Privacy Policy
Cravery
Effective Date: February 1, 2026
1. Overview
This Privacy Policy describes how Lumiver Technologies LLC("Lumiver", "we", "us", "our", or "Cravery"), a limited liability company registered in SHAMS (Sharjah Media City Free Zone), Sharjah, United Arab Emirates, collects, uses, stores, shares, and protects your information when you use the Cravery application, website (cravery.app), and related services (collectively, the "Service").
Lumiver Technologies LLC is the data controller responsible for your personal data. This policy should be read together with our Terms of Use.
By accessing or using the Service, you consent to the collection and use of your information as described in this Privacy Policy.
2. Information We Collect
2.1 Information You Provide
| Data | Examples | Purpose |
|---|---|---|
| Account information | Email address, display name, profile photo | Account creation, authentication, communication |
| Subscription data | Subscription tier, billing status | Service access, quota management |
| Dietary preferences | Dietary restrictions, allergens, cuisine preferences | Personalization, recipe filtering, safety warnings |
| Meal plans | Weekly meal plan configurations, serving counts | Core service functionality |
| Shopping lists | Generated and custom grocery items | Core service functionality |
| Recipe interactions | Saved recipes, ratings, cooking history, notes | Personalization, recommendations |
| Feedback and communications | Support messages, feedback, suggestions | Issue resolution, service improvement |
2.2 Information from Content Submissions
When you submit a URL, image, or text for recipe extraction, we process the content using AI to extract factual recipe information. We store the following:
| Data | Purpose |
|---|---|
| Structured recipe data | Ingredients, instructions, nutritional estimates, cooking times, difficulty, dietary classifications |
| Source URL | Deduplication and attribution |
| Creator attribution metadata | Creator name, platform identifier, profile URL — for attribution |
| AI-generated hero image | An original image generated by AI to illustrate the recipe |
2.3 Information Collected Automatically
| Data | Examples | Purpose |
|---|---|---|
| Device information | Device model, OS version, app version, device identifiers | Compatibility, debugging, analytics |
| Usage data | Features used, session duration, screens viewed, interactions, search queries | Service improvement, personalization, product development |
| Crash reports | Error logs, stack traces | Bug fixes, stability |
| IP address | Collected on API requests | Rate limiting, abuse prevention, approximate geolocation |
| Log data | Access times, pages viewed, referring URLs | Security, analytics |
2.4 Information from Third-Party Authentication
If you sign in using a third-party provider (such as Google or Apple), we receive only the information necessary for authentication: your name, email address, and a unique identifier. We do not access your contacts, photos, or other data from these providers.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) | Legal Basis (UAE PDPL) |
|---|---|---|
| Providing the Service — account management, recipe extraction, meal planning, shopping lists, cooking mode | Performance of contract | Performance of contract |
| Personalization — recipe recommendations, discovery feed, dietary filtering | Legitimate interest | Legitimate interest |
| Communication — service updates, subscription notifications, push notifications | Performance of contract / Consent | Performance of contract / Consent |
| Analytics and product development — understanding usage patterns, improving the Service, developing new features | Legitimate interest | Legitimate interest |
| Aggregated insights — creating de-identified, aggregated analytics and benchmarks | Legitimate interest | Legitimate interest |
| AI and algorithm improvement — improving the accuracy and quality of our AI models, extraction algorithms, and recommendation systems | Legitimate interest | Legitimate interest |
| Advertising — displaying ads to free-tier users | Legitimate interest | Legitimate interest |
| Safety and security — rate limiting, abuse detection, fraud prevention | Legitimate interest | Legitimate interest |
| Legal compliance — responding to legal requests, enforcing our Terms of Use | Legal obligation | Legal obligation |
| Creator attribution — displaying creator names and links on extracted recipes | Legitimate interest | Legitimate interest |
Aggregated and de-identified data. We may create, use, and share aggregated or de-identified information derived from your data for any lawful purpose, including analytics, benchmarking, research, and product development. Such data is not personal data and is not subject to the restrictions in this policy.
4. Data Sharing and Service Providers
We share your information only in the following circumstances.
4.1 Service Providers
These companies process data on our behalf under data processing agreements:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Cloud Platform | Hosting, AI processing, storage | Service data (within our project) | europe-west1 (Belgium, EU) |
| Firebase (Google) | Authentication, push notifications, analytics | Auth tokens, FCM tokens, identifiers | EU |
| MongoDB Atlas | Database | Structured application data | europe-west1 (Belgium, EU) |
| RevenueCat | Subscription management | Subscription status, user identifiers | US (with EU data processing) |
| Stripe | Web payment processing | Payment information (we do not store card details) | US / EU |
| Apple / Google | In-app purchase processing | Transaction data | US |
We may engage additional service providers from time to time. All service providers are bound by data processing agreements that restrict their use of your data.
