Last updated: June 10, 2026 · Effective: June 10, 2026
CulinaryConductor ("we", "us", "our") is a progressive web app that helps home cooks synchronize multi-course meal timelines. The Service is currently operated as an individual project based in New Jersey, United States. For questions about this Privacy Policy, contact us at diglej@gmail.com.
Account information. When you sign up, we collect your email address, a password hash (we never see your plaintext password), and a display name you choose. Authentication is handled by Google Firebase Authentication.
Profile and preferences. During onboarding you provide your cook speed preference, kitchen inventory (number of burners, ovens, pans, pots, cutting boards), and theme preference. This information personalizes timeline calculations.
Recipe and session data. Recipes you create or import, meal plans you generate, cooking sessions you start, and progress within those sessions are stored in your account so you can resume them across devices.
Imported content. If you use the Magic Import feature, URLs you paste and photos you upload are sent to Google's Gemini API for recipe extraction. We do not retain the original URL contents or photos after extraction.
Payment information. If you subscribe to Pro, payment is processed entirely by Stripe. We never see or store your card details. Stripe provides us with your subscription status and a customer ID; we never receive your card number, CVC, or full card details.
Technical information. Our hosting provider logs basic technical information (IP address, browser type, page accessed, timestamp) for security and debugging. These logs are retained for 30 days.
What we do NOT collect. We do not use third-party advertising trackers, behavioral analytics, location data, contacts, or device identifiers beyond what is technically necessary to deliver the Service.
We use your information only to: provide the core service (timeline synchronization, recipe storage, cooking session tracking); process subscription payments through Stripe; sync your data across devices you sign into; respond to support requests; and detect and prevent fraud, abuse, and security incidents.
We do not sell your personal information. We do not share your personal information with advertisers. We do not use your recipes or cooking data to train AI models.
Two features in our app use third-party artificial intelligence services. We disclose these explicitly so you can make an informed choice about using them.
Magic Import (Pro feature): URLs and photos you submit are sent to Google's Gemini API for recipe extraction. Google processes the content according to their AI processing terms. We do not retain the input after extraction.
Pantry Rescue (Pro feature): The ingredients and equipment list you submit are sent to Google's Gemini API for recipe generation. Google processes the content according to their AI processing terms.
AI content is not authoritative. Recipes generated or extracted by AI may contain errors, including incorrect cooking temperatures, unsafe food handling instructions, missed allergens, or inaccurate measurements. You are responsible for verifying food safety information independently. See our Terms of Service for full liability terms.
We use a small number of essential service providers.
Google Firebase (Authentication, Firestore database, Cloud Functions, Hosting): Stores your account, recipes, sessions, and processes server logic. Data is held in the United States (us-central1 region, Iowa). Google is certified under the EU-US Data Privacy Framework.
Stripe, Inc. (Payments): Processes subscription payments. Stripe holds your card details under their own privacy policy. We receive only your subscription status and customer ID.
Google Gemini API (AI features): Receives the URLs, photos, and ingredient lists you submit to Magic Import and Pantry Rescue.
Vercel, Inc. (or Firebase Hosting, depending on deployment): Hosts the application files and serves them to your browser. Maintains standard request logs.
We do not use third-party analytics, advertising networks, or social media tracking pixels.
Essential session cookies set by Firebase Authentication keep you logged in. These cannot be disabled if you want to use the app.
Local browser storage stores your theme preference and your cookie consent choice. This data never leaves your device.
IndexedDB caches your recent recipes and active sessions locally for offline support. Cached data syncs to our servers when you reconnect.
We do not use advertising cookies or third-party tracking cookies.
We retain your account data for as long as your account is active. If you delete your account through Settings → Delete Account, we delete your user document, all your custom recipes, and all your cooking sessions immediately. Payment records held by Stripe are retained per their policies and applicable tax law (typically 7 years). Server access logs are retained for 30 days then automatically deleted.
Depending on where you live, you may have the following rights regarding your personal information:
Access: Request a copy of the data we hold about you.
Correction: Update inaccurate information through your account settings.
Deletion: Delete your account and all associated data at any time through Settings → Delete Account. Deletion is immediate and permanent.
Portability: Request your data in a machine-readable format by emailing us.
Withdraw consent: Stop using AI features (Magic Import, Pantry Rescue) at any time; the rest of the app continues to work normally.
California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to correct it, to opt out of any sale or sharing (we do not sell or share personal information), and to non-discrimination for exercising these rights.
EU/UK residents (GDPR): You additionally have the right to restrict or object to processing and to lodge a complaint with your local data protection authority.
To exercise any of these rights, email diglej@gmail.com. We will respond within 30 days.
CulinaryConductor is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at diglej@gmail.com and we will delete the data promptly.
We protect your data using industry-standard measures: HTTPS for all data in transit, encryption at rest via Google Cloud, password hashing via Firebase Authentication, and Firestore security rules restricting each user's access to their own data.
In the event of a data breach affecting your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33 and CCPA requirements. We will notify relevant supervisory authorities as required by law.
Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Google Cloud is certified under the EU-US Data Privacy Framework, which provides safeguards for transfers from the EU to the US.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify you by email or in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.
Questions, requests, or complaints can be sent to diglej@gmail.com.