Privacy Policy – CliqChef – Your Passport to Flavor, Health & Discovery

CLIQCHEF – Privacy Policy

Effective Date: [25/11/2025]

This Privacy Policy explains how CliqChef (“we”, “us”, “our”) collects, uses, shares, and protects personal information when individuals (“you”, “users”) use the CliqChef mobile application, website, or related services (“Services”). We are committed to handling your information responsibly, transparently, and in accordance with the UK GDPR, EU GDPR, the Data Protection Act 2018, and applicable platform rules.

Information We Collect

We collect information to operate the Services effectively and provide a personalised experience. We only collect data that is relevant and necessary for app functionality and security.

1.1 Personal Information You Provide

We may collect information you provide directly, including:

Name
Email address
Password or authentication data
Profile details you choose to enter
Saved recipes, notes, and dietary preferences
Food choices, allergen information, and nutritional selections
Communication content when you contact support

1.2 Health, Nutrition, and Wellness Data

If you connect CliqChef to Apple HealthKit or Google Health Connect, we may access certain health-related data only with your explicit consent, such as:

Food allergies
Dietary restrictions
Calorie and macronutrient data
Other nutrition metrics you permit

This data is classified as Special Category Data, requiring enhanced protection.

1.3 Automatically Collected Data

When using the Services, we may automatically collect:

Device and operating system details
IP address (used temporarily for security)
Crash reports
Diagnostic data
App usage information
Interaction patterns (e.g., menus opened, recipes viewed)

1.4 Cookies and Tracking Technologies

We use essential cookies for:

App functionality
Secure login operations
Performance and diagnostics

We do not use cookies for advertising or cross-site tracking.

1.5 Payment Information

Payment details for subscriptions are processed securely by Apple or Google.

We do not store or have access to your payment card information.

How We Use Your Information

We use your personal data to provide, improve, secure, and personalise the Services.

This includes:

Creating and managing your account
Delivering personalised recipe recommendations
Adjusting suggestions based on allergies or nutritional preferences
Responding to support inquiries
Improving app performance, stability, and experience
Preventing fraud, abuse, and unauthorised access
Complying with legal obligations
Communicating service updates, where appropriate

We do not use your personal or health data for advertising, profiling, or resale.

Legal Basis for Processing

We process personal information under the following lawful bases:

Contractual necessity

Account creation
Basic app usage
Providing core Services

Explicit consent

Apple HealthKit and Google Health Connect data
Optional personalised nutrition features

Legitimate interests

App improvement
Security and fraud prevention
Service optimisation

Legal obligations

Compliance with applicable laws
Responding to regulatory authorities

You may withdraw consent at any time through in-app settings or device permissions.

Apple HealthKit & Google Health Connect Compliance

CliqChef complies fully with Apple and Google health-data rules.

We only access health data with your approval and use it solely to provide personalised features.

We do not:

Use health data for advertising
Sell health data
Share health data with third parties
Store unnecessary health information
Use health data to build behavioural profiles

You maintain control:

You may revoke access at any time using device settings
Revoking access immediately stops all related data processing

How We Share Information

We share personal information only where necessary, and never for advertising or resale.

We may share data with:

Hosting providers
Infrastructure and analytics partners
Security and fraud-prevention services
Customer support tools
Professional advisors (legal, accounting)
Authorities as required by law

All third parties operate under strict confidentiality and GDPR-compliant processing agreements.

Aggregated, Anonymised & De-Identified Data

We may create aggregated or anonymised data that cannot identify you.

This information may be used for:

Product development
Market insights
Statistical reporting
Research initiatives
Industry trend analysis
Strategic partnerships

This data contains no identifiable personal information and does not require additional consent.

If future features require processing identifiable data for new purposes, we will request explicit permission before doing so.

Data Retention

We retain personal data only as long as required for the purposes outlined in this Privacy Policy.