4.2 Legal Requirements
We may disclose your information if required by law, court order, subpoena, or governmental regulation applicable in the UAE or in the jurisdiction from which a valid legal request originates.
4.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will make reasonable efforts to notify you before your information becomes subject to a materially different privacy policy.
4.4 With Your Consent
We may share information with your explicit consent for purposes not covered by this policy.
4.5 Sale of Personal Data
We do not currently sell your personal data to third parties.
5. International Data Transfers
Lumiver Technologies LLC is based in the UAE. Our primary infrastructure is in Google Cloud's europe-west1 region (Belgium, EU). Some service providers are based in the United States.
| Transfer Route | Safeguard |
|---|---|
| UAE → EU (infrastructure) | Google Cloud Data Processing Addendum + Standard Contractual Clauses |
| EU → US (service providers) | EU-US Data Privacy Framework + Standard Contractual Clauses |
| Your country → UAE (Lumiver) | Contractual protections + technical safeguards |
We implement appropriate safeguards for all international data transfers, including encryption and contractual protections.
6. Data Retention
We retain personal data for as long as necessary to provide the Service, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
| Data | Retention |
|---|---|
| Account data | Until account deletion + recovery period |
| Recipes | Recipes are platform content and may be retained indefinitely |
| Meal plans and shopping lists | Until account deletion |
| Cooking history and ratings | Until account deletion |
| Source URLs and creator attribution | Retained with recipe for as long as the recipe exists |
| Analytics data | Reasonable period for service improvement |
| Audit logs | 7 years (UAE commercial law requirement) |
| Crash reports | Reasonable period for debugging |
| IP addresses | Reasonable period for security purposes |
When specific retention periods are not stated, we retain data for as long as reasonably necessary for the applicable purpose.
7. Account Deletion
You may delete your account at any time:
- In the app: Settings → Account → Delete Account
- By email: support@cravery.app
When you delete your account:
- Your account enters a soft-delete recovery period during which you may contact support@cravery.app to restore it.
- After the recovery period, personal data is permanently purged, including account information, dietary preferences, meal plans, shopping lists, cooking history, and notes.
- Recipes that have become part of the platform catalog may persist with anonymized attribution.
- Certain data may be retained after deletion as required by law or for legitimate business purposes, including audit logs, fraud prevention records, and dispute resolution data.
If you are a Family subscription owner, deleting your account also removes all family members from the group.
8. Data Security
We implement technical and organizational measures to protect your data, including:
- Encryption in transit: Industry-standard encryption for all data transmitted between your device and our servers.
- Encryption at rest: Database and storage encryption.
- Access control: Production system access is restricted to authorized personnel on a need-to-know basis and is logged.
- Infrastructure security: Google Cloud Platform provides physical security, network isolation, and DDoS protection.
- Authentication security: Credential storage is handled by our authentication provider; we do not store passwords directly.
- Monitoring: Automated alerting for unauthorized access attempts and anomalous patterns.
8.1 Breach Notification
In the event of a personal data breach, we will notify affected users and relevant supervisory authorities as required by applicable law, including within the timeframes mandated by applicable data protection regulations.
9. Cookies and Tracking Technologies
9.1 Web (cravery.app)
| Type | Purpose | Consent Required? |
|---|---|---|
| Essential | Authentication, session management, security | No (necessary for the site to function) |
| Functional | Language preference, theme, display settings | No (necessary for site functionality) |
| Analytics | Usage patterns, feature adoption | Yes (EU/EEA users) |
When you visit cravery.app from the EU/EEA, we display a cookie consent mechanism. You may accept or reject non-essential cookies and change your preferences at any time via the cookie settings in the website footer.
9.2 Mobile App
The mobile app does not use cookies. Analytics may be collected using pseudonymized identifiers. You can opt out of analytics in Settings → Privacy.
9.3 Changes
We may update our use of cookies and tracking technologies as the Service evolves. We will update this section accordingly.
10. Push Notifications
We may send push notifications for service-related communications, including extraction completion, meal plan reminders, recipe suggestions, and family activity updates.
All push notifications are configurable in Settings → Notifications. You may disable all notifications or manage individual categories at any time.
11. Children's Privacy
Cravery is not directed at children. We do not knowingly collect personal data from children under 16 (or under 13 in the United States, in compliance with COPPA).
If we become aware that we have collected personal data from a child below these age thresholds, we will take steps to delete that data. If you believe a child has provided us with personal data, please contact legal@cravery.app.
12. Content Creator Data
If you are a content creator whose recipes appear on Cravery, the following applies whether or not you have a Cravery account.
