← Back to ChompPrompt

Privacy Policy

Last Updated: December 28, 2025

1. Introduction

ChompPrompt (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the “Service”).

This policy complies with the California Consumer Privacy Act (CCPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Apple App Store Guidelines, and ISO/IEC 27701 privacy information management standards.

Geographic Availability: The Service is currently available only in the United States and Canada.

Effective Date: December 28, 2025

2. Data Controller

ChompPrompt is a product of CarbonHands LLC, which operates as the data controller for personal information collected through our Service.

CarbonHands LLC

  • Email: privacy@chompprompt.com
  • Website: https://chompprompt.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: When you sign in with Apple, we receive your Apple ID, email address (if shared), and display name.
  • Recipe Data: Recipes you create, save, import from URLs, or generate using AI, including titles, ingredients, instructions, and images.
  • User Content: Text prompts you submit for AI recipe generation.
  • Shared Content: Recipes you choose to share publicly via share links.

3.2 Automatically Collected Information

  • Device Information: Device type, operating system version, unique device identifiers.
  • Usage Data: App interactions, features used, timestamps, and error logs.
  • Analytics: Aggregated, anonymized usage statistics to improve our Service.

3.3 Information from Third Parties

  • Apple Sign-In: Authentication data provided by Apple when you sign in.
  • Recipe Sources: When you import recipes from URLs, we extract publicly available recipe data from those websites.

4. How We Use Your Information

We process your information based on legitimate interests, contractual necessity, and your consent. Specifically, we use your data to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Store and sync your recipes across devices
  • Generate AI-powered recipes based on your prompts
  • Create AI-generated food images for your recipes
  • Enable recipe sharing functionality
  • Respond to your inquiries and support requests
  • Detect, prevent, and address technical issues and abuse
  • Comply with legal obligations

5. AI Processing and Third-Party Services

5.1 OpenAI Integration

When you use our AI recipe generation feature, your prompts are processed by OpenAI's API services (GPT-4 for recipe creation, DALL-E 3 for image generation). OpenAI processes this data according to their Privacy Policy and API Data Usage Policy.

Important: OpenAI does not use data submitted through their API to train their models. Your prompts are processed solely to generate responses.

5.2 Supabase (Infrastructure Provider)

We use Supabase for authentication, database, and file storage services. Supabase processes your data in accordance with their Privacy Policy and maintains SOC 2 Type II compliance.

5.3 Spoonacular API

For recipe search and discovery features, we may use the Spoonacular API. Recipe data from Spoonacular is cached to improve performance and reduce API costs.

6. Data Storage and Security

6.1 Storage Location

Your data is stored on secure servers provided by Supabase, located in the United States. Data transfers comply with applicable data protection laws, including GDPR Standard Contractual Clauses.

6.2 Security Measures

We implement industry-standard security measures aligned with ISO 27001 principles:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication via Apple Sign-In with OAuth 2.0
  • Row-Level Security (RLS) ensuring users can only access their own data
  • Regular security audits and vulnerability assessments
  • API keys and secrets stored securely, never exposed to clients
  • Secure session management with token refresh mechanisms

6.3 Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion.
  • Recipe Data: Retained until you delete individual recipes or your account.
  • Shared Recipes: Public share links remain accessible unless you delete the shared recipe.
  • AI Generation Logs: Temporary job data is automatically deleted within 24 hours of completion.
  • Analytics: Aggregated, anonymized data may be retained indefinitely for service improvement.

7. Your Privacy Rights

Depending on your location within the United States or Canada, you have the following rights under CCPA, PIPEDA, and other applicable laws:

7.1 Rights Under CCPA (California Residents)

  • Right to Know: Request disclosure of data collected, used, and shared.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: Opt out of sale of personal information (we do not sell your data).
  • Right to Non-Discrimination: Equal service regardless of privacy choices.

7.2 Rights Under PIPEDA (Canadian Residents)

  • Right of Access: Request access to your personal information.
  • Right to Correction: Request correction of inaccurate information.
  • Right to Withdraw Consent: Withdraw consent subject to legal restrictions.
  • Right to Complain: File a complaint with the Privacy Commissioner of Canada.

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@chompprompt.com. We will respond within 30 days (GDPR) or 45 days (CCPA). You may also delete your account directly within the app, which will remove all associated data.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • Service Providers: With trusted third parties who assist in operating our Service (Supabase, OpenAI), bound by confidentiality agreements.
  • Public Sharing: When you choose to share a recipe publicly, the recipe content becomes accessible via the share link.
  • Legal Requirements: When required by law, subpoena, or to protect our rights and safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

9. Children's Privacy

Our Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at privacy@chompprompt.com, and we will delete it promptly.

10. Cookies and Tracking Technologies

Our mobile app does not use cookies. Our website may use essential cookies for authentication and session management. We do not use third-party advertising or cross-site tracking cookies.

App Tracking Transparency: We comply with Apple's App Tracking Transparency framework. We do not track you across other companies' apps or websites.

11. Data Storage and Transfers

Your data is stored and processed in the United States. For Canadian users, by using our Service, you consent to the transfer of your data to and processing in the United States in accordance with this Privacy Policy and applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the app, email, or by posting a prominent notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at:

  • Email: privacy@chompprompt.com
  • Website: https://chompprompt.com/privacy

Canadian residents may also lodge a complaint with the Office of the Privacy Commissioner of Canada.

© 2026 ChompPrompt. All rights reserved.

Terms of ServicePrivacy Policy