Cookslate is operated by FMR Digital LLC ("we," "us," "our"). This Privacy Policy applies to our hosted services at cookslate.app, including home.cookslate.app and demo.cookslate.app (the "Service").
If you self-host Cookslate on your own infrastructure, this policy does not apply — you are the data controller for your own instance.
When you create an account, we collect your username, email address, and password (stored as a salted hash).
Recipes, images, grocery lists, meal plans, cook history, collections, and any other content you create or import into the Service.
If you purchase a Pro license, payment is processed by Stripe. We do not store your credit card number. Stripe provides us with a transaction ID, plan type, and billing email. See Stripe's Privacy Policy.
We do not use analytics, tracking pixels, or third-party advertising services. We collect minimal server logs (IP address, request timestamp, user agent) necessary for security and abuse prevention.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Your data is stored on servers we operate. We use encryption in transit (TLS), salted password hashing, session-based authentication with HttpOnly cookies, CSRF protection, and account lockout policies to safeguard your information.
No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
We retain your account data and content for as long as your account is active. If you delete your account, we will delete your personal data from active systems within 30 days. Residual copies in encrypted backups will be overwritten in the normal backup rotation cycle, not to exceed 90 days. Retention beyond these periods occurs only where required by law or for legitimate business purposes (e.g., fraud prevention).
You may:
To exercise these rights, contact us at frank.robinson@cookslate.app.
Under the California Consumer Privacy Act (CCPA), California residents have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of personal information; (c) opt out of the sale of personal information — we do not sell your personal information; (d) non-discrimination for exercising privacy rights. To exercise these rights, contact us at frank.robinson@cookslate.app.
If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with your local data protection authority. Our lawful basis for processing is contract performance (providing the Service) and legitimate interest (security and abuse prevention).
We use a single session cookie for authentication. We do not use tracking cookies, third-party cookies, or cookie-based advertising.
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
Cookslate is available as open-source software that you can self-host. When you run Cookslate on your own infrastructure, FMR Digital LLC has no access to your data and this Privacy Policy does not apply. You are solely responsible for the data on your self-hosted instance.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice within the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
FMR Digital LLC
Email: frank.robinson@cookslate.app