← Back to Cucinovo

Privacy Policy

Version 2.0 · Last updated: 13 May 2026

A Romanian version is available on request at privacy@cucinovo.com.

1. Who we are (data controller)

The data controller for the personal data processed in connection with the Cucinovo service is AIMTECH DIGITAL S.R.L., a Romanian limited liability company, registered with the Romanian Trade Register under no. J2026010898000, sole registration code (CUI) 53983483, share capital 500 RON, with its registered office at Prelungirea Ghencea nr. 45, Bl. C3, Sc. A, Et. parter, Ap. 5, Oraș Bragadiru (Sat Bragadiru), Județul Ilfov, România.

Privacy contact: privacy@cucinovo.com. AIMTech Digital SRL is not required to appoint a Data Protection Officer under Article 37 GDPR; the privacy mailbox is the dedicated channel for all data-protection matters.

When you use Cucinovo as a Business Customer (for example, a restaurant) to process personal data about your team members, suppliers, or third parties, you act as the data controller for that data and we act as your data processor. The terms of that processing are set out in our Data Processing Addendum.

2. What personal data we collect

  • Account data: your name, email address, hashed password, role within an organisation, account status, and (if you set one) a profile image.
  • Organisation data: organisation name, slug, type (household or restaurant), address, city, postal code, country, currency, timezone, branding (logo, colours), and labour hourly rate.
  • Billing data: Stripe customer ID, Stripe subscription ID, plan, billing status, trial dates, period-end dates, and metadata about failed payments. Card details are never seen or stored by Cucinovo; they are handled by Stripe.
  • User content: recipes, ingredients, categories, shopping lists, prep lists, events, suppliers (including supplier email, phone, address, fiscal ID), and any attachments you upload.
  • Authentication data: short-lived JWT access tokens and refresh tokens stored as HTTP-only cookies, password-reset tokens, invitation tokens, and CSRF tokens.
  • Integration data (optional): if you connect Gmail to send emails through your own inbox, we store the OAuth access and refresh tokens for that account, encrypted with AES-256-GCM.
  • Diagnostic and analytics data: IP address, browser type, request logs, error reports captured by Sentry, page views and product events captured by PostHog, feature-flag exposure. Session replay is enabled in Sentry only on errors and with input masking; in PostHog, sensitive inputs (passwords, payment fields) are masked.
  • Communications: emails you exchange with us through privacy@, legal@, or support channels.

We do not knowingly collect special-category data (Art. 9 GDPR). If you upload such data into your recipes or notes (for example, allergens linked to specific people), you are responsible for having a valid basis.

3. Why we use your data and on what legal basis

We process personal data only for the purposes listed below. For each purpose, we identify the lawful basis under Article 6 GDPR:

PurposeData usedLawful basis
Provide the Service: accounts, login, recipes, lists, organisations.Account, organisation, user content, authentication.Performance of a contract (Art. 6(1)(b)).
Billing, invoicing, subscription management.Billing data, organisation data.Contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c), Romanian fiscal law).
Send transactional emails (password reset, invitations, billing).Account and billing data.Contract (Art. 6(1)(b)).
Send lifecycle and onboarding emails (day 1, 3, 7, 14, 30, 60+).Account data, usage signals.Legitimate interests (Art. 6(1)(f)), helping you make the most of the Service. You can opt out at any time via the unsubscribe link or Profile → Notifications.
Security, fraud and abuse prevention.Authentication data, IP, request logs, error reports.Legitimate interests (Art. 6(1)(f)).
Error tracking and performance monitoring (Sentry).Error reports, performance traces, masked session replay on error.Legitimate interests (Art. 6(1)(f)). You may decline diagnostics in cookie preferences.
Product analytics, feature flags, A/B testing (PostHog).Page views, events, masked session recording, feature-flag exposure.Consent (Art. 6(1)(a)), only loaded if you accept analytics cookies.
Comply with legal obligations (tax, accounting, court orders).Billing data, account data as relevant.Legal obligation (Art. 6(1)(c)).
Defend or assert legal claims.As needed.Legitimate interests (Art. 6(1)(f)).