12.1 Creator Data We Process
| Data | Source | Purpose |
|---|---|---|
| Display name | Publicly visible on source platform | Attribution |
| Platform profile URL | Publicly visible on source platform | Attribution |
| Platform identifier | Derived from source URL | Deduplication, program enforcement |
| Extracted recipes | AI processing of publicly available content | Service provision |
| Claim profile (if claimed) | Provided by you | Creator dashboard |
| Analytics (if claimed) | Generated from user interactions | Creator insights |
Legal basis: Legitimate interest — attribution benefits creators through exposure and traffic, and benefits users through transparency.
12.2 Creator Programs
We currently offer the following programs for content creators:
- Attribution: Extracted recipes display the creator's name, platform badge, and a link to the original content.
- Creator Claim: Creators may claim their profile to manage attributed recipes and access analytics. Visit cravery.app/creators/claim or contact creators@cravery.app.
- Removal Requests: Creators may request removal of recipes attributed to them by contacting takedown@cravery.app.
- Opt-Out: Creators may request a permanent opt-out preventing future extraction from their content. Contact creators@cravery.app.
These programs are offered at our discretion and may be modified or discontinued at any time. Creators also have all applicable statutory data protection rights described in Section 13.
13. Your Privacy Rights
13.1 Rights for All Users
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data |
| Restriction | Request that we limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interest |
| Withdraw consent | Withdraw consent where processing is based on consent |
See Section 14 for how to exercise these rights.
13.2 Additional Rights for EU/EEA Residents (GDPR)
If you are in the European Union or European Economic Area, the GDPR provides additional protections.
Legal bases for processing:
| Basis | When We Use It |
|---|---|
| Contract | Providing the Service you signed up for |
| Legitimate interest | Analytics, security, personalization, creator attribution, AI improvement (balanced against your rights — you may object) |
| Consent | Marketing emails, non-essential cookies (withdrawable at any time) |
| Legal obligation | Tax records, regulatory compliance |
Additional rights:
- Lodge a complaint with your local Data Protection Authority.
- Automated decision-making: Cravery does not make automated decisions that produce legal or similarly significant effects on users.
Data protection inquiries: legal@cravery.app
EU representative: We are committed to appointing a representative in the EU in accordance with Article 27 of the GDPR if and when our processing activities meet the applicable thresholds. In the meantime, EU residents may direct inquiries to legal@cravery.app.
13.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, the CCPA (as amended by the CPRA) provides additional protections.
Categories of personal information we collect:
| CCPA Category | Examples | Sold? | Shared for Cross-Context Behavioral Advertising? |
|---|---|---|---|
| Identifiers | Email, name, IP address | No | No |
| Commercial information | Subscription history | No | No |
| Internet activity | Usage data, features used | No | No |
| Geolocation | Approximate location from IP | No | No |
| Inferences | Recipe preferences, dietary profile | No | No |
Your California rights:
| Right | Description |
|---|---|
| Right to know | Request what personal information we collect, use, and disclose |
| Right to delete | Request deletion of your personal information |
| Right to correct | Request correction of inaccurate information |
| Right to opt out of sale | We do not currently sell personal information |
| Right to non-discrimination | We will not discriminate against you for exercising your rights |
| Right to limit use of sensitive data | Dietary preferences are the only sensitive data we collect; you control these in Settings |
We will respond to verifiable consumer requests within 45 days.
13.4 Additional Rights Under UAE Federal Data Protection Law (PDPL)
The UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data grants the rights described in Section 13.1. To exercise these rights, contact legal@cravery.app. We will respond within 30 days.
The in-app data export feature (Settings → Privacy → Export My Data) provides access to your data in a structured format.
14. How to Exercise Your Rights
In the app:
- Settings → Privacy → Export My Data
- Settings → Privacy → Your Data Rights
- Settings → Account → Delete Account
By email: legal@cravery.app
Response times:
| Jurisdiction | Maximum Response Time |
|---|---|
| GDPR (EU/EEA) | 30 days (extendable by 60 days for complex requests) |
| CCPA (California) | 45 days (extendable by 45 days for complex requests) |
| UAE PDPL | 30 days |
| All others | 30 days |
Verification: We verify your identity by sending a confirmation to the email address associated with your account. Non-account holders may be required to provide additional identification.
15. Changes to This Privacy Policy
We may update this Privacy Policy at any time. Revised versions are effective when posted to the Service or at cravery.app/privacy.
We will make reasonable efforts to notify you of material changes, such as through an in-app notification or email, but are not obligated to do so. Your continued use of the Service after any changes constitutes acceptance of the revised Privacy Policy. If you disagree, stop using the Service and delete your account.
We maintain an archive of previous versions at cravery.app/privacy/archive.
16. Contact Us
Lumiver Technologies LLC
SHAMS (Sharjah Media City Free Zone)
Sharjah, United Arab Emirates
| Purpose | Contact |
|---|---|
| Privacy inquiries and data rights | legal@cravery.app |
| Takedown and removal requests | takedown@cravery.app |
| Creator relations | creators@cravery.app |
| General support | support@cravery.app |
| Security reports | security@cravery.app |