image data to our server. The server forwards the image to a third-party recipe-parsing service and returns the structured recipe to the app. The image is not retained on our server after the response is sent. The image passes through the third-party service only for the time it takes to extract the recipe; see section 6 for those services' own retention policies.

3.4 Recipe scaling

If you ask Chef Notebook to scale a recipe with assistance, the app sends the ingredients, quantities, and target serving count to our server. The server uses the same third-party services to produce sensible scaled quantities and returns them. The request and response are not retained.

3.5 Feedback

If you submit feedback through the in-app feedback form, the following is sent to our server and stored in our database so we can read and reply to it:

• The category you chose and the message body you wrote
• An optional first name, if you chose to enter one
• An optional screenshot, if you chose to attach one
• App version, OS version, device model (e.g. "iPhone"), and platform
• The IP address of the request, recorded by the web server

Feedback is retained for up to 24 months so we can refer back to a thread of related issues. You can ask us to delete your feedback at any time by emailing privacy@chefnotebook.com.

4. What we do not collect

• No advertising identifiers (IDFA) and no App Tracking Transparency prompts, because the app does not track you.
• No third-party analytics (no Firebase, no Mixpanel, no Amplitude, no Segment, no Sentry, no Bugsnag, no Adjust, no AppsFlyer, no Facebook SDK, no Google Analytics).
• No social-network SDKs.
• No email address, real name, phone number, or postal address. Contact details only enter the system if you choose to email us.
• No payment card data. Subscriptions are processed by Apple via StoreKit. We never see your card; we only see whether your device's transaction is currently entitled.
• No cross-app or cross-website tracking. The app does not share data with data brokers and does not link any of the data above to identifiers from other apps or websites.

5. Apple App Store privacy labels

The data we declare on the App Store privacy nutrition label matches what is described above:

• Data linked to you: none.
• Data not linked to you: Device ID (the random UUID described in section 3.1) and Other Diagnostic Data (per-device usage counters, platform, app version), used only for app functionality.
• Data used to track you: none.

Our App Privacy Manifest (PrivacyInfo.xcprivacy) declares accesses to UserDefaults, file timestamps, system boot time, and disk space, each used only to provide the app's documented functionality (preference storage, file management, debounced timers, and storage diagnostics).

6. Third-party processors

The recipe-import and recipe-scaling features hand your input to one of the following third-party recipe-parsing services. The server picks the most suitable one based on the request type:

• Anthropic, PBC. Privacy policy: anthropic.com/legal/privacy. Anthropic states that API inputs and outputs are not used to train its models by default.
• Google LLC. Privacy policy: policies.google.com/privacy; API-specific terms at ai.google.dev/gemini-api/terms.
• X.AI Corp. Privacy policy: x.ai/legal/privacy-policy.

These services receive only the input needed to fulfill your request (the URL contents, photo bytes, or ingredient list) and a short instruction prompt. They do not receive your device ID, your IP address, your name, or any identifier that links the request back to you. We do not retain the input on our side after the service returns its response.

Other third-party services we rely on:

• Apple Inc. for iCloud sync (CloudKit), in-app subscriptions (StoreKit), push notifications, and the iTunes Lookup API used to check for new app versions.
• DigitalOcean, LLC hosts the api.chefnotebook.com server in the United States. Database backups are encrypted at rest.

7. Permissions the app may request

iOS, iPadOS, and macOS will prompt you the first time the app needs a permission. Each is optional and used only as described:

• Camera: used to photograph a printed or handwritten recipe for import. Photos are sent to the recipe-import service described in 3.3 and are not retained on our server.
• Photo library (add only): used to save a recipe image to your photo library when you choose Save Image. Chef Notebook does not read your photo library.
• Reminders: used to add a recipe's ingredients to a Reminders list as a grocery list. The list is created in your local Reminders app; it is not sent to our server.
• Calendar: used by the same export flow on systems where Reminders access is brokered through Calendars. The events themselves are stored only in your Calendar/Reminders database.
• Notifications: used for timer alarms during cooking, Live Activities, and (optionally) push notifications about new app features. You can turn each off in Settings.

8. Children's privacy

Chef Notebook is rated for ages 4+ and is suitable for all audiences. The app does not knowingly collect personal information from children. The features that require network access (recipe import, scaling, feedback) do not require an account, do not request personal information, and do not show ads or behavioral content. If you believe a child has submitted feedback containing personal information, email us and we will delete it.

9. Your rights

Because Chef Notebook does not maintain user accounts and your recipes never reach our servers, most data-subject requests are simple to fulfill yourself:

• Access & portability: open any recipe and use the export menu to download it as plain text, JSON-LD, or a printable PDF. The full recipe library lives on your device and in your private iCloud at all times.
• Deletion of your local data: delete recipes inside the app, or uninstall the app and turn off iCloud for Chef Notebook in Settings → Apple ID → iCloud.
• Deletion of server-side data: uninstall the app to discard your device's API credentials, then email privacy@chefnotebook.com with "Delete my server data" in the subject. We will delete the device record, any associated usage counters, and any feedback rows you have submitted within 30 days. Because the records are not tied to your name or email, please include the device UUID if you still have access to the app's Settings → About → Diagnostics screen so we can match the right row.
• Correction: the only personally identifiable text we may hold is feedback you wrote to us. Email us to ask for it to be amended or removed.
• Objection / restriction / complaint: if you are in the EEA, UK, or California you have the right to object to processing, restrict processing, or lodge a complaint with your supervisory authority. Contact us first and we'll resolve it directly.

We do not sell or share personal information for cross-context behavioral advertising. There is no opt-out to file because there is nothing to opt out of.

10. International transfers

Our server is hosted in the United States, and the third-party recipe-parsing services listed in section 6 are also based in the United States. If you are located outside the United States, when you use the recipe-import, recipe-scaling, or feedback features the relevant payload is transferred to the United States for processing. We rely on the standard contractual safeguards published by each provider.

11. Security

Server traffic is served over HTTPS only (HSTS preload). API requests are signed with HMAC-SHA256 using a secret stored in the iOS Keychain. Database connections to the backing store are TLS-only. Backups are encrypted at rest. The server does not run any third-party code that has not been reviewed by us.

iOS and macOS protect your locally stored recipes through the standard Data Protection class. CloudKit syncs to your private database under your Apple ID; Apple holds the keys to that data and we do not.

12. In-app purchases & subscriptions

Subscriptions are billed by Apple via StoreKit and managed in your Apple ID's subscription settings. We do not see your card or your billing address. We see only whether your device's StoreKit transaction is currently entitled, which the app validates locally.

13. Changes to this policy

If we change this policy in a way that affects what data is collected or how it's used, we will update the "Last updated" date at the top of this page and, for material changes, surface a notice inside the app the next time you open it. Older versions are available on request.

14. How to reach us

The fastest way to reach us is the in-app feedback form (Settings → Help & Feedback → Send Feedback), which gives us your app version, OS version, and an optional screenshot so we can help quickly.