Privacy Policy

Last updated: May 12, 2026

Dansk

This privacy policy explains what information just cook collects about you when you use the app or visit just-cook.dk, why we collect it, and how you stay in control of it.

1. Data controller

just cook is run as a private project. You can reach the data controller at emilbejstrup@gmail.com if you have questions about this policy or want to exercise any of your rights below.

2. What we collect

When you use just cook, we collect the following:

  • If you create an account with email: your name, email address, and password. The password is stored encrypted and we cannot read it ourselves.
  • If you sign in with Google or Apple: your name, your email address, and the unique user ID that Google or Apple sends us. We never receive your password with them.
  • If you use the app as a guest: an anonymous account with no personal information attached. You can upgrade to a real account later without losing your data.
  • Content you add yourself: recipes you create, items on your shopping lists, your meal plans, your favorites, and shopping lists you share with others.
  • Technical information: when your device contacts the server, the IP address, timestamp, and requested URL are written to short-lived server log files. We use this only for operations, debugging, and security. We do not store IP addresses in the database.

3. What we do not collect

  • We do not ask for your location (GPS).
  • We do not read your contacts, calendar, or photos.
  • We do not use advertising identifiers.
  • We use no third-party analytics tools like Google Analytics, Mixpanel, or Facebook Pixel.
  • We do not track you across other apps or websites.

4. Why we process your information

We process your information on the following legal bases:

  • To deliver the app itself (contract, per GDPR Art. 6(1)(b)): so we can store your recipes and shopping lists and sync them across your devices. The same basis covers sign-in, whether you choose email, Google, or Apple, because you need to be signed in to use the service.
  • For operations and debugging (legitimate interest, per Art. 6(1)(f)): the server writes short-lived log files that include IP addresses so we can find and fix problems. We do not use these logs to profile users or for marketing.

5. Who we share information with

We never sell or rent your data. We share it only with the following processors, and only to the extent needed for the app to work:

  • Google and Apple, if you choose to sign in via their services. They are independent data controllers for their sign-in flow. We receive your name, email, and a unique user ID from them.
  • Fly.io, our hosting provider. The server runs in Stockholm, Sweden (EU/EEA).
  • PostgreSQL database, running with the same provider in the same region.

We have no advertising partners and do not pass information on for marketing.

6. When you share a shopping list

If you send a share link to someone else, they can see the contents of that one list and check items off. They cannot see your other lists, recipes, meal plans, or any other account information. You can revoke the link or remove a partner at any time from the share menu.

7. How long we keep your information

  • Account data, your recipes, shopping lists, meal plans, and favorites: as long as your account exists.
  • Server logs containing IP addresses and technical data: briefly, only for as long as needed for operations and debugging.
  • When you delete your account (directly in the app under Settings), we remove all associated data within 30 days. Backups containing older data roll out of rotation within 30 days after that.

8. Your rights

Under GDPR, you have the following rights:

  • Find out what information we hold about you (right of access).
  • Have inaccurate information corrected.
  • Have your account and all associated data deleted. You can do this directly in the app under Settings, or write to us at the contact address below.
  • Receive a copy of your data in a machine-readable format.
  • Object to or restrict processing of your information.
  • Withdraw your consent, where processing is based on that ground.

Write to emilbejstrup@gmail.com to exercise any of these rights. We respond within 30 days. If you believe we are mishandling your data, you can lodge a complaint with the Danish Data Protection Agency, Datatilsynet.

9. Cookies on just-cook.dk

The website uses only strictly necessary cookies. No tracking, no analytics:

  • A session cookie when signing in to the admin area (admins only).
  • A cookie that remembers your light or dark theme preference.

10. Security

  • Passwords are stored encrypted. We cannot read them ourselves.
  • Your login token is stored securely on your device via the iOS Keychain or Android Keystore.
  • All communication between the app and the server runs over HTTPS.

11. Children

just cook is not intended for children under 13. We do not knowingly collect data from children. If you are a parent or guardian and believe your child has provided us with personal information, contact us and we will remove it.

12. Changes to this policy

If we change the policy, we update the date at the top. We notify you in the app before any major change takes effect.

13. Contact

Questions or requests: emilbejstrup@gmail.com.