Privacy Policy - justcook

                Our Commitment: justcook is committed to protecting your privacy. We believe in transparency about how we collect, use, and protect your information. This policy explains our practices in clear, simple language.
            

0. Notice at Collection (California)
1. Overview
2. Chrome Extension Permissions
3. Information We Collect
4. How We Use Your Information
5. Third-Party Services
6. Data Storage & Security
7. Your Rights
8. Cookies & Local Storage
9. Children's Privacy
10. Changes to This Policy
11. Contact Us

0. Notice at Collection (California)

We collect the categories of personal information listed below for the purposes described. We do not sell or share personal information for cross-context behavioral advertising. We retain each category for the periods shown (or apply the stated criteria). You may learn more throughout this policy and exercise your rights in Settings → Privacy or by emailing jack.jaxbit@gmail.com. We honor opt-out preference signals where applicable (e.g., Global Privacy Control).

Category (CPRA)	Examples We Collect	Purpose	Disclosed to	Retention
Identifiers	Email	Account creation, authentication, support	Supabase (auth/db), email provider	Life of account + 30 days (backups)
Internet / Electronic Activity	Feature usage, extraction method (JSON-LD vs AI), error logs	Service operation, analytics, quality	Supabase (logs)	90 days (aggregated thereafter)
Commercial Information	Subscription status (Premium)	Billing, account tiering	Stripe	As required for accounting/tax (up to 7 years)
User Content	Saved recipes, folders/tags, source URLs	Save/sync recipes across devices	Supabase	Until you delete; then purged within 30 days (backups roll off in 30 days)
Sensitive (Credentials)	Hashed password	Authentication	Supabase	Life of account + 30 days

If our practices change, we will update this notice and the Chrome Web Store privacy disclosures before collecting new categories or using data for materially different purposes.

1. Overview

justcook is a Chrome extension that helps you save, organize, and manage recipes from any website. This Privacy Policy describes how we handle your information when you use our extension and services.

We operate on three tiers of service:

Guest Mode: Limited functionality with no account required
Free Account: Full basic features with cloud sync
Premium Account: Unlimited AI-powered recipe extraction

2. Chrome Extension Permissions

Our Chrome extension uses a privacy-first approach with minimal permissions. We only access your current tab when you explicitly click our extension button. Here's exactly what we request and why:

2.1 Required Permissions

activeTab: Allows us to read the content of the current webpage when you click the extension button to extract recipe data. We only access the page you're actively viewing.
scripting: Enables us to run our content script on recipe websites to detect and extract structured recipe data (JSON-LD format) or analyze page content for AI extraction.
storage: Lets us save your recipes locally in Chrome's secure storage system for offline access and sync your data across devices when you're signed in.
tabs: Allows us to detect when you're on a recipe website and update our extension icon accordingly. We do not read or store tab URLs or titles except when you invoke the extension, and we don't access other tabs or your browsing history.

2.2 Privacy-First Design

No Host Permissions: We use Chrome's activeTab permission instead of broad host permissions, meaning we can only access the current tab when you explicitly click our extension button.
On-Demand Access: We never access any webpage content unless you actively click our extension to extract a recipe.
No Background Monitoring: Our extension does not run in the background or monitor your browsing activity.

2.3 What We Don't Access

We don't monitor your browsing history or track websites you visit.
We don't access page content unless you actively use our extension.
We don't read or modify content on pages other than recipe extraction.
We don't inject advertisements or tracking scripts.

3. Information We Collect

3.1 Information You Provide

Account Information: Email address and password when you create an account.
Recipe Data: Recipes you save, including titles, ingredients, instructions, prep time, cook time, and servings.
Organization Data: Custom folders and tags you create.
Source Information: URLs of websites where you save recipes from.

3.2 Information Collected Automatically

Usage Data: Features you use, extraction methods (JSON-LD vs AI), number of recipes saved.
Guest Tokens: Anonymous identifiers for guest users to track usage limits.
Extraction Metrics: Success/failure rates of recipe extraction (anonymized).

