Legal

Privacy Policy

Last updated: March 2026  ·  Effective date: March 2026
Operated by Richard Alderson, Elara Studios, registered in the United Kingdom.

AIP Kitchen ("we", "us", "our") explains how we collect, use, store, and protect your personal data when you use the AIP Kitchen mobile application and website (aipkitchen.co.uk).

By using AIP Kitchen, you confirm you have read and understood how we handle your data. If you do not agree, please do not use the app.

1. Who We Are and How to Contact Us

Data Controller: Yalini Isweran, Elara Studios

Email: privacy@aipkitchen.co.uk

Website: https://www.aipkitchen.co.uk

For all privacy-related requests, including data access, correction, or deletion, please contact us at privacy@aipkitchen.co.uk. We will respond within 30 days.

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash — we never store your plain-text password)
  • Date account was created
  • Whether you have consented to our Terms, Privacy Policy, and health data collection

2.2 Usage Data

We record limited usage information to manage free-tier limits:

  • Number of AI recipe creations used (lifetime allowance of 5 for free users)
  • Date of account creation and last active date

This data is used only to enforce the free-tier limit and is not used for advertising or profiling.

2.3 Health and Wellness Data

AIP Kitchen allows you to log health-related information. This is classified as special category data under UK GDPR and we collect it only with your explicit consent. This includes:

  • AIP protocol phase (Elimination, Reintroduction, Maintenance)
  • Symptom logs (energy, digestion, skin, sleep, brain fog, joints — rated 1–5)
  • Meal logs (what you ate and when)
  • Reintroduction test results (foods tested, tolerated or reacted)

We do not share this data with any third parties. It is used only to power the features you use within the app.

2.4 Recipe and Pantry Data

  • Saved recipes (from the curated library and AI-generated)
  • Pantry items and shopping list contents

2.5 AI Recipe Creation

When you use the recipe creation tool, we send the following to Anthropic's Claude API:

  • Your current AIP phase
  • A list of pantry ingredients you have added
  • Your text description of what you want to cook

We do not send your name, email address, symptom data, or any other personally identifying information to Anthropic. Prompts are processed in accordance with Anthropic's data processing terms.

2.6 Technical Data

We automatically collect limited technical data to keep the app functioning:

  • Device type and operating system version
  • App version
  • Crash reports and error logs
  • Authentication tokens (stored securely on your device)

3. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Deliver the core features of the app (recipe library, phase tracker, symptom log, shopping list, reintroduction tracker, meal planning)
  • Track your use of the free AI recipe creation allowance (5 lifetime uses)
  • Generate personalised AIP-compliant recipes via AI
  • Show you trends in your symptom and meal history
  • Send important service communications (e.g. account security, policy changes)
  • Maintain the security and integrity of the app
No advertising use No data sales No AI training from health data

4. Legal Basis for Processing

  • Contract: Account data and usage tracking are processed to fulfil our agreement with you to provide the AIP Kitchen service.
  • Explicit consent: Health and wellness data (symptom logs, reintroduction results) is processed only on the basis of your explicit, freely given consent, obtained at onboarding. You may withdraw consent at any time by deleting your account.
  • Legitimate interests: Technical and crash data is processed to maintain app security and performance, where this does not override your rights.

5. Where Your Data Is Stored

Your data is stored on Supabase infrastructure located in the European Union (Frankfurt, Germany). This means your data is processed within the EU and benefits from GDPR protections.

If you are based outside the EU (including the US, Canada, Australia, or New Zealand), your data will be transferred to and stored in the EU. This transfer is made in accordance with UK GDPR and applicable international data transfer rules.

6. How Long We Keep Your Data

  • Account and profile data: Retained for as long as your account is active.
  • Health and wellness data: Retained for as long as your account is active. Deleted immediately upon account deletion.
  • AI recipe creation counter: Retained as part of your account record for as long as your account is active.
  • Technical/crash logs: Retained for up to 90 days.
  • Billing records: Retained for 7 years as required by UK tax law (managed by Apple App Store / RevenueCat).

7. Your Rights

All users (UK GDPR / GDPR)

  • Right to access: Request a copy of the data we hold about you.
  • Right to rectification: Ask us to correct inaccurate data.
  • Right to erasure ("right to be forgotten"): Delete your account and all associated data at any time via Profile → Privacy → Delete Account.
  • Right to restriction: Ask us to pause processing of your data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent for health data processing at any time. This will not affect the lawfulness of processing before withdrawal.

US users (CCPA — California)

California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

Canadian users (PIPEDA)

Canadian users have the right to access their personal information and to challenge its accuracy. Requests may be made to privacy@aipkitchen.co.uk.

Australian users (Privacy Act 1988)

Australian users have the right to access and correct their personal information under the Australian Privacy Principles. Contact privacy@aipkitchen.co.uk to exercise these rights.

To exercise any of these rights, please contact us at privacy@aipkitchen.co.uk. We will respond within 30 days.

8. Data Security

  • All data is encrypted in transit (TLS) and at rest
  • Row-level security is enforced on all database tables — users can only access their own data
  • Authentication is managed via Supabase Auth with JWT tokens
  • Biometric authentication (Face ID / Touch ID) is available as an additional security layer
  • We do not store payment card details — all billing is handled by Apple App Store and RevenueCat

9. Third-Party Services

10. Children's Privacy

AIP Kitchen is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at privacy@aipkitchen.co.uk and we will delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the app or by email before the changes take effect. The "Last updated" date at the top of this document will always reflect the most recent version.

Continued use of the app after changes are notified constitutes acceptance of the updated policy.

12. Complaints

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your local data protection authority
  • Australia: Office of the Australian Information Commissioner — oaic.gov.au
  • Canada: Office of the Privacy Commissioner — priv.gc.ca

We would always appreciate the opportunity to resolve concerns directly before you contact a regulator. Please email us first at privacy@aipkitchen.co.uk.

AIP Kitchen is a recipe and tracking tool, not a medical service. This policy was last reviewed in March 2026. You should seek independent legal advice before relying on these documents for compliance purposes.