Souper Privacy Policy
1. Scope
This Privacy Policy explains how Two Stones, Inc. (“we,” “us,” “our”) collects, uses, shares, and protects information when you use the Souper mobile application and related services (the “App” or “Service”).
2. Information We Collect
2.1 Account Information
- Email address
- Name (if you choose to provide it)
2.2 App Usage, Analytics, and Device Data
- Device identifiers and approximate location derived from IP (country/region level)
- IP address
- Usage analytics (PostHog, Firebase Analytics)
- Crash logs and diagnostics (Firebase Crashlytics)
2.3 Advertising Data (Free Tier)
- Advertising identifiers and related signals (e.g., for ad measurement and personalization depending on your device settings)
Ads are served through Google AdMob. You can limit ad personalization using your device settings (iOS/Android).
2.4 User Content
- Recipe URLs you import
- Recipe metadata and structured fields (e.g., ingredients, titles, source domain)
- One uploaded image per recipe
- Recipe instructions: stored privately and encrypted using an on-device key
The App does not allow manual pasting of full recipe text. The Service is intended for private, individual use; recipes are not publicly shared in-app.
3. How We Use Information
We use information to:
- Provide and maintain the Service
- Operate accounts and authentication
- Import and organize recipes and meal plans
- Perform AI processing for ingredient extraction and structuring
- Show advertisements (free tier) and measure ad performance
- Analyze usage to improve features and reliability
- Prevent fraud, abuse, and security incidents
4. AI Processing (Groq)
We use third-party AI services (currently Groq) to process recipe text and related data to provide features such as ingredient extraction. This may involve transmitting data to servers outside Canada, including the United States.
- AI may be inaccurate. You should verify outputs, especially allergens, dietary needs, and cooking safety.
- We do not claim ownership of your content.
- We do not use your content to train our own AI models.
5. Where We Store and Process Data
We use Firebase Authentication and Firestore (Google) and related tooling. Your data may be stored or processed in the United States and other jurisdictions. Those jurisdictions may have different data protection laws than your country.
6. Sharing and Disclosure
We share information only as needed to run the Service, including with:
| Category | Examples | Purpose |
|---|---|---|
| Infrastructure & Auth | Firebase Authentication, Firestore | Account login, data storage, app operations |
| Analytics & Diagnostics | PostHog, Firebase Analytics, Firebase Crashlytics | Understand usage, fix bugs, improve reliability |
| Advertising | Google AdMob | Serve and measure ads (free tier) |
| AI Processing | Groq | Ingredient extraction and structuring |
We may also disclose information if required by law, to protect rights and safety, to respond to lawful requests, or in connection with a merger, acquisition, or sale of assets (in which case we will provide notice where required).
7. Data Retention
Account deletion is immediate. If you delete your account in-app, we delete associated account data without a 30-day retention period.
Important technical note: Encrypted backups or system logs may persist for a limited time due to routine backup rotation and security auditing, but we restrict access and purge according to operational needs.
8. Your Choices and Controls
8.1 Access, Correction, Deletion
You can delete your account in-app. You may also contact support@souper.cc to request access, correction, or deletion of personal information, subject to identity verification and legal requirements.
8.2 Data Export / Portability (GDPR)
You may request a copy of your data in a commonly used, machine-readable format by contacting support@souper.cc. We will respond within a reasonable timeframe and as required by applicable law.
8.3 Advertising Choices
You can limit ad tracking and personalized ads through your device settings:
- iOS: Settings → Privacy & Security → Tracking (and Apple Advertising settings where available)
- Android (future Google Play launch): Settings → Privacy → Ads (and Google services controls where available)
9. US State Privacy (CCPA/CPRA – Future-Proof)
If you are a California resident, you may have rights regarding your personal information, including the right to know, delete, correct, and opt out of certain forms of sharing for targeted advertising.
Do Not Sell or Share: Souper does not sell personal information for money. However, advertising identifiers and related data may be shared with ad networks (e.g., AdMob) for targeted advertising depending on your settings, which may be considered “sharing” under some laws.
You can opt out of targeted advertising by using your device settings to limit ad personalization (see Section 8.3) or by contacting
support@souper.cc with the subject line: CCPA Opt Out.
10. Legal Bases for Processing (EEA/UK/CH – GDPR)
Where GDPR applies, we process personal data based on:
- Contract: to provide the Service you request
- Legitimate Interests: to improve reliability, prevent abuse, and understand usage
- Consent: for certain analytics or ad personalization where required (and as controlled by your device settings)
- Legal Obligation: where we must comply with law
11. Children’s Privacy
Souper is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact support@souper.cc and we will delete it.
12. Security
We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (HTTPS) and security controls in our service providers. No system is 100% secure.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the Effective Date and provide additional notice in-app when appropriate.