01Who we are
Kookar (“we”, “us”, “our”) provides a mobile application that helps households plan meals, coordinate with cooks, manage groceries, and make related payments. This policy covers personal data we process when you use the Kookar app.
We are the data controller (data fiduciary under India’s Digital Personal Data Protection Act, 2023) for the data described here. If you do not agree with this policy, please discontinue use of the app.
02Data we collect
We collect only the data needed to operate the features you use. Most data is provided by you or generated as you use the app.
| Data | Why we collect it | Shared with |
|---|---|---|
| Email & phone number | Account creation and one-time-password (OTP) sign-in | Supabase (auth/hosting) |
| Your name & cook’s name | Personalising the app and coordinating meals | Supabase |
| Contacts | Only the name and phone number of a cook or household contact you choose to add or call — we do not upload your full address book | Supabase (stored with the order) |
| Precise location | Only when you choose to set your home delivery pin for groceries | Supabase; Google (map tiles on Android) |
| Voice recordings | Only when you record a voice note to edit your plan; the audio is transcribed by AI | Our backend; Google Gemini (AI transcription) |
| Payment information | Processing grocery and service payments, including UPI | Razorpay (payment processor) |
| Device identifiers & push tokens | Delivering notifications to your device | Supabase; Expo (push delivery) |
| Product-usage & crash data | Understanding how features are used and diagnosing problems | PostHog (product analytics, hosted in the USA) |
| App content (orders, household plan) | Providing the core service | Supabase |
Our analytics are not linked to your identity and are not used to track you across other apps or websites. We do not use advertising identifiers (such as IDFA), and we do not sell your personal data.
03How we use your data
- To create and secure your account and sign you in.
- To provide core features: meal planning, cook coordination, grocery ordering and delivery, and your household wallet.
- To process payments you authorise.
- To transcribe voice notes you record so you can edit your plan by voice.
- To send you notifications related to your orders and account.
- To diagnose crashes, improve performance, and understand which features are useful.
- To comply with legal obligations and prevent fraud or abuse.
Our legal bases (where applicable) are: performing our contract with you, your consent (for permissions such as contacts, location, and microphone), our legitimate interests in improving and securing the service, and compliance with law.
04Device permissions
The app requests these permissions only when you use the related feature, and you can decline or revoke them in your device settings at any time:
- Contacts — when you choose a cook or household contact to invite or call.
- Location (while using the app) — when you add your home pin for grocery delivery. We do not access your location in the background.
- Microphone — when you record a voice note for AI edits.
- Notifications — to keep you updated on your orders and account.
06International data transfers
Some of our service providers (for example, PostHog and Google) process data on servers outside India, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards and the protections offered by those providers. By using the app, you understand that your data may be processed in these locations.
07Data retention
We keep personal data for as long as your account is active and as needed to provide the service, then for a limited period to meet legal, accounting, fraud-prevention, and dispute-resolution obligations. When data is no longer required, we delete or anonymise it. Voice recordings are processed to produce a transcription and are not retained longer than necessary for that purpose.
08How we protect your data
We use industry-standard measures to protect your data, including encryption in transit (HTTPS/TLS) for all communication between the app and our servers, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your information and to address vulnerabilities promptly.
09Your rights & choices
Depending on where you live (including under India’s DPDP Act 2023, the EU/UK GDPR, and Brazil’s LGPD), you may have the right to:
- Access the personal data we hold about you, and request a copy.
- Correct or update inaccurate or incomplete data.
- Delete your account and associated personal data.
- Withdraw consent for permissions (contacts, location, microphone) at any time via device settings.
- Object to or restrict certain processing, and (where applicable) data portability.
- Lodge a complaint with your data protection authority.
You can delete your account and data directly in the app (Profile → account settings) or by request, and contact us using the details below. We will respond within the timeframes required by applicable law.
10Children
Kookar is intended for adults and is not directed at children under the age required by local law (for example, under 18 in India without verifiable parental consent). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can remove it.
11Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app. Continued use of Kookar after an update means you accept the revised policy.
12Contact & Grievance Officer
For privacy questions, to exercise your rights, or to raise a grievance, contact us at:
- Email: privacy@kookar.in
- Delete your data: privacy.kookar.in/delete-account
As required under India’s Digital Personal Data Protection Act, 2023 and the applicable Information Technology Rules, you may contact our Grievance Officer at privacy@kookar.in. We will acknowledge your grievance promptly (ordinarily within 48 hours) and work to resolve it within the timeframes required by law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India or your local data protection authority.