3.3 Information We Don't Collect

Browsing history outside of recipe extraction.
Personal information beyond what's needed for account creation.
Payment information (handled directly by Stripe).

Data Type	Guest Mode	Free Account	Premium Account
Email Address	❌ Not collected	✅ Required	✅ Required
Recipe Data	✅ Local only	✅ Synced to cloud	✅ Synced to cloud
Usage Analytics	✅ Anonymous	✅ Linked to account	✅ Linked to account
Payment Info	❌ Not collected	❌ Not collected	✅ Via Stripe

4. How We Use Your Information

4.1 Primary Uses

Service Delivery: Extract, save, and sync your recipes across devices.
Account Management: Authenticate you and manage your subscription.
Feature Improvement: Understand which websites work well for extraction.
Customer Support: Respond to your questions and resolve issues.

4.2 AI Processing

When structured recipe data isn't available on a webpage, you can choose to use AI extraction. If enabled, we send only relevant page text (no account or payment data) to our processor to transform content into recipe fields. According to the processor’s documentation, inputs/outputs may be retained in abuse-monitoring logs for up to 30 days, and are not used to train their models. You can turn off AI extraction anytime in Settings → Privacy.

4.3 What We Don't Do

Sell or share your personal information for advertising.
Share your recipes with other users without permission.
Use your recipes to train AI models.
Send promotional emails without consent.

5. Third-Party Services

We use trusted third-party services to provide our features. Each service has been selected for their strong privacy practices.

5.1 Supabase (Database & Authentication)

Purpose: Store your account data and recipes securely in the cloud.
Data Shared: Email, encrypted password, recipe data.
Location: All data is processed and stored in the United States.
Security: Postgres Row-Level Security and fine-grained storage policies ensure only you can access your data.
Supabase Privacy Policy

5.2 OpenAI (AI Recipe Extraction)

Purpose: Extract recipe information from unstructured webpage content.
Data Shared: Relevant webpage text content only (no account or payment data).
Retention: Inputs/outputs may be retained up to 30 days for abuse monitoring (per vendor documentation); not used for training.
Opt-out: Disable AI extraction in Settings → Privacy or use the “Save Recipe” button for JSON-LD extraction only.
OpenAI Privacy Policy

5.3 Stripe (Payment Processing)

Purpose: Process premium subscription payments.
Data Shared: We never see your payment information.
Security: PCI DSS Level 1 certified.
Direct Relationship: Payment data is between you and Stripe.
Stripe Privacy Policy

5.4 Subprocessors & International Transfers

We may transfer personal data to processors in the United States. Where applicable, we rely on the EU-U.S. Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses to safeguard transfers. Our current processors are listed above (Supabase, OpenAI, Stripe). We will update this list if we add or replace processors.

6. Data Storage & Security

6.1 Where We Store Data

Local Storage: Chrome browser storage on your device for offline access.
Cloud Storage: Supabase cloud infrastructure (all data processed and stored in the United States).
Sync Queue: Temporary storage for syncing when you're offline.

6.2 Security Measures

Encryption: Data encrypted in transit (TLS) and at rest.
Authentication: Secure password hashing using bcrypt with per-user salts.
Access Control: Principle of least privilege, Postgres Row-Level Security, and storage policies.
Secrets: API keys stored on server side; never exposed to the client.
Maintenance: Regular dependency updates and security patches.

6.3 Data Retention

Active Accounts: Data retained while account is active.
Deleted Accounts: Data removed within 30 days of account deletion; backups roll off after 30 days.
Guest Data: Local data persists until you clear browser data or uninstall the extension.
Usage & Error Logs: 90 days (then aggregated/anonymized).
Payment Records: Up to 7 years to meet tax and accounting obligations.

6.4 Security Incidents

If we learn of a security incident that affects your information, we will notify you and applicable regulators as required by law and take steps to mitigate harm.

