Privacy Policy
1. Introduction
Quokkit ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App") and related services.
Data Controller: Timo Reichelt (Sole Trader), trading as Quokkit
Address: 49 Rainbow Cave Rd, 6285 Margaret River, Western Australia, Australia
Email: quokkit.timo@gmail.com
Privacy Policy URL: https://www.quokkit.com/privacy-policy
By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the App.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Email address, name, and profile information (provided via Apple Sign-In or Google Sign-In)
- Recipe Data: Recipes you create, save, import, or generate
- AI Interactions: All prompts, questions, feedback, ingredients, preferences, and conversations with AI features
- Preferences and Settings: Dietary preferences, cooking preferences, and app settings
- Support Communications: Information you provide when contacting us for support
- Feedback: Any feedback, suggestions, or reviews you submit
2.2 Information Collected Automatically
- Device Information: Device type, model, operating system version, unique device identifiers (IDFA, IDFV, Android ID), screen resolution, and hardware specifications
- Usage Data: Features used, time spent in the App, interactions, recipes viewed or generated, session duration, and navigation patterns
- Log Data: IP address, access times, app crashes, error logs, and performance data
- Location Data: General location (country/region) based on IP address only — we do NOT collect precise GPS location
- Network Information: Connection type (WiFi, cellular), carrier information
2.3 Information from Third Parties
- Authentication Providers: Apple and Google provide basic profile information (name, email) when you sign in
- Payment Processors: Apple App Store and Google Play Store process payments — we do NOT receive or store payment card details
- Subscription Management: RevenueCat provides subscription status, purchase history, and transaction identifiers
- Analytics Providers: Firebase provides aggregated analytics and crash reporting data
2.4 Sensitive Information
We do NOT intentionally collect sensitive personal information such as:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic or biometric data
- Health information (except dietary preferences you voluntarily provide)
- Sexual orientation
If you voluntarily provide health-related information (e.g., "I have diabetes, suggest recipes"), this information is used solely to generate relevant recipes and is not used for any other purpose.
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Providing Services
- Generate AI-powered recipes based on your inputs
- Save and manage your personal recipe collection
- Process and fulfill your requests
- Maintain and improve your account
3.2 Processing Subscriptions
- Manage premium subscriptions
- Process payments (through App Stores)
- Send receipts and subscription notifications
- Verify subscription status
3.3 Improving Services
- Analyze usage patterns to improve features
- Fix bugs and troubleshoot issues
- Develop new features
- Conduct internal research and analytics
3.4 Communications
- Send service-related notifications (e.g., subscription expiry)
- Respond to support requests
- Provide customer service
- Send important updates about the App or Terms
3.5 Security and Legal Compliance
- Detect and prevent fraud, abuse, and security threats
- Enforce our Terms of Service
- Comply with legal obligations
- Respond to legal requests and prevent harm
3.6 AI Training and Improvement
- We may use anonymized and aggregated data to improve our AI systems
- We do NOT use your personal information or identifiable recipe data to train AI models
- Your specific prompts and recipes are NOT shared with third parties for AI training
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds:
| Purpose |
Legal Basis |
| Providing the App services |
Performance of contract |
| Processing subscriptions |
Performance of contract |
| Customer support |
Performance of contract / Legitimate interests |
| Analytics and improvements |
Legitimate interests |
| Security and fraud prevention |
Legitimate interests |
| Legal compliance |
Legal obligation |
| Marketing (if applicable) |
Consent |
Legitimate Interests: Our legitimate interests include operating and improving the App, ensuring security, and preventing fraud. We balance these interests against your rights and only rely on legitimate interests where appropriate.
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with third-party service providers who assist in operating the App. These providers are contractually obligated to protect your data and use it only for the purposes we specify:
Supabase (Database and Authentication)
- Data shared: Account information, recipes, usage data
- Purpose: Core app functionality, data storage
- Location: United States
- Privacy Policy: https://supabase.com/privacy
RevenueCat (Subscription Management)
- Data shared: User ID, subscription status, purchase history
- Purpose: Subscription management and analytics
- Location: United States
- Privacy Policy: https://www.revenuecat.com/privacy
Apple Inc. (Authentication and Payments)
- Data shared: Authentication tokens, payment processing (not visible to us)
- Purpose: Apple Sign-In, App Store payments
- Location: United States
- Privacy Policy: https://www.apple.com/privacy/
Google LLC (Authentication, Analytics, Payments)
- Data shared: Authentication tokens, analytics data, crash reports
- Purpose: Google Sign-In, Firebase Analytics, Play Store payments
- Location: United States
- Privacy Policy: https://policies.google.com/privacy
Vercel (API Hosting)
- Data shared: API requests (ingredients, prompts, generated recipes)
- Purpose: Hosting recipe generation API
- Location: Global edge network (primarily United States)
- Privacy Policy: https://vercel.com/legal/privacy-policy
OpenAI (AI Provider)
- Data shared: Prompts and ingredients for recipe generation
- Purpose: AI-powered recipe generation
- Location: United States
- Privacy Policy: https://openai.com/privacy/
- Note: Your data is NOT used to train OpenAI's models
5.2 We Do NOT Sell Your Data
We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. This applies to all users, including California residents under CCPA.