Account data is kept while your account remains active
Health data access is terminated immediately when permissions are withdrawn
Deleted accounts are permanently removed within 30 days
Backups are securely removed on regulated schedules

Your Rights Under GDPR

You have the following rights:

Right to access your data
Right to rectify incorrect data
Right to delete your data
Right to restrict processing
Right to object to certain processing
Right to data portability
Right to withdraw consent
Right to lodge a complaint with the ICO

Requests can be submitted at any time, and we will respond within 30 days.

Children’s Privacy

The Services are intended for users aged 16 and over. We do not knowingly collect data from children under 16. We will delete any such data if discovered.

International Data Transfers

When we transfer data outside the UK/EU, we implement approved safeguards, including:

Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum
Equivalent protective measures

All transfers meet GDPR requirements.

Security Measures

We use industry-standard security techniques to protect your data, including:

Encryption of data at rest and in transit
Secure cloud infrastructure
Access restrictions
Data minimisation
Regular security reviews and audits
Privacy-by-design practices

While we take robust measures, no system can guarantee absolute security.

Your Responsibilities

You are responsible for:

Keeping your login details confidential
Ensuring the security of your devices
Using the Services in accordance with applicable laws
Updating personal information when required

Health Data (Apple HealthKit, Clinical Health Records & Android Health Connect)

CliqChef provides optional features that integrate with Apple HealthKit, Clinical Health Records, and Android Health Connect to deliver personalized recipe and nutrition suggestions. This section explains what health information we access, how we use it, how it is stored, and how users maintain control.

13.1. Optional Use of Health Data

CliqChef may request permission to read certain health-related information from:

iOS (Apple HealthKit & Clinical Health Records):

Clinical health records (e.g., allergies, conditions, lab values)
Nutrition and dietary information
Dietary restrictions related to health conditions

Android (Health Connect):

Nutrition data
Allergies, conditions, or dietary restrictions available through Health Connect

Granting access is 100% optional.
The main app functionality remains available even if all permissions are declined.

13.2. Purpose of Collecting Health Data

We use health data only for the following purposes:

To generate personalized recipe recommendations
To tailor dietary suggestions to support user preferences or dietary restrictions

We never use this data for:

Advertising
Marketing
User tracking or profiling
Analytics unrelated to the requested personalization
Selling or sharing with third parties

Health data is used strictly and exclusively for the user-requested personalization feature.

13.3. When Health Data Is Uploaded

If the user enables Health permissions:

Health data is uploaded only at the moment the user requests personalized recipe suggestions.
Uploads occur one time per request, not continuously.
There is no automatic syncing, no background uploading, and no scheduled data transfers.

If the user does not enable health permissions, no data is accessed or uploaded.

13.4. Storage & Security (AWS)

All uploaded health data:

Is transmitted securely using industry-standard encrypted communication (HTTPS/TLS)
Is stored on Amazon Web Services (AWS) servers, using:
- Encrypted storage
- Secure access control
- Strict data isolation policies

Health data is accessible only to the CliqChef backend systems used to generate personalized recipe results.

We do not:

Share health data with advertisers
Sell health data to any party
Provide health data to analytics or third-party partners

13.5. User Control & Revoking Permissions

Users have full control over their health data access at all times:

iOS Users (Apple Health)

Open the Apple Health app
Go to Sources → CliqChef
Toggle off individual categories or disable access entirely

Android Users (Health Connect)

Open the Health Connect app
Go to App Permissions → CliqChef
Disable individual data types or revoke all permissions

When permissions are revoked:

CliqChef immediately stops accessing all health data
No further uploads occur
Personalized recipe features are deactivated until permissions are re-enabled

13.6. Compliance

CliqChef’s health data practices are fully compliant with:

Apple App Store Review Guidelines (including HealthKit & Clinical Records rules)
Google Play’s Health Connect data requirements
Applicable privacy and data protection standards
HIPAA is not applicable unless explicitly stated, but we maintain strong security practices

We strictly limit the use of health data to the purposes described above.

Updates to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated clearly.

Continued use of the Services indicates acceptance of the updated policy.

Contact Information

For questions, privacy requests, or concerns, contact:

CliqChef – Data Protection Lead

Email: contact@cliqchef.ai