Shop n Cook

Privacy Policy

Last updated: May 2025

Overview

Shop n Cook is a recipe and shopping list manager. This policy covers the Shop n Cook web application and the Shop n Cook browser extension. We collect only what is necessary to provide the service and never sell your data to third parties.

Shop n Cook is open-source and self-hostable. If you run your own instance, this policy applies only to instances we operate. You are responsible for the data handling of your own server.

Browser Extension

The browser extension stores the following data locally in your browser using the standard browser storage API:

  • The URL of your Shop n Cook server
  • Your authentication token, obtained after you sign in
  • Your account email address, used only for display

This data never leaves your device except to communicate with the Shop n Cook server you have configured. It is not sent to any third party.

The extension requests access to the active tab only when you explicitly click Import Recipe. It does not read your browsing history, monitor background tabs, or collect any data outside of that action. No telemetry or analytics are collected by the extension.

Web Application

When you create an account and use the web application, we store:

  • Your email address and a hashed version of your password
  • Recipes and shopping lists you create or import
  • Household preferences you configure (serving size, shopping frequency, budget)

Passwords are hashed using a strong one-way algorithm and are never stored or transmitted in plain text.

AI Recipe Import

When you import a recipe by URL — either through the web app or the browser extension — the content of that page is sent to an AI provider (Anthropic, OpenAI, or Google, depending on the server configuration) to extract structured recipe data. The page URL and its text content are transmitted to the AI provider for this purpose.

This processing is governed by the privacy policy of the AI provider configured on your server. On instances we operate, we use these providers under their standard API terms and do not permit them to use submitted data for model training.

Public Recipes

Recipes you mark as public are accessible to anyone with the link, without requiring an account. Your public profile page lists all your public recipes. You can change a recipe from public to private at any time from the app.

Cookies and Tracking

The web application uses a single session cookie to maintain your login state. No advertising, analytics, or third-party tracking cookies are used.

Data Retention and Deletion

Your data is retained for as long as your account exists. You can delete your account and all associated data at any time from your account settings. Deletion is permanent and irreversible.

Contact

If you have questions about this policy or would like to request deletion of your data, you can reach us by opening an issue on the GitHub repository.