5.3 Business Transfers
If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any change in ownership or uses of your personal information.
5.4 Legal Requirements
We may disclose information if required by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is necessary to:
- Comply with legal obligations
- Protect and defend our rights or property
- Protect the safety of our users or the public
- Prevent or investigate possible wrongdoing
- Respond to legal process
5.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
6. Data Security
We implement appropriate technical and organizational measures to protect your information:
Technical Measures:
- Encryption of data in transit (HTTPS/TLS 1.2+)
- Encryption of data at rest
- Secure authentication via OAuth (Apple/Google)
- Regular security assessments and vulnerability testing
- Access controls and authentication for internal systems
- Secure API endpoints
Organizational Measures:
- Limited access to personal data on a need-to-know basis
- Regular security training
- Incident response procedures
- Vendor security assessments
Limitations:
No method of transmission or storage is 100% secure. While we strive to protect your data using commercially reasonable measures, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
7. Data Retention
We retain your information for as long as necessary to:
| Data Type |
Retention Period |
| Account information |
Until account deletion + 30 days |
| Recipe data |
Until account deletion + 30 days |
| AI interaction logs |
90 days (then anonymized or deleted) |
| Analytics data |
26 months (anonymized) |
| Crash reports |
90 days |
| Subscription records |
7 years (legal/tax requirements) |
| Support communications |
3 years |
After Account Deletion:
- We will delete or anonymize your personal data within 30 days
- Some data may be retained longer if required by law (e.g., financial records for tax purposes)
- Anonymized/aggregated data may be retained indefinitely for analytics
8. Your Privacy Rights
8.1 Rights for All Users
Regardless of your location, you have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Portability: Receive your data in a portable format
- Opt-out: Opt out of analytics and non-essential data collection
8.2 How to Exercise Your Rights
- Delete Account: Use the "Delete Account" feature in App Settings
- Request Data: Email us at quokkit.timo@gmail.com with subject line "Data Request"
- Other Requests: Email us at quokkit.timo@gmail.com
- Response Time: We will respond within 30 days (or sooner if required by law)
- Verification: We may need to verify your identity before processing requests
8.3 European Privacy Rights (GDPR)
If you are in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
- Right to Lodge a Complaint: Complain to a supervisory authority
EU/UK Representative: As a small business operating from Australia, we have not appointed an EU/UK representative. EU/UK users may contact us directly at quokkit.timo@gmail.com.
Supervisory Authorities:
- UK: Information Commissioner's Office (ico.org.uk)
- EU: Your local data protection authority
8.4 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: Opt out of the sale or sharing of personal information (we do NOT sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
- Right to Limit Use of Sensitive Information: Limit use of sensitive personal information (we do not collect sensitive information as defined by CPRA)
Categories of Personal Information Collected (past 12 months):
- Identifiers (name, email, device ID)
- Internet activity (usage data, interactions)
- Geolocation (general location from IP)
- Inferences (preferences based on usage)
We do NOT:
- Sell personal information
- Share personal information for cross-context behavioral advertising
- Collect sensitive personal information
To Exercise Your Rights: Email quokkit.timo@gmail.com or use in-app settings
8.5 Australian Privacy Rights
If you are in Australia, you have rights under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs):
- Access to your personal information
- Correction of inaccurate information
- Complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
- Request that we not use your information for direct marketing
8.6 Brazilian Privacy Rights (LGPD)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD):
- Confirmation of data processing
- Access to your data
- Correction of incomplete or inaccurate data
- Anonymization, blocking, or deletion of unnecessary data
- Data portability
- Deletion of data processed with consent
- Information about sharing with third parties
- Information about the possibility of denying consent
- Revocation of consent
- Opposition to processing that violates LGPD
To Exercise Your Rights: Email quokkit.timo@gmail.com
8.7 Canadian Privacy Rights (PIPEDA)
If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws:
- Access to your personal information
- Correction of inaccurate information
- Withdrawal of consent (subject to legal or contractual restrictions)
- Complaint to the Office of the Privacy Commissioner of Canada
8.8 New Zealand Privacy Rights
If you are in New Zealand, you have rights under the Privacy Act 2020:
- Access to your personal information
- Correction of inaccurate information
- Complaint to the Office of the Privacy Commissioner
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and Australia. These countries may have different data protection laws than your country.
