CULICY
Privacy Policy
Effective Date: 22 May 2026 · Version 1.0.0
A global privacy policy for Culicy users everywhere
|
YOUR PRIVACY MATTERS. This Privacy Policy explains what personal data Culicy collects, how we use it, who processes it for us, how long we keep it, and how you can access, correct, delete, or control your data. By using Culicy, you agree to the practices described here. |
Culicy is an AI-powered cooking assistant, meal-planning, pantry, cookbook, and culinary community application. Culicy is operated by Culicy AI Innovations, a sole proprietorship ("Culicy", "we", "us", or "our"). As a sole proprietorship, the business is owned and operated by an individual proprietor who is responsible for it.
Culicy is designed for users globally. This Policy is written to support major privacy and platform requirements, including the EU/UK GDPR, United States privacy laws such as the CCPA/CPRA and similar state laws, Canada’s PIPEDA and Quebec Law 25, India’s Digital Personal Data Protection Act, 2023 (DPDP Act).
· Privacy, Legal & Grievance Contact: privacy@culicy.com
· Support Contact: support@culicy.com
· Website: https://culicy.com
This Privacy Policy applies to the Culicy mobile application, website, backend services, email communications, community features, and related services (collectively, the "Service"). It explains:
· What personal data we collect and why
· How we use, store, secure, and delete data
· Which service providers process data on our behalf
· How AI features process prompts, images, preferences, and recipe content
· How you can exercise privacy rights, including account deletion
In privacy laws, different countries use different role names. In this Policy, Culicy is the business/controller/data fiduciary responsible for deciding how data is used. You are the user/data subject/data principal.
|
Category |
Examples |
|
Account registration |
Name or display name, email address, authentication provider, user ID, password credentials handled by Firebase Authentication or another identity provider; your password is never visible to Culicy. |
|
Profile and community identity |
Username, profile photo, bio, badges, community posts, comments, reports, likes, follows, and moderation information. |
|
Onboarding and personalisation |
Dietary preferences, cuisine preferences, cooking skill level, meal goals, allergies/intolerances, health or nutrition goals, calorie targets, meal counts, language preference, pantry preferences. |
|
AI and cooking content |
Chat messages/prompts, AI responses, saved recipes, cookbook items, meal plans, pantry items, shopping lists, Cook Along session data, feedback, ratings, and reports. |
|
Photos and images |
Community food photos you upload and pantry-scanner photos you choose to submit for ingredient recognition. |
|
Support communications |
Messages you send to support or legal contacts, including your name, email address, account email, and the content of your request. |
· Device model, operating system, app version, language/locale, and device identifiers used for security, app functionality, and diagnostics.
· Approximate location derived from IP address or device locale, such as city/region level. Culicy does not require precise GPS location for normal app use.
· App usage patterns, feature interactions, server logs, request metadata, performance metrics, crash reports, and debug information.
· Firebase Cloud Messaging token or similar push-notification token, if notifications are enabled.
· Subscription tier, Google Play purchase status, product identifiers, renewal/cancellation status, and billing metadata. Culicy does not store payment-card details.
· Voice input: Culicy may use the device’s speech-recognition system to convert your speech into text. Unless a future feature clearly says otherwise, Culicy does not store raw voice audio. The transcribed text may be sent to Culicy’s backend and AI providers to generate a response.
· Text-to-speech: When audio replies are enabled, Culicy may send response text to a text-to-speech provider to generate spoken output.
· Camera/pantry scanner: Photos you choose for pantry scanning are processed to identify ingredients. Pantry-scanner images are used for that feature and are not intended to be permanently stored unless you explicitly save or post them.
· Community images: Photos you post to the Culicy community are stored and shown to other users until you delete them or your account, subject to moderation and legal retention obligations.
Some data you provide, such as food allergies, intolerances, health or nutrition goals, may be treated as sensitive or special-category data under certain laws. We collect and use this data only to personalise your cooking experience, safety warnings, and meal planning. We do not sell sensitive personal information and do not use allergy, health-goal, or chat content for ad targeting.
· Create, authenticate, verify, and secure your account, including email verification and password reset.
· Generate personalised AI recipes, meal plans, pantry suggestions, Cook Along guidance, and shopping lists.
· Store and sync your profile, cookbook, pantry, cart, meal plans, community content, and conversation history.
· Operate community features, including posts, comments, reports, moderation, safety enforcement, and anti-spam controls.
· Manage subscriptions, enforce usage limits, provide paid features, and verify Google Play Billing entitlement.
· Send essential service messages such as email verification, password reset, security notices, policy updates, and important account notices.
· Improve the Service through aggregated or de-identified analytics, diagnostics, crash reports, and abuse-prevention data.
· Serve advertising to Free-tier users only where advertising is enabled and legally allowed, subject to the restrictions in Section 8.
· Comply with legal obligations, enforce our Terms, protect rights and safety, investigate abuse, and respond to lawful requests.
