Privacy Policy
Last updated: June 28, 2026
This Privacy Policy describes how Zestly® ("Zestly", "we", "us", or "our") collects, uses, shares, and protects information when you use the Zestly mobile app, website at zestlyapp.com, and related services (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information you provide
- Account information: email address, password (stored only as a salted hash), display name, and username.
- Profile information: optional bio, profile photo, cover photo, dietary restrictions and preferences, pantry ingredients, cooking devices, and your public chef profile (if you choose to publish one).
- Phone number: if you choose to verify your phone to enter challenges, vote, or redeem rewards. We use it for verification and anti-fraud purposes.
- Shipping address: if you redeem physical rewards.
- Content you create: recipes, cooking photos and videos, challenge entries and descriptions, likes, votes, comments, and feedback you submit.
- Payment information: when you subscribe, payments are processed by Apple (in‑app purchases on iOS) or Stripe (on the web). We do not collect or store your full payment card numbers. We receive subscription status, tier, and identifiers (e.g., a Stripe customer ID or an Apple original transaction ID) needed to manage your subscription.
- Communications: messages you send to support and survey/feedback responses.
1.2 Information collected automatically
- Usage data: features used, recipes generated and saved, ingredients entered, cooking logs, challenges joined and entries submitted, votes cast, points earned and spent, levels, and rewards redeemed.
- Device and technical data: device type and model, operating system and app version, IP address, language, and diagnostic, performance, and crash data.
- Push notification tokens: if you enable notifications.
- Cookies and similar technologies (website): our website uses cookies and similar technologies for authentication, preferences, security, and (where permitted) analytics. You can control cookies through your browser settings.
- Integrity and anti‑fraud signals: to protect challenges, voting, points, and reward redemptions, we may process signals such as account age, activity patterns, device/IP information, and verification status to detect and prevent fraud and abuse.
2. How We Use Information
- Provide, operate, maintain, and improve the Service, including AI‑powered recipe generation, recipe suggestions, and ingredient/flavor relationships.
- Moderate user‑submitted media and content for safety, including automated (AI) content checks and verification of cooking photos.
- Create and manage your account, subscription, points, levels, challenges, and rewards.
- Enable social and community features, including public chef profiles, community recipes, challenges, and voting that you choose to participate in.
- Send transactional messages (e.g., password resets, subscription and challenge notifications) and, where permitted, push notifications and updates.
- Maintain the integrity of the Service, enforce our Terms, prevent fraud and abuse, and apply security controls (e.g., verification, velocity limits).
- Understand usage and measure and improve performance (analytics).
- Comply with legal obligations and respond to lawful requests.
3. How We Share Information
We do not sell your personal information. We share information with service providers ("processors") that process it on our behalf, and only as needed to operate the Service:
- Cloudinary — image and video hosting, optimization, and delivery.
- AI providers (e.g., OpenAI, Google Gemini, Groq, and image/video generation providers such as FAL.ai and Runway) — to generate recipes and media and to moderate content. Inputs are processed to return results; we do not authorize these providers to use your content to publicly identify you.
- Apple and Stripe — subscription billing, payment processing, and receipt/subscription validation.
- Brevo — transactional email delivery.
- Analytics and crash‑reporting providers — to understand usage and diagnose problems.
- Hosting and infrastructure providers — to run our databases and servers.
We may also disclose information: (a) to comply with law, legal process, or lawful government requests; (b) to protect the rights, property, safety, and security of Zestly, our users, or the public; (c) to detect, prevent, or address fraud, abuse, or technical issues; and (d) in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
Content you make public — such as a published chef profile, community recipes, challenge entries, and votes — is visible to other users and may be indexed by search engines. Please do not include sensitive information in public content.
4. Your Choices and Rights
- Access and update: view and edit your profile and preferences in the app.
- Account deletion: you can delete your account at any time from Settings → Danger Zone. Deletion removes your profile and anonymizes your account; certain records may be retained as required by law, for security, or for fraud prevention. User‑generated content you posted publicly may persist in anonymized form.
- Notifications: manage push notifications in your device settings and email preferences via the unsubscribe link or your account.
- Regional rights: depending on where you live (for example, the EEA/UK under GDPR, or California under the CCPA/CPRA), you may have rights to access, correct, delete, or port your personal data, to opt out of certain processing, and to not be discriminated against for exercising your rights. We do not sell personal information or use it for cross‑context behavioral advertising. To exercise any right, contact us at the address below; we may need to verify your identity.
5. Data Retention
We retain information for as long as your account is active and as needed to provide the Service, comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. When no longer needed, we delete or anonymize it.
6. Security
We use industry‑standard measures to protect information, including encryption in transit, hashed passwords, access controls, and anti‑fraud safeguards. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Children's Privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
8. International Users
We are based in the United States and may process and store information in the United States and other countries. Where required, we use appropriate safeguards for international transfers. By using the Service, you understand your information may be processed in countries with different data‑protection laws than your own.
9. Third‑Party Links
The Service may link to third‑party websites or services that we do not control. Their privacy practices are governed by their own policies; please review them.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted here with an updated "Last updated" date and, where appropriate, additional notice.
11. Contact Us
Questions about this Policy or your data? Email [email protected].