Last updated: April 2026. This policy explains what data we collect, why we collect it, the legal basis for processing, and your privacy rights under GDPR/RODO.
The controller of personal data is Michal Kielkowski (Get Cookin) (the entity operating this website). Contact: [email protected], Rybnik, Poland.
Account data: email address, password hash, authentication provider (local or Google), login session identifiers.
Content data: recipes, inventory items, profile-related data you create in the app.
Technical data: IP address, request logs, user agent, timestamps, and security/rate-limit events.
Cookie and browser storage: essential authentication cookie, locale preference (`getcookin-locale`), and your optional consent choices stored in browser local storage (`get_cookin_cookie_consent_prefs`).
Optional analytics data (if consented): page views, approximate location, browser/device metadata, engagement metrics from Google Analytics 4.
Optional advertising data (if consented): ad delivery and measurement via Google AdSense (cookies/identifiers used by Google for ads).
Provide the service: account login, recipe/inventory features, image handling (GDPR Art. 6(1)(b), contract performance).
Security and abuse prevention: protect accounts, detect attacks, enforce rate limits (GDPR Art. 6(1)(f), legitimate interest).
Legal obligations: where required by law (GDPR Art. 6(1)(c)).
Analytics and ads: improve website quality, traffic analysis, UX decisions, and ad funding only after consent (GDPR Art. 6(1)(a), consent).
We use strictly necessary cookies for authentication and security. Optional analytics and advertising scripts (Google Analytics 4, Google AdSense) load only if you opt in via the banner or this page. Your choice is stored in browser local storage (not only cookies). You can change your choice at any time below.
| Name / key | Type | Purpose | Duration | Third party |
|---|---|---|---|---|
| token (or configured auth cookie name) | HTTP cookie (httpOnly) | Logged-in session | Typically up to 7 days | Get Cookin |
| google_oauth_state | HTTP cookie (httpOnly) | CSRF protection during Google sign-in | About 10 minutes | Get Cookin |
| getcookin-locale | HTTP cookie + local storage | Language preference (EN/PL) | Up to 1 year | Get Cookin |
| get_cookin_cookie_consent_prefs | Browser local storage | Stores your optional analytics/ads choices | Until you clear site data | Get Cookin |
| Google Analytics / AdSense cookies | HTTP cookies (third party) | Measurement and ads (only if you opt in) | Set by Google; see Google policies |
We use service providers for hosting, logging, and (if you consent) measurement and advertising.
Google Ireland Limited / Google LLC (United States): Google Analytics 4 and Google AdSense when you opt in. Google may process data in the EU and the US under its terms and certification mechanisms (where applicable).
Other infrastructure providers process data only on our instructions and under appropriate safeguards.
We keep personal data only as long as needed for the purposes above, including account operation, legal obligations, and security auditing. Analytics and ad-related data retention depends on your consent status and Google's settings for Analytics and AdSense.
You have the right to access, rectify, erase, restrict processing, object to processing, and request data portability where applicable.
You can withdraw consent at any time for consent-based processing (analytics and advertising), without affecting lawfulness of processing before withdrawal.
You also have the right to lodge a complaint with a competent supervisory authority.
This service is not intended for children under 18, and we do not knowingly collect personal data from children.
We may update this policy from time to time. Material changes will be published on this page with an updated date.
For privacy requests or questions, contact us at [email protected], Rybnik, Poland.