Where law requires a legal basis, we rely on the following bases:
|
Processing Activity |
Legal Basis |
|
Providing the core cooking, account, and community service |
Contract / necessary to provide the Service |
|
Account authentication, email verification, security, and fraud prevention |
Contract, legitimate interests, and legal obligations |
|
Personalised recommendations based on preferences, pantry, allergies, and goals |
Contract and consent where required |
|
AI processing of prompts, images, recipes, and preferences |
Contract and consent where required |
|
Crash reporting, diagnostics, abuse prevention, and aggregated analytics |
Legitimate interests |
|
Advertising to Free-tier users, where enabled |
Consent where required and legitimate interests where permitted |
|
Marketing communications |
Consent / opt-in |
|
Legal compliance, tax, billing, and dispute handling |
Legal obligation and legitimate interests |
In India under the DPDP Act, processing is primarily based on your consent or legitimate uses allowed by law. You may withdraw consent, subject to the consequences of no longer being able to use features that require the data.
|
WE DO NOT SELL YOUR PERSONAL DATA. We do not sell personal data and do not share personal data with third parties for their own marketing purposes. We use trusted providers to operate Culicy, process data on our behalf, and provide specific app features. |
|
Provider / Category |
Purpose |
Data Processed |
|
Google Firebase / Google Cloud |
Authentication, email verification, Firestore database, Cloud Storage, Cloud Functions, App Check, Cloud Messaging, logging, monitoring, and security infrastructure. |
Account identifiers, email, profile data, app data, database records, uploaded images, device/app metadata, push tokens, server logs. |
|
Firebase Authentication / Google Sign-In |
Secure sign-in, email/password authentication, Google sign-in, email verification, password reset, and token-based access control. |
Email address, display name, authentication provider, verification status, user ID, login/session metadata. |
|
Cloud Firestore / Firebase Storage |
Store user profiles, conversations, pantry, recipes, community content, images, and feature data. |
App content and user-generated data associated with your account. |
|
Google Play Billing |
Subscription purchase processing, entitlement checks, renewals, cancellations, and refund status through Google Play. |
Purchase/subscription status and billing metadata. Payment-card details are handled by Google Play, not Culicy. |
|
AI and machine-learning providers |
Generate recipes, meal plans, chat responses, ingredient recognition, safety warnings, and AI assistance. |
Prompts, conversation context, recipe content, pantry items, preferences, uploaded pantry images, and relevant profile context needed to answer your request. |
|
Text-to-speech / speech services |
Voice input transcription and spoken output where enabled. |
Speech may be processed by your device or service provider; response text may be processed to generate audio. |
|
Analytics and crash reporting providers |
Improve stability, diagnose crashes, measure feature usage, and detect performance issues. |
App activity, device/app metadata, crash logs, diagnostics, and aggregated usage data. |
|
Email and notification services |
Send verification emails, password reset messages, security notices, service updates, and push notifications. |
Email address, user ID, notification token, message metadata. |
|
Caching and infrastructure providers |
Speed up responses, reduce backend load, and operate secure infrastructure. |
Temporary cache keys, request metadata, non-sensitive operational data, or limited content where required for feature performance. |
|
Image/content services |
Optional recipe imagery, content display, or media delivery where enabled. |
Search keywords, image URLs, or displayed content; we avoid sending unnecessary personal data. |
|
Legal, safety, and abuse-prevention providers |
Investigate abuse, moderate content, comply with law, and protect users. |
Reports, moderation records, account identifiers, and relevant content or logs. |
Service providers may process data in countries where they operate. They are expected to process data only for the services they provide to Culicy and under appropriate contractual, security, and privacy obligations.
· Culicy uses AI to generate cooking suggestions. AI outputs may be inaccurate, incomplete, or unsafe if followed without human judgment. Always verify ingredients, quantities, cooking times, allergen information, and food safety practices.
· Do not enter passwords, payment-card numbers, government IDs, highly confidential business information, or sensitive personal information that is not needed for cooking or meal planning.
· Culicy may send your prompts, pantry items, relevant preferences, images you submit, conversation context, and app metadata to AI providers so they can generate responses and help keep the service safe.
· Culicy does not sell your chat content. Culicy does not use your chat, allergy, dietary, or health-goal data for advertising targeting.
· Third-party AI providers may maintain logs or abuse-monitoring records according to their own enterprise/API terms. Where available, Culicy configures providers and internal systems to minimise unnecessary retention and disclosure.
Culicy may show ads to Free-tier users if advertising is enabled. Paid subscribers (Chef and Pro Chef) do not see ads where the paid no-ads feature is active. To protect users globally, we apply these restrictions:
· We do not use chat messages, recipes, allergies, dietary preferences, pantry items, or health/nutrition goals for ad targeting.
· We do not knowingly serve targeted or behavioural advertising to minors.
· We do not sell personal data to advertisers.
