Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for this service is atech (Sole proprietorship / Entreprise individuelle), SIRET 931 848 618 00019, based in Vannes, France.
Contact: atech.contact@proton.me

2. Our Commitment

Cookfolio is committed to protecting your privacy. We apply the principle of data minimization: we only collect data that is strictly necessary to provide the service.

3. Data Collected and Legal Basis

We collect the following data:

  • Email address — account authentication — Contract — Until account deletion
  • Display name — service personalization — Contract — Until account deletion
  • Recipes and photos — service functionality — Contract — Until account deletion
  • Stripe customer ID — subscription management — Contract — Until account deletion
  • Crash reports (iOS/Android) — service stability — Legitimate interest — Anonymous
  • Website visit statistics — service improvement — Legitimate interest — Aggregated, no personal data

We do not store payment card details. All payment data is processed and stored exclusively by Stripe. Legal basis "Contract": contract performance (Art. 6(1)(b) GDPR). Legal basis "Legitimate interest": service improvement and stability (Art. 6(1)(f) GDPR).

4. Hosting and Sub-processors

Your data is processed by the following sub-processors:

  • Google — EU region — Cloud infrastructure, authentication, storage
  • Stripe, Inc. — EU processing — Payment and subscription management
  • Hetzner Online GmbH (Germany) — Web hosting
  • Resend — Transactional email delivery
  • A third-party artificial intelligence service is used for recipe import. No personal data is transmitted, only the content of the imported file.
  • An aggregated analytics service is used for website statistics. No personal data is collected.

In the event of data transfers outside the EU/EEA, appropriate safeguards apply (Standard Contractual Clauses).

5. Data Retention

Data is retained as long as the account is active. Inactive accounts are deleted after 9 months (see Terms of Use). After account deletion, data is erased within 30 days.

6. Cookies

Cookfolio only uses technical cookies necessary for the service to function (session, authentication). No advertising or tracking cookies are used.

7. Technical Data and Diagnostics

To ensure stability and improve the quality of the service, Cookfolio collects technical data:

  • Crash reports (iOS/Android) via a Google service. Data collected: error traces, device model, operating system version, app version. A technical identifier is used to group reports.
  • Website visit statistics via a privacy-friendly analytics service. Data collected: pages visited, referrer, country (based on IP address, which is not stored). No cookies are set.

Legal basis: legitimate interest (Article 6.1.f GDPR) — service improvement and bug fixing.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (EU 2016/679), you have the following rights:

  • Right of access (Art. 15) — you can export your data from your account settings
  • Right to rectification (Art. 16) — correct your data from your account
  • Right to erasure (Art. 17) — delete your account and all associated data from settings
  • Right to data portability (Art. 20) — export your data in a structured format (JSON) from settings
  • Right to restriction of processing (Art. 18) and right to object (Art. 21)
  • To exercise rights not available as self-service, use the contact details provided in section 1. We will respond within one month.

Most of these rights can be exercised directly from your account (export, deletion, rectification).

If you believe your rights have not been respected, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French supervisory authority.

9. Policy Updates

This policy may be updated. The date of the last update is indicated at the top of this page. We encourage you to review it periodically.