iCook Ltd Privacy Policy

We collect personal data about you when you interact with the Services. This may be:

- Provided directly by you (e.g. account setup, preferences, messages)

- Collected automatically from your device or in-app activity

- Obtained from third-party platforms (e.g., App Store, social login, marketing partners)

‍a) Data you provide directly:

- Name or username

- Email address

- Dietary preferences or nutrition goals

- Account credentials (hashed passwords)

- Payment details (processed by Apple, Google, Stripe, or PayPal)

- Feedback or support messages

‍b) Data collected automatically:

‍When you access or use the Services, we may automatically collect the following information:

- Device ID, IP address, operating system and platform version

- Device type, screen size, language, time zone, and region

- Network details (e.g. carrier, country)

- In-app activity (e.g., search terms, meal planner usage, chatbot queries, favourites)

This data is collected via SDKs including Firebase, Apphud, Amplitude, and (with consent) Facebook SDK or ad partners.

‍

Depending on which features of the Services you use, we will process your personal data based on one or more of the following legal bases:

1. Contact performance

When you subscribe, create an account, or use our core features like meal plans and shopping lists

2. Consent

When you enable personalised ads, connect third-party accounts, or opt into email updates

3. Legitimate interest

Improving app performance, measuring feature usage, fraud prevention

4. Legal obligation

Complying with UK tax and accounting laws for transactions

You can withdraw consent at any time by updating your app settings or emailing info@icook.health .

‍

We do not store personal data on our own servers. Instead, all data is securely hosted by our partners (e.g. Firebase, AWS), using encrypted infrastructure and restricted access. Regulated data is collected in accordance with legally binding privacy statements and applicable laws on data protection or financial services.

Importantly:

We do not use personal data for tracking or user profiling

All analytics data is either anonymised or pseudonymised

We use the data strictly to improve your experience and app functionality

Sharing data with your consent

With your consent, we may share some of your non-health personal data (e.g. device type, install source, in-app actions) with selected partners for:

- Marketing attribution

- App performance measurement

- User acquisition campaigns

We do not share or sell health-related data or personally identifiable nutrition records

4.1. Health and sensitive data

While iCook does not collect clinical medical records, some information (e.g., allergies, food exclusions) may be inferred as health data under UK GDPR. This data is collected with your knowledge and processed only to personalise your experience. It is never sold or used for profiling or automated decisions.

‍

We work with carefully selected third-party providers to deliver essential services. All of them act as data processors under legally binding agreements and in full compliance with the UK GDPR. Here's a transparent breakdown of who handles your data and why:

a) Cloud Infrastructure
‍
Amazon Web Services (AWS)
‍
- Purpose: Secure cloud hosting and encrypted storage of metadata and user IDs
- Data processed: Encrypted metadata, account identifiers
- Region: UK/EU
- Privacy Policy: https://aws.amazon.com/en/privacy/

b) Payments and Subscription Management

Apple

- Purpose: Processing in-app subscriptions on iOS
- Data processed: Device ID, payment token, country information
- Privacy Policy: https://www.apple.com/legal/privacy

‍Google (Google Play)

- Purpose: Managing subscriptions, account linkage for Android users
- Data processed: Device ID, payment data, transaction metadata
- Privacy Policy: https://policies.google.com/privacy
‍
‍c) Analytics

Amplitude

- Purpose: Measuring engagement, feature usage, and performance
- Data processed: Pseudonymised session activity, regional data, in-app events
- Privacy Policy: https://amplitude.com/privacy

‍Firebase (Google)

- Purpose: Crash reporting, push notifications, and usage analytics
- Data processed: Device ID, app version, crash logs
- Privacy Policy: https://firebase.google.com/support/privacy

d) Marketing and Attribution

Facebook SDK (Meta)

- Purpose: Attribution and performance measurement for marketing campaigns (with user consent)
- Data processed: Device ID, install source, campaign identifiers
- Privacy Policy: https://www.facebook.com/privacy/policy

Google Ads

- Purpose: Attribution tracking and ad performance analytics
- Data processed: Advertising ID, store metadata
- Privacy Policy: https://policies.google.com/technologies/ads

Apphud

- Purpose: Subscription analytics, A/B testing of paywalls
- Data processed: Subscription ID, paywall views, purchase-related actions
- Privacy Policy: https://docs.apphud.com/privacy

‍

We retain your data only as long as necessary:

1) Active account data - As long as your account remains open

2) Inactive user data - Anonymised after 3 years

3) Deleted accounts - Fully removed within 90 days (including backups)

4) Transactional/payment data - 6 years (for legal and tax purposes)

You can request deletion at any time via the app or by emailing info@icook.health.

‍

Under UK GDPR, you have the right to:

- Access the personal data we hold

- Rectify incorrect or incomplete data

- Erase your data (“right to be forgotten”)

- Restrict or object to processing

- Withdraw consent (where applicable)

- Port your data to another provider

To exercise your rights, please contact: info@icook.health

‍

The iCook platform uses AI-powered tools (a chatbot) to provide convenience, education, and personalisation. These tools rely on large-language models and natural language processing.

- AI-generated content may occasionally include errors, outdated information, or “hallucinations”
- Chatbot answers are for general information only and must not be treated as medical, dietary, or professional advice
- Outputs are not guaranteed to be accurate, relevant, or complete for your circumstances

You agree not to extract, retrain, reproduce, or commercialise any AI-generated content from iCook.

‍

We implement multiple layers of protection, including:

- Industry-standard encryption (at rest and in transit)
- Secure data centre partners (AWS, Google Cloud)
- Strict internal access controls and audit logging
- Regular third-party security reviews and SDK compliance

,Note: No digital system is 100% immune to risk. We recommend that you use device-level protections (e.g. PIN, Face ID) to secure your information.

‍

Our Services are designed for users aged 4 and older, in accordance with platform age ratings.We do not knowingly collect personal data from children under the age of 13 without verified parental consent, and we do not use data to target underage users.
‍
If you believe a child under 13 has provided personal data, please contact us, and we will remove the data promptly.
‍
‍

We may update this Privacy Policy periodically to reflect changes in our Services, legal requirements, or data practices. If changes are material, we will notify users via:

- An in-app notification
- An update to the effective date above
- Email (where appropriate)

We encourage you to review this Policy regularly.

‍

For questions, data access, or complaints:

Email: info@icook.health
Post: iCook Ltd, 9th Floor, 107 Cheapside, London EC2V 6DN, UK

You may also contact the Information Commissioner’s Office (ICO): www.ico.org.uk

‍