Privacy Policy

Last Updated: April 10, 2026

Rasa ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Platform").

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password. If you use Google Sign-In, we receive your name, email, and profile photo from Google.

Profile Preferences: During onboarding, you may provide your cooking intent, skill level, and dietary preferences. This data is used solely to personalize your experience.

Usage Data: We collect information about how you interact with the Platform, including pages visited, recipes viewed, AI Chef queries, and feature usage.

Payment Information: Payment processing is handled entirely by Stripe. We never store your credit card number, CVV, or full card details. We receive only a Stripe customer ID and subscription status.

2. How We Use Your Information

• To provide, maintain, and improve the Platform
• To personalize your recipe recommendations and AI Chef responses
• To process subscriptions and manage your account
• To communicate with you about updates, security alerts, and support
• To enforce our Terms of Service and prevent abuse
• To comply with legal obligations

3. Data Storage & Security

Your data is stored on Google Firebase (Firestore) and Supabase infrastructure, both of which maintain SOC 2 Type II compliance. Data is encrypted in transit (TLS 1.2+) and at rest.

We implement industry-standard security measures including:

• Server-side authentication and authorization checks
• Field-level Firestore security rules preventing unauthorized writes
• Rate limiting on API endpoints
• Input sanitization to prevent injection attacks
• Secrets stored in Firebase Secret Manager (never in client code)

4. AI Chef & Data Processing

When you use AI Chef, your messages are sent to our server, which forwards them to Google's Gemini API for processing. We do not use your conversations to train AI models. Conversation history is kept only for your current session and is not permanently stored.

5. Third-Party Services

We use the following third-party services:

• Google Firebase — Authentication, database, hosting
• Supabase — Recipe and ingredient data
• Stripe — Payment processing
• Google Gemini — AI Chef natural language processing

Each service has its own privacy policy. We recommend reviewing them.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your data in a portable format
• Withdraw consent for data processing

To exercise any of these rights, contact us at privacy@rasacooking.com.

8. Children's Privacy

The Little Rasas feature is designed for children to use with parental supervision. We do not knowingly collect personal information from children under 13 without parental consent. The Family plan requires an adult account holder.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@rasacooking.com.