For EEA/UK/Swiss Users:
When we transfer data outside the EEA/UK/Switzerland, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Other legally recognized transfer mechanisms
For All Users:
By using the App, you consent to the transfer of your information to countries outside your residence, including countries that may not provide the same level of data protection.
10. Children's Privacy
The App is not intended for children under 13 years of age (or the relevant age of digital consent in your jurisdiction).
We do NOT knowingly:
- Collect personal information from children under 13
- Target or market to children
- Allow children to make purchases
If You Are a Parent/Guardian:
If you believe your child has provided us with personal information, please contact us immediately at quokkit.timo@gmail.com. We will take steps to delete such information.
Age Verification:
We rely on age information provided during account creation. We do not independently verify age.
11. Cookies and Tracking Technologies
The App does not use traditional browser cookies. However, we use the following technologies:
Mobile Analytics:
- Firebase Analytics: Collects usage data, device information, and app performance metrics
- You can opt out through your device settings (iOS: Settings > Privacy > Analytics; Android: Settings > Google > Ads)
Device Identifiers:
- We collect device identifiers (IDFA on iOS, Advertising ID on Android) for analytics
- You can reset or limit ad tracking through your device settings
How to Opt Out:
- iOS: Settings > Privacy & Security > Tracking
- Android: Settings > Google > Ads > Opt out of Ads Personalization
12. Do Not Track
Some browsers have a "Do Not Track" (DNT) feature. Because there is no industry standard for DNT, we do not currently respond to DNT signals. However, you can use the opt-out options described in this policy.
13. Third-Party Links and Services
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
14. AI-Specific Privacy Information
14.1 How AI Uses Your Data
When you use our AI features:
- Your inputs (ingredients, prompts, preferences) are sent to our AI provider (OpenAI) to generate recipes
- This data is processed in real-time and not stored by OpenAI for training purposes
- We may store your inputs and generated recipes in our database to provide the service
14.2 AI Data Retention
- AI prompts and responses are logged for 90 days for troubleshooting and abuse prevention
- After 90 days, logs are deleted or anonymized
- Your saved recipes are retained until you delete them or your account
14.3 AI Data Sharing
- We do NOT share your personal AI interactions with third parties for their own purposes
- We do NOT sell AI interaction data
- Anonymized and aggregated data may be used to improve our services
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top
- We will notify you via email (if you have an account) and/or in-app notification
- For significant changes, we will provide at least 30 days' notice before the changes take effect
Your continued use of the App after the effective date of changes constitutes acceptance. If you do not agree, please stop using the App and delete your account.
16. Data Protection Officer
As a small business, we have not appointed a formal Data Protection Officer. For all privacy-related inquiries, please contact:
Privacy Contact: Timo Reichelt
Email: quokkit.timo@gmail.com
Address: 49 Rainbow Cave Rd, 6285 Margaret River, Western Australia, Australia
17. Complaints
17.1 Contact Us First
If you have concerns about our data practices, please contact us first at quokkit.timo@gmail.com. We take all complaints seriously and will work to resolve your concerns.
17.2 Supervisory Authorities
If you are not satisfied with our response, you may lodge a complaint with your local data protection authority:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
- United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
- European Union: Your local data protection authority
- California, USA: California Attorney General — oag.ca.gov
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
- New Zealand: Office of the Privacy Commissioner — privacy.org.nz
18. Specific Service Information
18.1 Apple Sign-In
When you use Apple Sign-In:
- Apple provides us with your name and email (or a private relay email if you choose to hide your email)
- You can choose to hide your email from us
- Apple's privacy policy applies: https://www.apple.com/privacy/
18.2 Google Sign-In
When you use Google Sign-In:
18.3 In-App Purchases
When you make a purchase:
- Payments are processed by Apple App Store or Google Play Store
- We do NOT receive or store your payment card details
- We receive confirmation of purchase, subscription status, and transaction IDs
19. Contact Us
For privacy-related questions, concerns, or to exercise your rights, contact us at:
Quokkit
- Email: quokkit.timo@gmail.com
- Address: 49 Rainbow Cave Rd, 6285 Margaret River, Western Australia, Australia
- Response Time: We aim to respond within 30 days (or sooner if required by law)
20. Summary of Key Points
| Topic |
Summary |
| Data we collect |
Account info, recipes, usage data, device info |
| Why we collect it |
To provide services, process subscriptions, improve the App |
| Data sharing |
Service providers only; we do NOT sell your data |
| Your rights |
Access, correction, deletion, portability, opt-out |
| Data retention |
Until account deletion + 30 days (some exceptions) |
| Security |
Encryption, access controls, regular assessments |
| Children |
Not for users under 13; we don't knowingly collect children's data |
| International transfers |
Data may be transferred to US/Australia with appropriate safeguards |
BY USING QUOKKIT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Last Updated: January 26, 2026