AI CHEF PRIVACY POLICY Last updated: February 23, 2026 This Privacy Policy explains how personal data is collected, used, shared, and protected when you use the AI Chef mobile application and related services (the "App" and "Services"). If you do not agree with this Privacy Policy, please do not use the App. 1) Who We Are (Controller) and Contact Controller: Maksim Panaskin (independent developer) Contact: - Name: Maksim Panaskin - Email: excludiumgc@gmail.com Privacy requests: - Email: excludiumgc@gmail.com - Subject line: Privacy Request 2) Scope This Privacy Policy applies to: - AI Chef mobile app (iOS and Android) and related services; - Customer support communications. It does not apply to third-party services accessed through the App (for example Apple App Store, Google Play, ad networks, analytics providers). Those services are governed by their own privacy policies. 3) Personal Data We Collect Depending on features used, we may collect the following categories. A. Data you provide directly - Account data: email address, login identifiers, optional profile details. - Household/profile data: meal preferences, dislikes, planning settings. - Dietary restrictions and allergy data that you provide. - Pantry, ingredients, shopping list, saved plans, and related planning content. - AI inputs and feedback: prompts, preferences, ratings, feedback. - Support communications: messages and details you send to support. Important: The App is not intended to collect medical records. However, allergy and diet information may be treated as health-related data in some jurisdictions. B. Data collected automatically - Device/app data: device model, OS version, app version, language, timezone. - Identifiers: IP address and, where applicable, resettable advertising identifiers (for example Android Advertising ID / IDFA when allowed). - Usage data: screens viewed, feature usage, taps, session duration. - Diagnostic data: crashes, error logs, performance events. - Approximate location derived from IP for fraud/security/localization. C. Payments and subscriptions Purchases are processed by Apple App Store or Google Play. We generally receive only limited subscription/billing metadata needed for entitlement checks, such as: - subscription status, - product identifier, - transaction/purchase identifiers. We do not receive full payment card details. D. Advertising and rewarded ads (if enabled) If ads are enabled, ad partners may process ad interactions, device identifiers, approximate IP-based location, and diagnostics for ad delivery, measurement, and fraud prevention. E. Data from optional third-party integrations If integrations are available and enabled, we may receive data permitted by your settings and the third-party service. 4) How We Use Personal Data We process personal data to: - provide and operate the Services; - generate menus/recipes/shopping lists from your inputs; - personalize outputs to your preferences and constraints; - provide account and customer support; - maintain security and prevent abuse/fraud; - monitor reliability and improve product quality; - comply with legal obligations and enforce Terms. 5) Legal Bases (EEA/UK and Similar Regimes) Where required by law, we rely on: - Contract necessity (providing requested Services); - Consent (where legally required, for example specific tracking or marketing cases); - Legitimate interests (service security, analytics, abuse prevention, reliability); - Legal obligation (compliance with applicable laws and requests). 6) How We Share Personal Data We may share data with: - infrastructure and service providers (hosting, storage, analytics, diagnostics, support tools); - AI providers used to generate requested outputs; - advertising partners (if ads are enabled); - platform providers (Apple/Google) for subscription workflows; - competent authorities where required by law; - counterparties in merger/acquisition/asset transfer scenarios with lawful safeguards. We do not sell personal data in the ordinary sense. Some jurisdictions define "sale"/"sharing" broadly; where applicable, users may exercise opt-out rights under local law. 7) Advertising, Tracking, and Your Choices If personalized advertising or tracking is used, permissions and controls depend on device/platform settings. You may be able to: - manage or reset advertising identifiers; - control iOS tracking permission; - use in-app privacy choices (if present); - unsubscribe from marketing communications. 8) International Transfers Data may be processed in countries outside your residence country. Where required, appropriate safeguards are used under applicable law. 9) Data Retention Data is retained only as long as needed for the purposes above, including service operation, legal compliance, dispute handling, and security. Typical examples: - account/planning data: while account is active, then deletion/anonymization upon valid deletion request; - diagnostics/logs: generally limited retention windows; - legal/accounting records: retained where required by law. Backup copies may persist for a limited period before overwrite. 10) Security Reasonable administrative, technical, and organizational safeguards are applied (for example access controls, encrypted transport where applicable, least-privilege principles). No system can guarantee absolute security. 11) Your Rights Depending on your jurisdiction, you may have rights to: - access, - correction, - deletion, - portability, - restriction/object, - withdraw consent (where processing is consent-based). To submit a request, email: excludiumgc@gmail.com with subject "Privacy Request". Identity verification may be required before completing certain requests. 12) Account Deletion You can request account deletion in two ways: - In-app: Profile -> Delete Account - Outside the app (public URL): /api/legal/account-deletion (hosted on the same domain as API, for example https://your-domain.com/api/legal/account-deletion) - By email: excludiumgc@gmail.com (subject: Account Deletion Request) Upon valid deletion request, personal data is deleted or anonymized, except data that must be retained for legal, fraud-prevention, or security reasons. 13) Children's Privacy The Services are intended for adults and not directed to children. If you believe a child has provided personal data, contact excludiumgc@gmail.com for review and deletion actions. 14) Changes to This Privacy Policy This Privacy Policy may be updated. The "Last updated" date indicates the latest revision. Where required by law, additional notice will be provided. 15) Contact For privacy questions or requests: - Maksim Panaskin - excludiumgc@gmail.com --- Legal notice: this document is a practical product template and not legal advice. For final launch in multiple jurisdictions, independent review by a licensed attorney is recommended.