← Back to Cucinovo

Privacy Policy

Last updated: March 2026

1. Data We Collect

When you create an account and use Cucinovo, we collect the following categories of personal data:

  • Account information: your name, email address, and hashed password.
  • Organisation data: organisation name, slug, billing plan, and subscription status.
  • Usage data: recipes, ingredients, categories, shopping lists, and other content you create within the platform.
  • Authentication tokens: short-lived JWT session tokens stored as HTTP-only cookies.
  • Technical data: IP address, browser type, and request logs for security and debugging purposes.

2. How We Use Your Data

We use your personal data solely to provide and improve the Cucinovo service:

  • To authenticate you and maintain your session securely.
  • To store and serve the recipe and kitchen management data you create.
  • To process billing and manage your subscription plan via Stripe.
  • To send transactional emails (account invitations, password resets).
  • To detect and prevent abuse, fraud, or security incidents.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Retention

We retain your personal data for as long as your account remains active. If you delete your account, your personal data and all associated content (recipes, ingredients, organisations) are permanently deleted from our systems within 30 days, except where retention is required by law.

Aggregated, anonymised analytics data that cannot be linked back to any individual may be retained indefinitely for product improvement purposes.

4. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: you can request a copy of all personal data we hold about you via your Profile page (Export My Data).
  • Right to rectification: you can update your name and contact details at any time through your account settings.
  • Right to erasure: you can permanently delete your account and all associated data from your Profile page (Delete Account).
  • Right to data portability: you can download a machine-readable JSON export of your data from your Profile page.
  • Right to object: you may object to processing of your personal data where we rely on legitimate interests. Contact us to exercise this right.
  • Right to lodge a complaint: you have the right to lodge a complaint with your local data protection supervisory authority.

5. Cookies

Cucinovo uses only essential cookies required to operate the service:

  • sid: HTTP-only session cookie containing a short-lived JWT access token (1-hour expiry).
  • refresh: HTTP-only cookie for silent token renewal (7-day expiry, restricted to the refresh endpoint).

We do not use tracking, analytics, or advertising cookies. No third-party cookies are set by Cucinovo.

6. Third-Party Services

Cucinovo relies on the following sub-processors to deliver the service:

  • MongoDB Atlas (MongoDB, Inc.) — cloud database hosting. Your data is stored in encrypted MongoDB Atlas clusters. MongoDB Privacy Policy.
  • Fly.io — application hosting and compute. Fly.io Privacy Policy.
  • Stripe — payment processing. Billing data is handled directly by Stripe and subject to their privacy policy. We store only your Stripe customer ID. Stripe Privacy Policy.

7. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@cucinovo.com