We do not sell, rent, or share your personal data for third-party marketing purposes. We do not make decisions about you based solely on automated processing (Art. 22 GDPR), and we do not use your data for profiling that produces legal effects.

4. Who we share data with

We use the following sub-processors. Each is bound by a written data-processing agreement that includes Article 28 GDPR obligations. We will notify you at least 30 days before adding a new sub-processor that materially affects how your data is processed.

  • MongoDB Atlas (MongoDB, Inc., USA): managed database hosting; data stored in encrypted clusters in the EU. Transfer mechanism: EU Standard Contractual Clauses (Decision 2021/914) plus EU-region residency. Privacy policy.
  • Fly.io (Fly Labs, Inc., USA): application hosting and compute; production workloads run in the EU (Frankfurt). Transfer mechanism: EU SCCs. Privacy policy.
  • Hetzner Online GmbH (Germany): production VM hosting (Helsinki, Finland) for our self-hosted production environment. Privacy policy.
  • Stripe Payments Europe, Ltd. (Ireland; group also in the USA): card payments and subscription billing. Stripe is also an independent controller for fraud and regulatory compliance. We store only your Stripe customer ID and subscription ID. Privacy policy.
  • Resend, Inc. (USA): transactional and lifecycle email delivery. Transfer mechanism: EU SCCs plus, where applicable, the EU-US Data Privacy Framework. Privacy policy.
  • Sentry(Functional Software, Inc., USA): error tracking and performance monitoring. We use Sentry's EU ingest endpoint (.de.sentry.io). Session replay is triggered only on errors, with input masking. Privacy policy.
  • PostHog, Inc. (USA; EU instance used): product analytics, feature flags, masked session recording. We use the EU instance at eu.i.posthog.com. PostHog is loaded only after you accept analytics cookies. Privacy policy.
  • Google LLC (USA): only if you choose to connect your Gmail account through the optional integration. We store encrypted OAuth tokens and use them solely to send emails on your behalf. Privacy policy.

We may also disclose personal data to professional advisers (lawyers, accountants), to a successor in the event of a merger or acquisition (with continuing protections in place), or to public authorities where required by law.

5. International transfers

Some of our sub-processors are based in or process data through countries outside the European Economic Area (notably the United States). For those transfers, we rely on:

  • The European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914);
  • Adequacy decisions where they exist (for example, the EU-US Data Privacy Framework where the sub-processor is self-certified);
  • Supplementary technical measures such as encryption in transit (TLS), encryption at rest, EU regional processing where available, and access controls.

You may request a copy of the SCCs we have in place with any sub-processor by writing to privacy@cucinovo.com.

6. How long we keep your data

  • Active account. While your account is active, we keep your data for as long as needed to provide the Service.
  • After account deletion. When you delete your account from Profile → Delete Account, your personal data and user content are removed immediately from our live systems, subject to the exceptions below.
  • Backups. We operate a rolling backup of the production database. Backups containing personal data are overwritten on a 30-day rotation. Restoration from backup is used only in disaster-recovery scenarios.
  • Fiscal and accounting records. Invoices, payment events, and accounting records are retained for 5 years from the date of issue, as required by Romanian fiscal law (Codul Fiscal, Legea nr. 227/2015) and the Accounting Law (Legea contabilității nr. 82/1991). These records are kept only for that legal purpose and are not used for any other reason. Invoices are issued and retained by our payment processor Stripe; metadata about each invoice (counterparty, number, date, amount, VAT) is also retained in our own systems for the same period.
  • Security logs. Authentication and security event logs are retained for up to 90 days.
  • Diagnostics (Sentry). Error events and performance traces are retained for up to 90 days; session replay clips for up to 30 days.
  • Analytics (PostHog, if you consented). Event data is retained for up to 12 months; aggregated, anonymised metrics may be retained indefinitely.
  • Communications. Emails you exchange with us are retained for up to 3 years from the date of the last interaction, unless a longer period is required to defend legal claims.

