KukbukKukbuk

Privacy Policy

[LEGAL REVIEW] — This document is a plain-English draft prepared by the Kukbuk team. It must be reviewed by a qualified solicitor before public launch.

Last updated: 14 June 2026

1. Who we are

Kukbuk is a service operated by studystrEAKs Ltd, a company registered in Scotland (company number SC865254, D-U-N-S No. 234235037), with registered office at c/o Smith & Wallace & Co., 1 Simonsburn Rd, Kilmarnock, Scotland, KA1 5LA. studystrEAKs Ltd is the data controller for personal information processed through Kukbuk. For any privacy enquiries, contact us at hello@studystreaks.co.uk.

2. What we collect

  • Account data: name, email address, sign-in credentials.
  • Profile data (sensitive — health-related): allergies, intolerances, dietary patterns, appetite, dislikes. Dietary patterns (e.g. halal, kosher, vegetarian) may indicate religious or philosophical belief.
  • Profiles you create for others, including children in your household — you provide their food information so we can check meals for them. When a household member claims their own profile via an invite link, they take full control of their data and consent preferences from that point on.
  • Photos you submit: recipe photos, fridge photos, spice-rack photos, receipt photos and PDFs. Household photos may show other people — you are responsible for obtaining any necessary consent from anyone identifiable before uploading.
  • Planning data: meals you schedule, who's eating each night, shopping lists.
  • Receipt and cost data for cost-sharing between kitchen members.
  • Subscription status from Stripe. We never see or store your card number.
  • Technical logs for security and debugging.

3. Special category (health) data

Allergy and dietary information is "special category data" under UK GDPR. Our lawful basis is explicit consent, collected at the point you first enter any food note. You can use the app without providing this information — meal checks will simply degrade gracefully. You can withdraw consent at any time from Your data. Withdrawing consent stops Kukbuk from using your food data for meal-checking and suggestions going forward; you can also delete the data entirely from the same page. Data that you have already downloaded as an export file remains in that file for your own records but is no longer processed by Kukbuk.

4. Children

Account holders must be 13 or older (the UK consent age for information society services). Profiles for under-13s are created and controlled by a parent or guardian inside their kitchen. When a young person reaches the age of consent and claims their own profile, they take control of their data.

5. Purposes

We use your data to provide the service: parse recipes, check meals against everyone's dietary needs, scale portions, build shopping lists, and let kitchen members split costs. We do not sell your data. We do not use it for advertising, and we do not build profiles beyond the app's stated features.

6. Who processes your data on our behalf

  • Lovable Cloud (Supabase): hosting, database, authentication, file storage. Data may be processed in the European Union.
  • Google (Gemini API): AI parsing of submitted photos and text. For each request we send only the image, PDF or text you are processing plus the allergies and dietary requirements of the specific diners attached to that meal — never the full household profile, contact details, or unrelated kitchen members. Transfers may occur outside the UK under appropriate safeguards (UK IDTA / SCCs).
  • Stripe: payment processing for subscriptions. Stripe is the controller of card data; we only receive your subscription status.

7. Retention

  • Account data: kept until you delete your account.
  • Recipe photos: kept for as long as you keep the recipe.
  • Fridge photos and spice-rack photos: sent to our AI parser for processing and not stored on our servers afterwards. Your spice rack is kept as text in the app; the photo itself is discarded.
  • Receipt photos and PDFs: passed through our server only to reach the AI parser and are not stored. The parsed line items are saved against the shop record; the original image is not retained.
  • Deleted accounts: purged from our systems within 30 days.
  • Settled cost-sharing records: kept for 12 months for member transparency.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing, port your data, and withdraw consent. Use the actions on Your data to exercise these, or email us at hello@studystreaks.co.uk — we will respond within one month. If you're unhappy with how we handle your data you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113.

9. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted by row-level security and authentication on our backend. We minimise the data we store and the data we send to AI processors.

10. Changes

We'll update this page when our processing changes and notify account holders by email of material changes.