Privacy Policy

1. Introduction

Actually Cooked (“the App,” “we,” “us,” or “our”) is a mobile application that helps users compare the cost of food delivery orders with cooking at home. This Privacy Policy explains what information the App collects, how it is used, and how it is protected.

We are committed to transparency and to protecting your privacy. This policy is designed to be clear and comprehensive so you can make informed decisions about using the App. By using Actually Cooked, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide

The App collects the following information that you voluntarily provide:

2.2 Information Generated by the App

As you use the App, the following data is created and stored entirely on your device: recipes (dish names, ingredients, instructions, cost estimates, and cooking times), cooking activity (whether you marked a recipe as cooked, cook counts, and timestamps), savings data (running totals of estimated savings, streaks, and meals cooked), milestones, favorite recipes, and your owned-ingredient selections.

All of this data is stored exclusively on your device in a local database. It is never uploaded to our servers or any third-party service.

2.3 Information Involved When You Connect Kroger

If you choose to connect a Kroger-family grocery store account (including Kroger, Fred Meyer, Ralphs, Harris Teeter, King Soopers, QFC, Smith’s, Fry’s, Mariano’s, and other Kroger-owned banners), additional data is involved: your Kroger OAuth access and refresh tokens (stored in encrypted iOS Keychain storage on your device, used to add items to your cart and keep you connected) and your selected store location ID, name, and banner (stored on your device only).

Kroger authentication uses the industry-standard OAuth 2.0 Authorization Code flow with PKCE. You log in directly with Kroger in a secure browser window — the App never sees or stores your Kroger username or password.

2.4 Information We Do NOT Collect

We want to be explicit about what we do not collect:

• Names, email addresses, phone numbers, or any personal identity information
• Passwords or authentication credentials (Kroger login happens through Kroger’s own secure page)
• Credit card numbers or bank details (Apple processes all payments; we never see your card)
• Precise location or GPS data (ZIP code is entered manually by you)
• Contacts, calendar data, or other device data
• Browsing history or your activity in other apps
• Advertising identifiers (IDFA/GAID) — we run no advertising
• Any photos beyond the specific screenshots you choose to share with the App

3. How We Use Your Information

3.1 Recipe Generation

When you request a recipe (via screenshot or manual entry), the following data is sent to our server (a Cloudflare Worker) for processing: the text extracted from your screenshot (or the dish name you typed), and — if provided — your ZIP code, shopping preference, and cooking effort preference. Our server passes this to the Anthropic Claude API, which generates a structured recipe with cost estimates. The recipe is returned to your device and stored locally. Our server is stateless — it does not log, store, or retain this data; it processes your request and immediately discards it.

3.2 Kroger Grocery Integration

When you use “Add to Kroger Cart,” your recipe’s ingredient names, selected store location ID, and Kroger access token are sent to our server, which searches Kroger’s Product API and adds matched products to your Kroger cart. Our server acts only as a pass-through proxy and does not store any of this data. If your access token expires, your refresh token is exchanged with Kroger for a new one; the new tokens are returned to your device and stored encrypted. Our server does not retain the tokens.

3.3 Store Search

When searching for nearby Kroger-family stores, your ZIP code is sent through our server to the Kroger Locations API and the list of nearby stores is returned to your device. Our server does not store your ZIP code or the results.

3.4 Local Notifications

If you enable cooking reminders, the App schedules local notifications on your device. These are generated and delivered entirely on your device — no push server or third party is involved, and no notification data leaves your device.

4. Third-Party Services

The App relies on a small number of third-party services to function. Each receives only what it needs.

4.1 Anthropic (Claude API)

Receives: text extracted from your screenshots (or typed dish names) plus your ZIP code, shopping preference, and cooking effort preference. Why: to generate recipes and cost estimates. Retention: per Anthropic’s API terms, data sent through their API is not used to train their models. See Anthropic’s Privacy Policy.

4.2 Kroger API

Receives: your ZIP code (store search), ingredient search terms and store location ID (product matching), and your OAuth tokens (cart operations). Why: to find stores, match ingredients, and add items to your cart. Retention: per Kroger’s Privacy Policy.

4.3 Cloudflare

Receives: our server runs on Cloudflare’s network, which may process standard request metadata (IP address, headers, timing) as part of its infrastructure. Why: to host our server and deliver responses quickly and securely. Retention: per Cloudflare’s Privacy Policy.