7. Your rights under GDPR

Under Regulation (EU) 2016/679 and Legea nr. 190/2018, you have the following rights:

  • Right of access (Art. 15). Get a copy of your data from Profile → Export My Data, or by writing to privacy@cucinovo.com.
  • Right to rectification (Art. 16). Update your name, email and account details at any time from your account settings.
  • Right to erasure (Art. 17). Delete your account from Profile → Delete Account. Some data may be retained where required by law (see Section 6).
  • Right to restriction of processing (Art. 18). Ask us to limit processing while we resolve a dispute about accuracy or lawfulness.
  • Right to data portability (Art. 20). Download a machine-readable JSON export of the data you supplied from Profile → Export My Data.
  • Right to object (Art. 21). Object at any time to processing based on legitimate interests (such as lifecycle emails).
  • Right to withdraw consent (Art. 7(3)). If we rely on consent (analytics cookies, Gmail integration), you can withdraw consent at any time from the cookie preferences modal or by disconnecting the integration. Withdrawal does not affect the lawfulness of processing before the withdrawal.
  • Right to lodge a complaint. You may complain to the Romanian supervisory authority, the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, București, dataprotection.ro, or, if you live elsewhere in the EU, to your national supervisory authority.

We will respond to a rights request within one month (extendable by two months for complex cases, with prior notice).

8. Cookies and similar technologies

Cucinovo uses the following cookies and storage entries. Strictly necessary entries are required for the Service to work and are set without consent (Legea 506/2004 Art. 4(5)). All other entries are loaded only after you opt in through the cookie preferences modal.

NameCategoryPurposeLifetime
sidStrictly necessaryShort-lived authentication token.1 hour
refreshStrictly necessarySilent token renewal (path-restricted).7 days
has-refreshStrictly necessaryClient-readable flag for logout UX.7 days
csrf-tokenStrictly necessaryCSRF protection for state-changing requests.4 hours
cookie-consent (localStorage)Strictly necessaryStores your consent choice per category.Until cleared
ph_* (PostHog)Analytics (consent required)Distinct-id, session-id, feature flags.Up to 12 months
sentry-* (Sentry)Diagnostics (consent required)Session-replay correlation on errors.Session

You can change your choices at any time by clicking Cookie preferences in the website footer.

9. How we protect your data

We apply technical and organisational measures appropriate to the risk, including:

  • TLS encryption in transit and encryption at rest in our managed database;
  • Bcrypt password hashing and short-lived, HTTP-only JWT cookies with SameSite=Lax + Secure;
  • AES-256-GCM encryption of integration secrets (Gmail tokens) with version-tagged keys;
  • CSRF protection on all state-changing requests and a strict Content Security Policy with per-request nonces;
  • Role-based access control inside customer organisations (PLATFORM_ADMIN, MANAGER, CHEF, STAFF, VIEWER);
  • EU-region hosting and segregated production environments;
  • Automated dependency vulnerability scanning and pre-commit secret detection;
  • Restricted internal access to production data on a need-to-know basis.

In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the ANSPDCP within 72 hours of becoming aware of the breach (Art. 33 GDPR) and, where the risk is high, notify you without undue delay (Art. 34 GDPR).

10. Children

The Service is intended for users aged 16 and over (the Romanian digital-consent age under Legea 190/2018 Art. 1(2)). We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data without the consent of a holder of parental responsibility, please contact us at privacy@cucinovo.com and we will delete it.

11. Changes to this policy

We will update this policy from time to time. The date of the latest update appears at the top. For material changes that affect how we use your data, we will email registered users at least 30 days in advance and, where the change requires it, ask for fresh consent. Earlier versions are kept at /legal/privacy-policy/archive.

12. Contact us

For any privacy question or to exercise your rights, please contact:

AIMTECH DIGITAL S.R.L.
Prelungirea Ghencea nr. 45, Bl. C3, Sc. A, Et. parter, Ap. 5, Oraș Bragadiru, Județul Ilfov, România
CUI 53983483 · Reg. Com. J2026010898000 · Capital social 500 RON
Email: privacy@cucinovo.com