Privacy Policy

Effective date: March 22, 2026

Stewbot ("we", "our", or "the app") is a cooking assistant application available on iOS, Android, macOS, and Windows. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

1. Information We Collect

Account Information: When you sign in using Apple Sign-In or Google Sign-In, we receive your name, email address, and a unique account identifier from the authentication provider. If you use Apple Sign-In with the "Hide My Email" option, we only receive the private relay email address Apple provides. You may also choose a display username for community features.

Recipe Data: Recipes you save — including ingredients, steps, timers, equipment, tags, and metadata — are stored locally on your device. If you choose to use our cloud backup feature (available to premium subscribers), your recipe data is also stored on our servers so you can restore it across devices.

Pantry and Ingredient Data: Items you add to your pantry are stored locally on your device. If you use the photo-scanning feature, images of your pantry items are sent to our AI services for ingredient recognition and are not retained after processing.

Meal Plans and Shopping Lists: Your weekly meal plans, saved meals, and shopping lists are stored locally on your device and, if you opt into cloud backup, on our servers.

Cooking Activity Data: We record cooking session logs including recipes cooked, cook counts, ratings, personal notes, and timestamps to power features like cooking statistics, badges, and achievements. This data is stored locally on your device and, if you opt into cloud backup, on our servers.

AI Chat Conversations: When you use the Stewbot AI chat feature, your conversation history (including questions and AI responses) is stored locally on your device. Conversation content is sent to third-party AI services for processing in real time but is not stored by those services after the response is generated.

Camera and Photo Data: The app accesses your device's camera when you use the pantry photo-scanning feature to identify ingredients from images. Photos are processed through AI-powered image recognition and are not stored on our servers after processing is complete.

Text-to-Speech Data: When you use the read-aloud cooking feature, the app uses your device's built-in text-to-speech engine to read recipe steps aloud. No audio data is recorded, stored, or transmitted. Speech processing happens entirely on your device.

Usage Data: We collect basic usage information such as feature interactions and session data to improve the app. This data is stored locally and is not shared with third parties for marketing purposes.

Device and Error Information: If the app encounters an error, we may collect diagnostic information including your device platform, operating system version, device model, and app version, along with error details. This data is used solely to identify and fix bugs. It does not include personal information such as your name or email.

2. How We Use Your Information

• To provide and maintain the app's core functionality (recipe saving, meal planning, cooking guidance, pantry management, shopping lists)
• To authenticate your identity and manage your account
• To process your recipes, ingredients, and pantry images through AI services for features such as recipe parsing, metadata enrichment, ingredient recognition, meal suggestions, and cooking tips
• To provide AI-powered chat functionality for cooking questions, substitutions, technique lessons, and recipe recommendations
• To generate cooking statistics, badges, and achievement tracking
• To manage your subscription and validate purchases
• To provide cloud backup and cross-device restore services
• To enable community features such as recipe sharing with your chosen username
• To diagnose errors and improve app stability

3. AI Processing

Several features use third-party AI services to process data and generate responses. These services include Google Gemini and Azure OpenAI, depending on availability and configuration. The following data may be sent to these services:

• Recipe text and ingredient information for parsing, metadata generation, and enrichment
• Pantry item images for AI-powered ingredient recognition
• Chat messages for generating cooking advice, substitutions, technique lessons, and meal suggestions
• Ingredient lists for "What Can I Make?" recipe matching

We do not send your personal account information (name, email, or user ID) to AI providers. AI-processed data is not used to train third-party models. Pantry images and chat messages are processed in real time and are not retained by AI providers after generating a response.

4. Authentication and Security

We authenticate your identity by verifying ID tokens issued by Apple or Google directly against their public signing keys (JWKS endpoints). We do not use Firebase or any intermediate authentication service. After verifying your identity with the provider, our server issues its own access token and refresh token for use within the app. Access tokens are short-lived, and refresh tokens are stored server-side and can be revoked at any time. Your tokens are stored securely on your device using platform-provided secure storage.

Your local data is stored on your device using an encrypted on-device database (SQLite). If you use cloud backup, your data is stored on secure servers hosted on Amazon Web Services (AWS) with encrypted connections (HTTPS). All API communication between the app and our servers is encrypted in transit.

5. Third-Party Services

We use the following third-party services:

• Apple Sign-In — identity verification for iOS and macOS users
• Google Sign-In — identity verification for iOS and Android users
• Google Gemini — AI-powered recipe processing, chat responses, ingredient recognition, and cooking suggestions
• Azure OpenAI — alternative AI processing backend
• Apple StoreKit — in-app subscription management and receipt validation (iOS/macOS)
• Google Play Billing — in-app subscription management and receipt validation (Android)
• Amazon Web Services (AWS) — cloud server hosting and data storage

Each of these services has its own privacy policy governing how they handle data. We do not use any third-party analytics, advertising, or tracking services.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes. We only share data with the third-party services listed above as necessary to provide app functionality. If you use community features such as recipe sharing, your chosen username and shared recipe content will be visible to other users. We may disclose information if required by law, legal process, or government request.

7. Data Retention and Deletion

Your local data remains on your device until you delete the app or clear its data. Cloud backup data and account information are retained as long as you have an active account. You may delete your account and all associated server-side data at any time directly from within the app. Alternatively, you may request deletion by contacting us via our Support page. Upon account deletion or receiving a deletion request, we will remove your data within 30 days. Anonymized, aggregated error logs may be retained for up to 90 days for debugging purposes.

8. Cookies and Tracking

Stewbot is a native mobile application and does not use cookies, web beacons, or browser-based tracking technologies. We do not track you across other apps or websites.

9. Children's Privacy

Stewbot is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. International Data Transfers

Our servers are located in the United States (AWS us-east-2). If you are accessing the app from outside the United States, your data may be transferred to and processed in the United States. By using the app, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing of your data
• Withdraw consent for optional data processing

To exercise any of these rights, please contact us via our Support page. We will respond to your request within 30 days.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us via our Support page.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing personal data is your consent (for optional features like cloud backup and AI chat) and legitimate interest (for core app functionality and error diagnostics). To exercise your rights or lodge a complaint, contact us via our Support page or your local data protection authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by updating the effective date at the top of this page. Your continued use of the app after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, please visit our Support page for contact information.