4.4 RevenueCat (Subscriptions)

Receives: when you purchase or restore a subscription or the lifetime upgrade, we use RevenueCat to manage entitlements. It receives a randomly generated, anonymous app user ID, the purchase receipt and transaction identifiers from Apple, and basic device and app information. It does not receive your name or payment-card details. Why: to verify your subscription status and unlock Pro features across reinstalls and devices. Retention: per RevenueCat’s Privacy Policy.

4.5 Sentry (Crash & Error Reporting)

Receives: if the App encounters an error, we use Sentry to collect diagnostic information — error messages, stack traces, app version, device model, OS version, and the IP address used to send the report. We have intentionally disabled performance tracing and session replay, so Sentry does not record your screen or session, and we do not attach your name or contact details. Crash reporting is active only in the production App Store build. Why: to find and fix bugs. Retention: per Sentry’s Privacy Policy.

4.6 Apple (App Store, In-App Purchases & On-Device Services)

The App is distributed through the App Store and uses Apple’s in-app purchase system for subscriptions and the lifetime purchase. Apple processes your payment and may share limited transaction or aggregate data with us under the App Store terms; we never receive your payment-card details. The App also uses Apple’s on-device Vision framework for text recognition — this happens entirely on your device and no image or text is sent to Apple. See Apple’s Privacy Policy.

5. Data Storage and Security

The vast majority of your data never leaves your device. Structured data (recipes and history) is stored in a local SQLite database, and preferences, savings, and milestones in a local key-value store — both protected by iOS app sandboxing. Sensitive authentication data (Kroger OAuth tokens) is stored using the iOS Keychain, Apple’s hardware-backed encrypted storage, protected by your device’s passcode, Face ID, or Touch ID. All communication between the App, our server, and third-party APIs uses HTTPS (TLS) encryption. Our server is a stateless Cloudflare Worker with no database or persistent storage, and all API keys are stored as encrypted secrets that are never exposed to the app.

No method of electronic storage or transmission is 100% secure. While we use commercially reasonable safeguards to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

Your on-device data is retained for as long as you choose to keep it. You have full control: delete individual recipes by swiping left, use “Reset All Data” in Settings to erase all recipes, savings, preferences, and disconnect Kroger, or uninstall the App to delete all associated data including encrypted Keychain entries. Our server retains no user data — each request is processed in real time and discarded, so there is nothing for us to delete. You can manage data held by third parties directly (for example, revoke app access in your Kroger account settings).

7. Your Rights and Choices

Because your data lives on your device, you have complete control at all times: access (everything is visible in the App), correction (change preferences anytime), deletion (remove individual recipes or all data), and portability (copy grocery lists to your clipboard). Connecting Kroger is optional and can be disconnected anytime, which immediately deletes all Kroger tokens from your device. Cooking reminders are off by default. The App requests read-only photo access only when you choose to upload a screenshot, and never accesses your camera; you can revoke this permission anytime in iOS Settings.

8. Children’s Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. Because the App requires no account and collects no personal identity information, we have no means of determining a user’s age. If you believe a child under 13 is using the App inappropriately, please contact us.

9. International Data Transfers

When you generate a recipe, text data is processed through our Cloudflare Worker (which may run on Cloudflare’s global edge network) and sent to Anthropic’s and Kroger’s API servers, which are based in the United States. All transfers use HTTPS encryption, and our server persists no data, so no personal information is stored outside your device.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect (described in this policy), to delete your data (via the App’s built-in deletion features), to opt out of the sale of personal information, and to non-discrimination for exercising your rights. We do not sell, rent, lease, or share your personal information with third parties for their marketing purposes.

11. European Privacy Rights (GDPR)

If you are in the EEA or UK, you have rights including access, rectification, erasure, restriction of processing, data portability, and the right to object. We process data based on your consent (by choosing to use the App) and our legitimate interest in providing the service. Because your data is stored on your device, you can exercise most of these rights directly within the App.

12. Do Not Track

The App does not track you across other apps or websites and contains no advertising or third-party analytics SDKs, so there is no cross-app tracking to disable. We do not respond to browser “Do Not Track” signals because we do not engage in tracking.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the App after changes are posted constitutes acceptance of the updated policy. For significant changes, we will make reasonable efforts to notify you (for example, through an in-app notice).

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at privacy@actuallycooked.com. We will respond as promptly as possible.