Privacy Policy
Last updated: 17 April 2026
CrustBot is a small, independent AI meal-planner. We only collect the data needed to make the service work and we don't sell it, share it for advertising, or use it to train AI models.
What we collect
- Account identity. If you sign in with Google, we receive your email address, display name, and profile picture URL from Google. If you sign in with a one-time email code, we only receive your email address.
- Meal-planning profile. The family members, ages, preferences, dietary tags, cravings, equipment, city, and store you enter inside the app. You choose what to put in — we store it as you type it.
- Generated menus and shopping lists. Menus the AI produces for you, your ratings (liked/disliked dishes), and the current shopping list.
- Menu history. Up to 20 most recent menus, kept so you can reopen past weeks.
- Daily usage count. A per-day counter to enforce a free-tier limit (5 AI generations per day).
- Anonymous usage events. Small records of which buttons you interact with (e.g. "family added", "menu generated") with no personal content — just the event name, your user ID, and optional context like the chosen period or a generic error code. We use this to see where the UX breaks down. No third-party analytics SDK is involved; events are stored in our own Cloudflare D1 and pruned after 30 days.
- Technical minimum. Standard access logs (IP address, user agent, request path) kept briefly by Cloudflare for abuse prevention. We do not run third-party trackers, tracking pixels, or advertising scripts.
What we do with it
- Build a prompt and send it to Google Gemini so the AI can tailor a menu to your family. The prompt includes the profile fields above; it does not include your email, name, or picture.
- Save your profile and menu history on Cloudflare D1 so you see the same state across devices.
- Keep you signed in via a session cookie.
Third parties
- Google — OAuth sign-in and Gemini AI generation. Google's terms and privacy policy apply to what they do with the data they receive.
- Cloudflare — hosting, edge network, D1 database. All traffic passes through and is stored on Cloudflare infrastructure.
- Resend (or equivalent email provider) — delivers one-time sign-in codes when you use email login.
We don't use advertising networks, third-party trackers, or hosted analytics providers. Usage events (see above) are logged to our own database only.
Cookies and local storage
- Session cookie (
session) — signed HMAC token that keeps you logged in. HttpOnly, SameSite=Lax, Secure. - Local storage — theme preference, chosen language, current settings tab, and (for signed-out users) a local draft of your profile so the app works offline.
Retention and deletion
Your profile and menus stay until you delete them. The Reset all button at the bottom of the app wipes your menu history, current menu, shopping list, and ratings immediately. To delete your account entirely (including email and profile), email [email protected] and we'll remove everything within 14 days.
Your rights
If you're in the EU, UK, or a jurisdiction with similar rules, you have the right to access, correct, export, or delete the data we hold about you. Write to [email protected] and we'll respond within 30 days.
Children
CrustBot is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you're a parent and you believe your child created an account, email us and we'll delete it.
Changes to this policy
We'll update the "Last updated" date above whenever this page changes. Material changes will be communicated in the app.
Contact
Questions, deletion requests, or anything else: [email protected].