Privacy Policy

Last updated: April 4, 2026

1. Information We Collect

When you use WhatToCook, we collect the following information:

  • Account information: Name, email address, and password (hashed) when you register
  • Product data: Product names, quantities, and scan images you upload for recipe generation
  • Recipe data: Generated recipes and request history
  • Payment data: If you purchase credits, masked card details (last 4 digits) and transaction information. Full card numbers are processed by WayForPay and never stored on our servers

2. How We Use Your Information

  • To provide and maintain the Service (recipe generation, product management)
  • To authenticate your identity and manage your account
  • To process credit purchases via WayForPay
  • To send account-related emails (verification, receipts)
  • To improve the Service and user experience

3. Data Sharing

We share your data with third-party services only as necessary to provide the Service:

  • Brevo (SMTP): Email delivery for account verification and notifications
  • Anthropic (Claude AI): Receipt/photo scanning and recipe generation. Product images and names are sent to Claude API for processing
  • WayForPay: Payment processing for credit purchases. We do not store your full payment details
  • Google OAuth: If you sign in with Google, we receive your name, email, and profile image

We do not sell your personal data to third parties.

4. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and secure JWT-based authentication. However, no method of transmission over the Internet is 100% secure.

5. Data Retention

Account data is retained as long as your account is active. Uploaded scan images are automatically deleted after 30 days. Generated recipes are retained indefinitely. You can request deletion of your account and all associated data by contacting us.

6. Cookies

We use essential cookies only for authentication (session management). We do not use tracking cookies or third-party analytics.

7. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your data in a portable format

To exercise these rights, contact us at [email protected].

8. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

If you have questions about this Privacy Policy, contact us at [email protected] or visit our contact page.