Coddle Privacy Policy
Effective date: July 11, 2026
Coddle is operated by Keon Lee and Eddi Xie ("Coddle," "we," "us"), operating from Vancouver, British Columbia, Canada. This policy explains what we collect, why, and what we never do with it. We've kept it short on purpose — there are no ads, no data sales, and no tracking for marketing anywhere in Coddle, so there isn't much fine print to hide.
Questions? Email support@coddle.app.
1. What we collect
| Data | Why we collect it |
|---|---|
| Email address and password | To create and secure your account. Your password is transmitted securely to Firebase Authentication, which hashes and stores it — we never see it. |
| Profile preferences — dietary restrictions, cooking skill level, time preference, cuisine preferences, kitchen equipment | To personalize the recipes we generate for you. |
| Kitchen inventory — ingredient names, quantities, and categories | To run your kitchen inventory and match recipes to what you have. |
| Grocery photos you scan | Processed in real time to recognize the groceries in the photo. We never store the photo — only the ingredient names you confirm are saved to your inventory. See Section 3 for how photos are processed. |
| Recipes generated for you | Saved to your account so they appear in your Cookbook and history. |
| Ratings, written feedback, and cooking activity (e.g. time spent, steps completed) | To track your cooking history, streaks, and improve your recommendations. |
| Search queries in Browse | To show recent searches and improve discovery. |
| Standard crash and diagnostic data | Platform-default telemetry (Expo / your device OS) that helps us fix crashes. It is not used for advertising. |
We do not collect your contacts, location, or precise device identifiers, and we never ask for payment information — Coddle is free and has no in-app purchases.
2. How we use your data
We use your data to do exactly one job: generate recipes that fit your kitchen and preferences, and keep your cooking history in one place. That means personalizing recipe generation, maintaining your inventory and Cookbook, and tracking streaks and milestones.
We do not sell, rent, or trade your personal information. We do not use your data for advertising. There are no ads in Coddle.
3. AI processing — what we send, and what we never send
Coddle generates recipes using Claude, an AI model provided by Anthropic. When you generate recipes, we send Anthropic only what the AI needs to cook:
- Your dietary restrictions, skill level, time preference, and cuisine preferences
- The names of ingredients you selected (not your full inventory, and not quantities)
- Meal type, servings, and any excluded ingredients
- If you regenerate, the names and ratings of the recipes you passed on, so you get different options
We never send Anthropic anything that identifies you: no name, no email address, no user ID, no exact inventory quantities, and none of your written feedback.
Grocery scanning works the same way: the photo is sent to Anthropic's vision API for recognition. We never store the photo — it is processed in memory and discarded on our side. The photo is handled by Anthropic under its commercial terms, which prohibit using API inputs to train its models by default; Anthropic may retain API data for a limited period for safety and abuse monitoring (anthropic.com/legal/commercial-terms).
4. Who we share data with
We share data with the following service providers, each for one purpose:
| Provider | What they receive | Purpose |
|---|---|---|
| Anthropic (Claude API) | The recipe-generation fields listed in Section 3; scanned photos during processing | AI recipe generation and grocery recognition |
| Firebase (Google) | Email address and password (which Firebase hashes and stores — we never see it); authentication tokens | Account creation and sign-in |
| Render (hosting) | The account data stored in our database — profile preferences, inventory, recipes, ratings, activity | Hosting our backend and database |
| Expo | Standard crash and diagnostic telemetry | App stability |
Each provider is bound by its own privacy commitments (Anthropic: anthropic.com/privacy; Firebase: firebase.google.com/support/privacy; Expo: expo.dev/privacy). We share nothing with ad networks, data brokers, or analytics companies.
5. Data retention
- Your account data is kept while your account is active.
- Scanned grocery photos are never stored by us — they exist on our systems only for the seconds it takes to recognize your groceries.
- When you delete your account (Section 6), your data is removed from our active systems promptly. Copies may persist for a limited period in our hosting provider's routine backups before being deleted or overwritten in the ordinary course of backup rotation.
6. Your rights — access, correction, and deletion
You can view and edit your profile, inventory, and Cookbook in the app at any time.
You can delete your account directly in the app: Profile → Delete Account. This permanently deletes your account and your data — profile, inventory, recipes, ratings, and history — from our database and from Firebase Authentication. It cannot be undone.
You can also email support@coddle.app to exercise any privacy right available to you under applicable law — such as access, correction, deletion, or portability — and we will respond as that law requires.
7. Consumer health data (Washington and similar laws)
Some information you give Coddle — your dietary restrictions and food preferences — may be considered "consumer health data" under laws like the Washington My Health My Data Act. So, plainly:
- What we collect: the dietary restrictions and dietary/cuisine preferences you enter in your profile.
- Why: for exactly one purpose — generating and personalizing the recipes you ask for. This is collection necessary to provide the service you requested.
- Who can see it: it is shared with Anthropic during recipe generation (Section 3) and stored with our hosting provider (Section 4). We do not sell consumer health data and we do not use it for advertising.
- Your rights: you can access, change, or delete this data at any time by editing your profile or deleting your account in the app (Section 6), or by emailing support@coddle.app. You may also withdraw consent for its collection by removing it from your profile.
8. Where your data lives (international users)
Coddle is operated from Canada, and our service providers (Section 4) process data on servers in Canada and the United States. If you use Coddle from outside those countries — for example from Europe or Australia — your information will be transferred to and processed in Canada and the United States, where privacy laws may differ from those of your country. By using Coddle you acknowledge this cross-border processing. Wherever you live, the same commitments in this policy apply, and you can exercise the rights in Section 6 at any time.
9. Children's privacy
Coddle is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, email support@coddle.app and we will delete it.
10. Security
All data is encrypted in transit (HTTPS everywhere). Passwords are hashed by Firebase Authentication and never stored by us. We restrict credentialed access to production systems to the two operators. No method of transmission or storage is 100% secure, but we design for the minimum data necessary — the less we collect, the less there is to protect. If a data breach affects your information, we will notify you and the appropriate regulators as required by applicable law.
11. Changes to this policy
If we change this policy, we will update the effective date above and, for material changes, provide reasonable advance notice — such as a notice in the app, an email to your registered address, or a notice on our website — before the change takes effect. We will never retroactively weaken protections on data you already gave us without asking you first.
12. Contact
Coddle is operated by Keon Lee and Eddi Xie, based in Vancouver, British Columbia, Canada.
