Privacy Policy
Last updated: July 13, 2026 • How we collect, use, and protect your data.
1. Who We Are & Data Controller
Cookd (“we”, “us”, or “our”) provides a mobile application and related services for AI-assisted dating conversation support. We are the data controller for personal information collected through the Service. For any privacy-related inquiries, you can reach us at the contact details in Section 15.
2. Information We Collect
We collect and process the following categories of personal information:
- Account Data: Name, email address, and sign-in provider identifiers (e.g., Google ID) when you create an account.
- Usage Data: Settings, feature usage, in-app analytics events, page views, and interaction data collected via PostHog (a third-party analytics platform).
- Content You Submit: Text, images, and screenshots you upload for AI processing. These are processed in real-time and not stored permanently.
- Device & Technical Data: Device type, operating system version, app version, crash diagnostics, and IP address.
- Purchase Data: Subscription status, Lifetime Deal records, and store transaction identifiers (processed via Google Play and PayU).
- Communication Data: If you contact us via email or the contact form, we retain the content of your message and your email address to respond.
3. Lawful Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information under the following lawful bases:
- Contractual Necessity: To provide the Service and fulfill our obligations under our Terms of Service (account creation, AI processing, subscription management).
- Legitimate Interests: To improve the Service, ensure security, prevent abuse, and analyze usage patterns. We balance these interests against your rights and do not process where your interests override ours.
- Consent: For non-essential cookies and analytics tracking where required by applicable law. You may withdraw consent at any time by adjusting your device settings or contacting us.
- Legal Obligation: To comply with applicable laws, regulatory requirements, and legal processes.
4. How We Use Information
We use your information for the following purposes:
- To operate, maintain, and improve the Service and its features.
- To process AI-generated replies based on content you submit.
- To manage your account, process subscriptions and Lifetime Deal purchases, and send transactional communications (e.g., payment confirmations, LTD code delivery).
- To monitor and analyze usage trends via PostHog for product improvement and crash detection.
- To enforce our Terms of Service, prevent fraud and abuse, and protect the rights and safety of our users and the public.
- To comply with legal obligations and respond to lawful requests from authorities.
5. AI Processing & Data Used for Training
When you use our AI features, the content you submit (screenshots, text, conversation context) is processed by our AI models to generate reply suggestions. This processing occurs in real-time. We do not use your submitted content to train or fine-tune our AI models. Uploaded screenshots and conversation data are not stored beyond what is necessary to generate a response and are deleted within 24 hours of processing. AI-generated outputs may not always be accurate or suitable for every context. You are solely responsible for deciding whether and how to use any suggested replies.
6. How We Share Information
We do not sell your personal information. We may share your data with the following categories of third parties:
- Service Providers: Hosting infrastructure (cloud providers), analytics (PostHog), payment processing (Google Play, PayU), crash reporting, and email communications. These providers are contractually bound to process data only on our instructions and to implement appropriate security measures.
- Legal Authorities: When required by applicable law, legal process, or governmental request, or to protect our rights, property, or safety, or that of our users or the public.
- Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on the Service of any change in ownership or uses of your personal information.
7. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:
- Account Data: Retained for the duration of your account plus 90 days after account deletion, after which it is anonymized or deleted.
- Usage & Analytics Data: Retained in aggregated form for 24 months. Individual-level analytics events are retained for 12 months.
- Submitted Content (Screenshots/Images): Deleted within 24 hours of AI processing. Not retained beyond the generation session.
- Purchase Data: Retained for 7 years to comply with tax and accounting obligations.
- Communication Records: Retained for 12 months after the last communication.
- You may request earlier deletion of your data by contacting us (see Section 15).
8. Your Rights (GDPR, CCPA & Others)
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Deletion (“Right to be Forgotten”): Request deletion of your personal data, subject to legal retention obligations.
- Right to Restrict Processing: Request restriction of processing in certain circumstances.
- Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests, including analytics and profiling.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of processing before withdrawal.
- Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising any of your privacy rights.
- To exercise any of these rights, contact us at the email in Section 15. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.
9. Third-Party Analytics (PostHog)
We use PostHog as our analytics platform to understand how users interact with the Service. PostHog collects usage data including page views, feature interactions, and error events. This data is hosted on PostHog’s US-based servers. PostHog acts as a data processor on our behalf. You can view PostHog’s privacy policy at https://posthog.com/privacy. To opt out of analytics tracking, you may use browser-level Do Not Track settings or contact us. Note that opting out may affect our ability to improve the Service based on usage data.
10. Security
We implement reasonable technical and organizational security measures to protect your personal information, including: encryption in transit (TLS 1.3), encryption at rest for stored data, access controls and authentication for production systems, regular security reviews, and incident response procedures. No method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach affecting your personal information within 72 hours of becoming aware of it, where required by applicable law.
11. Children
Cookd is not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction, which may be up to 16 in certain EEA countries). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.
12. International Data Transfers
Your information may be transferred to and processed in countries outside your own, including India (where we are based) and the United States (where our analytics provider PostHog is based). When transferring data from the EEA or UK to countries not deemed adequate by the European Commission, we use appropriate transfer mechanisms (including Standard Contractual Clauses where applicable) to ensure your data receives an equivalent level of protection.
13. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, where required by applicable law (including Article 34 of the GDPR). Notifications will be sent to the email address associated with your account.
14. Changes to This Policy
We may update this Privacy Policy at any time at our sole discretion. Changes take effect immediately upon posting. Material changes will be communicated via email or through a prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically. The “Last updated” date at the top of this page indicates when this policy was last revised.
15. Contact & Privacy Requests
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us. We aim to respond within 48 hours.
- Email: legal@cookdai.site
- Response Time: We will acknowledge your request within 48 hours and resolve it within 30 days.
- For GDPR-related inquiries, please use the subject line “Privacy Request” when emailing us.
- If you are in the EEA or UK and believe your data protection rights have not been respected, you may lodge a complaint with your local supervisory authority.