7. Your Rights

                You have control over your data. We respect your rights under GDPR, CCPA/CPRA, and other privacy laws.
            

7.1 Your Privacy Rights

Access: Request a copy of your personal data.
Correction: Update or correct inaccurate information.
Deletion: Delete your account and data.
Portability: Request a copy of your data in a portable format.
Objection/Opt-out: Opt-out of certain processing (e.g., analytics).
Restriction: Ask us to limit how we use your data.

7.2 How to Exercise Your Rights

You can exercise most rights directly in the extension:

Data Requests: Email us to request a copy of your data or other privacy rights.
Update Info: Edit recipes and account settings anytime.
Delete Account: Use the in-app Delete feature or email us to permanently delete your account. This removes your recipes, folders, sync data, and account information from our systems within 30 days (plus backup cycle).

7.3 California & Other U.S. State Rights

California residents (and residents of certain other U.S. states) may request access, correction, deletion, and information about our data practices. We will respond to verified requests within the timelines required by law (generally within 45 days). We do not sell or share personal information for cross-context behavioral advertising. We honor opt-out preference signals where applicable (e.g., Global Privacy Control).

7.4 European Economic Area & UK (GDPR)

Controller: Jaxbit LLC (address below).
Purposes & Legal Bases:
- Account & sync → Contract (Art. 6(1)(b)).
- Usage analytics (non-essential) → Legitimate interests (Art. 6(1)(f)); you can opt-out.
- Optional AI extraction → Consent (Art. 6(1)(a)); you can withdraw at any time.
Recipients/Processors: Supabase (hosting/auth), OpenAI (AI processing), Stripe (payments).
International Transfers: Where applicable, protected by the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses (2021/914).
Retention: See Section 6.3 and the Notice at Collection table.
Rights: Access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent; you may also lodge a complaint with your local supervisory authority.

7.5 Appeals (CO/VA and similar laws)

If we deny your request, you may appeal by replying to our decision or emailing jack.jaxbit@gmail.com with “Privacy Appeal” in the subject. We will respond within 45–60 days with our decision and information on how to contact your Attorney General if you disagree.

8. Cookies & Local Storage

8.1 Chrome Extension Storage

We use Chrome's built-in storage APIs to:

Store your recipes locally for offline access.
Maintain your authentication session.
Remember your preferences (theme, settings).
Track guest usage limits.

8.2 Website Cookies

If you visit our website or documentation:

Essential cookies for site functionality.
No tracking or advertising cookies.
Session cookies that expire when you close your browser.

8.3 Managing Storage

You can clear extension data through:

Chrome Settings → Privacy and Security → Clear browsing data.
Extension settings → Sign out (clears authenticated data).
Uninstalling the extension (removes all local data).

9. Children's Privacy

justcook is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal data, we will delete it promptly. If you are a parent or guardian and believe your child has provided personal information, please contact us immediately.

We do not sell or share personal information; if we ever offered teen accounts, we would obtain opt-in consent for any sale/share as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

The "Last Updated" date at the top will be revised.
For significant changes, we'll notify users via the extension.
Continued use after changes constitutes acceptance.
You can always access the latest version at this URL.

11. Contact Us

Have Questions or Concerns?

We're here to help and address any privacy concerns you may have.

Email: jack.jaxbit@gmail.com

Response Time: Within 48 hours

For Privacy Requests:

Data access requests
Account deletion
Data portability requests
Privacy concerns

Mailing Address:
Jaxbit LLC
3177 Benton St
Wheat Ridge, CO 80214
United States

                Quick Privacy Summary
                ✅ We never sell or share your data for advertising
✅ Your recipes are private to you
✅ You can delete your data anytime or request a copy
✅ Data encrypted in transit and at rest
✅ Third-party services are carefully selected
✅ You can use the extension without an account

            

justcook Privacy Policy

Table of Contents