Privacy Policy

This Privacy Policy applies to the Kippr app (hereinafter referred to as the "Application") for mobile devices, which was developed by Franciszek Czajka, under the name of Lapwing Software (hereinafter referred to as "Service Provider") as a Freemium service. This service is provided "AS IS". If you use Kippr, you agree to this Privacy Policy.

This policy is effective as of 2026-04-07.

What information does the Application obtain and how is it used?

Registration with the Service Provider is not mandatory. However, bear in mind that you might not be able to utilize some of the features offered by the Application. When you register, we collect and use data needed to provide account, collaboration, synchronization, and premium features. Depending on how you use Kippr, this may include:

• Account and profile data, such as email, authentication identifiers, display name, and preferences like language and theme.
• Household and app content data, such as pantry items, shopping lists, recipes, notification settings, and collaboration metadata.
• On-device storage and offline cache data, such as synchronized local tables, onboarding status, and recipe history, to support offline-first behavior and reliability.
• AI recipe request data, such as selected ingredients, language, unit preferences, and related technical metadata to generate responses and prevent abuse.
• Purchases and subscription data, such as entitlement status, product/store identifiers, and expiration timestamps, to manage premium access.
• Support and feedback data, such as feedback name, title, message, and account email, to respond to requests, improve service quality, and apply anti-abuse rate limits.

We collect data directly from you, automatically through app and device usage, from selected third-party sign-in and platform services, from on-device caches, and through callbacks/webhooks used for subscriptions, rewards, and fraud prevention.

You can sign in with email/password and selected identity providers (including Google Sign-In and Sign in with Apple, where available). Authentication and account sessions are managed through Supabase.

What information does the Application collect automatically?

In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device's unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.

Does the Application collect precise real time location information of the device?

No. Kippr does not collect precise GPS location.

Does the Application use Artificial Intelligence (AI) technologies?

Kippr offers AI-powered recipe generation features.

• We process the ingredients you explicitly select, your language preference, and unit preference to generate requested recipes.
• We do not use your general app behavior to profile you for unrelated features.
• AI processing may involve third-party AI infrastructure (currently OpenAI) through our backend services.
• AI inputs and outputs may be stored for caching, history, service reliability, and abuse prevention.
• Your AI inputs are not used by us to train our own proprietary AI model.
• You can avoid AI processing by not using AI recipe generation features.

Do third parties see and/or have access to information obtained by the Application?

We do not sell personal data. We share data only when required to operate the Application, fulfill user-requested features, comply with law, or protect users and services.

The Application integrates with third-party services that have their own privacy terms. Current providers and partners include:

• Supabase (backend, authentication, database, and edge functions)
• OpenAI (AI recipe infrastructure)
• Google Play Services
• Google Mobile Ads (AdMob)
• Google Analytics for Firebase
• Firebase Crashlytics
• RevenueCat
• Open Food Facts (barcode/product lookup)

Additional sharing and processing cases include:

• Importing backup data while signed in may upload recipe and related content to backend services for synchronization.
• Rewarded ads may use anti-fraud verification metadata such as signatures, transaction identifiers, custom reward data, and key identifiers.
• Subscription lifecycle webhooks may process app user IDs, entitlement or product identifiers, store source, and expiration metadata.
• We may disclose information when required by law, legal process, or in good-faith safety/security circumstances, including abuse and fraud prevention.

What are my opt-out rights?

You can stop all app-side collection by uninstalling the Application. You can also control specific processing and permissions:

• Analytics and crash reporting are disabled by default where required until consent is provided.
• You can change analytics/crash consent later in app settings.
• Depending on your region and choices, ads may be personalized or non-personalized.
• You can manage ad/privacy preferences using in-app consent flows, platform settings, and device ad privacy controls.
• Notifications and camera access are optional and controlled through OS and app settings.

If you opt out of analytics or crash reporting, core app features remain available, but diagnostics and product insights may be reduced.

What is the data retention policy, and how can you manage your information?

We retain personal data only as long as needed for service operation, legal compliance, dispute resolution, fraud prevention, and enforcement. Typical retention includes:

• Account and content data while your account is active, or until deletion is requested.
• Analytics and crash data for a limited period (typically up to 24 months), or aggregated/anonymized sooner where feasible.
• Security and anti-fraud logs for limited periods needed to detect and prevent abuse.
• Feedback records retained as needed for support, abuse prevention, and operational/legal needs.
• Exported JSON/CSV backup files retained in your chosen storage location until you remove them.
• In shared-household contexts, some records may remain for other members, with direct user references removed or nullified where implemented.

Account controls in the Application include:

• Delete account: removes your account and associated server-side data, subject to legal obligations.
• Reset settings: resets app preferences and defaults; this does not necessarily delete account-level server data.
• Reset data/factory reset: clears local app data on your device; cloud or account data may remain unless account deletion is completed.
• If you own a shared household and delete your account, other members may be relocated to personal households and household-owned content may be removed.
• Some collaborator references may be nullified instead of fully removed to preserve record integrity.

For deletion or data requests, contact us at lapwingsoftwarestudio@gmail.com.

Your privacy rights

Depending on your location, you may have rights to:

• Access your personal data.
• Correct inaccurate data.
• Delete data.
• Receive a copy of data (portability).
• Restrict or object to certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

We do not use your personal data for solely automated decision-making that produces legal or similarly significant effects.

International data transfers

Your data may be processed in countries outside your own. Where required, we apply appropriate safeguards for international transfers, such as contractual protections and equivalent legal mechanisms.

How is your information kept secure?

We use administrative, technical, and organizational safeguards designed to protect personal data. Examples include:

• Encryption in transit for communication between the app and backend services (for example HTTPS/TLS).
• Access controls, including authentication and row-level access checks.
• Least-privilege principles for internal systems and service integrations.

No method of transmission or storage is completely secure, but we continuously work to reduce risk.

How will you be informed of changes to this Privacy Policy?

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of 2026-03-31

How do you give your consent?

By using the Application, you consent to processing as described in this Privacy Policy. Where required by law, we request separate consent for analytics, crash reporting, and ad personalization controls, and you can change those choices later.

How can you contact us?

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us via email at lapwingsoftwarestudio@gmail.com. You can also use the in-app feedback feature in Kippr settings.