· You can reset or limit your advertising identifier in Android settings, and you can remove ads by upgrading if paid no-ads features are available.
|
Data Type |
Retention Period |
|
Account and profile data |
Until account deletion plus up to 30 days for deletion processing and backup cleanup, unless legally required longer. |
|
Chat history and AI conversations |
Until you delete the conversation or your account, subject to safety, abuse-prevention, and legal-retention exceptions. |
|
Cookbook, pantry, cart, shopping lists, and meal plans |
Until you delete the item or your account. |
|
Community posts, comments, photos, reports, and moderation records |
Posts/comments until you delete them or your account; moderation/safety records may be retained longer to prevent abuse and enforce policies. |
|
Pantry scanner images |
Used for real-time feature processing and not intended to be permanently stored unless you save or post them. |
|
Crash reports and diagnostics |
Usually up to 90 days, or longer if aggregated/de-identified or needed to fix major issues. |
|
Analytics data |
Up to 14 months, unless aggregated or de-identified. |
|
Billing, subscription, and tax records |
Up to 7 years or the period required by law. |
|
Deletion request/audit records |
Retained as needed to prove compliance, prevent fraud, or meet legal obligations. |
When you request account deletion, we delete or anonymise personal data associated with your account within a reasonable period, generally within 30 days, except where retention is required for legal, security, fraud-prevention, tax, dispute, or safety reasons.
· Data in transit is protected using TLS/HTTPS where supported.
· Cloud databases and storage are protected by cloud-provider encryption and access controls.
· Firebase Authentication and token verification help ensure only verified users access protected data.
· Firestore security rules restrict each user’s private data to that user, and backend access is protected by authentication, App Check, and server-side controls.
· No method of transmission or storage is 100% secure, so users should avoid sharing unnecessary sensitive information in AI chat or community posts.
Culicy operates globally and may process data in countries where we or our providers operate, including India, the United States, Canada, the European Union, and other regions. Where required, we use appropriate contractual, technical, and organisational safeguards for international transfers.
Depending on where you live, you may have additional privacy rights. These rights add to the rest of this Policy.
You may have rights to access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and to lodge a complaint with your local data-protection authority. Where AI output includes inaccurate personal data about you, you may contact us to request review, correction, or deletion where technically and legally possible.
Depending on your state, you may have rights to know, access, correct, delete, obtain a portable copy, opt out of sale/share/targeted advertising, limit certain sensitive data use, and not be discriminated against for exercising rights. Culicy does not sell personal data and does not share sensitive cooking, allergy, or chat data for advertising.
You may have the right to access and correct personal information, withdraw consent, request information about processing and disclosures, and complain to the Office of the Privacy Commissioner of Canada or applicable provincial authority.
As a Data Principal under the DPDP Act, you may request access to a summary of processing, correction, completion, updating, erasure, grievance redressal, and nomination. Contact privacy@culicy.com. India treats anyone under 18 as a child for DPDP purposes and requires verifiable parental or guardian consent where applicable.
If you are in Brazil, Australia, or another country with privacy laws, you have the rights granted by your local law, including access, correction, deletion, and complaint rights. Contact privacy@culicy.com to exercise your rights.
· Global minimum: you must be at least 13 years old to use Culicy.
· EEA/UK/Switzerland: where your country sets a higher digital-consent age, that age applies.
· India: users under 18 require verifiable parental or guardian consent where required by the DPDP Act.
· We do not knowingly collect personal data from children below the applicable age without the required consent.
· We do not knowingly serve targeted advertising to minors or use minors’ sensitive data for behavioural advertising.
If you are a parent or guardian and believe a child has used Culicy without required consent, contact privacy@culicy.com and we will take appropriate steps, including deletion where required.
· In-app deletion: Open Culicy > Settings > Delete Account to request immediate account deletion from the app.
· Web deletion request: visit https://culicy.com/delete-account for account and data deletion instructions.
· Email request: contact privacy@culicy.com from your registered email address with your name, account email, and request.
· Conversation and content control: delete chats, saved recipes, pantry items, community content, or account data where the app provides controls.
· Notifications: manage push notifications in the app or device settings.
· Marketing: unsubscribe from optional marketing communications using the unsubscribe link or by contacting us.
· Advertising controls: manage personalised ads through Android privacy/ad settings where applicable.
We may verify your identity before fulfilling privacy requests. We aim to respond within 30 days or the period required by applicable law.
We may update this Privacy Policy as Culicy evolves, new features launch, providers change, or privacy laws change. For material changes, we will provide in-app notice and/or email notice where appropriate. Continued use after the effective date means you accept the updated Policy. Previous versions are available on request.
· Culicy AI Innovations (Sole Proprietorship)
· Privacy, Legal & Grievance Officer: privacy@culicy.com
· Support: support@culicy.com
· Website: https://culicy.com
· Account deletion page: https://culicy.com/delete-account
For users in India, privacy@culicy.com also serves as the Grievance Officer contact for privacy and data-protection requests. We aim to respond to privacy requests within 30 days.
Privacy Policy · Version 1.0.0 · Effective 22 May 2026