Privacy Policy

When you create a Cavor account, we collect information you provide directly, including your display name, email address, date of birth (to verify you are 18 years of age or older), profile photograph, and any optional biography or dietary preference fields you choose to complete. If you register through a third-party authentication provider (such as Apple Sign-In or Google Sign-In), we receive limited profile data as permitted by that provider and your authorization.

We automatically collect certain technical data when you access the Service, including:

• Device identifiers (device model, operating system version, unique device ID)
• IP address and approximate geographic region derived from it
• Mobile advertising identifiers (IDFA on iOS, GAID on Android), subject to your platform-level consent settings
• App version, crash logs, performance diagnostics, and session timestamps
• Network connection type (Wi-Fi, cellular) and carrier information

We record how you interact with the Service, including recipes you view, search queries you enter, videos you watch or pause, comments and reactions you leave, creators you follow, and features you use. This behavioral data helps us improve functionality and deliver relevant content.

Cavor includes an optional Smart Recipe Generator that allows you to input the ingredients currently available in your refrigerator, pantry, or kitchen. Any ingredient data you enter is treated as personal information and is used solely to generate recipe suggestions on your behalf. You may clear this data at any time from your in-app settings.

Any content you create or upload, including food photographs, recipe posts, cooking tutorial videos, comments, ratings, and community discussions, is collected and stored on our servers. Please review Section 4 for full details on how UGC is handled.

If you contact our support team or respond to in-app surveys, we retain the content of those communications, your email address, and metadata such as submission timestamps, in order to manage your inquiry and improve our services.

If you purchase Premium Recipes or other paid content within Cavor, payments are processed exclusively by Apple App Store or Google Play. We do not store your full payment card number or CVV. We receive only a transaction confirmation token, purchase amount, and subscription tier information to validate your entitlements.

We use the information we collect primarily to operate and deliver the Cavor experience, including authenticating your account, displaying your profile and content, enabling community interactions, generating AI-assisted recipe suggestions based on your pantry inputs, processing Premium Recipe unlocks, and sending essential transactional notifications.

We analyze aggregated and de-identified usage patterns to identify bugs, measure feature performance, and prioritize future development. For example, understanding which recipe categories generate the highest engagement helps us curate better content. Where we conduct user research, participation is always voluntary.

Your data enables us to detect and prevent fraud, abuse, spam, and policy violations. We use automated systems and human review to enforce our Community Guidelines, protect the integrity of the UGC ecosystem, and investigate reports submitted by other users.

We process personal data as necessary to comply with applicable laws, respond to lawful government requests, enforce our Terms of Service, and protect the rights, property, or safety of Cavor, our users, and the public.

With your consent (where required by law), we may send you newsletters, promotional offers for Premium content, and product update announcements. You can withdraw this consent at any time by using the unsubscribe link in any email or adjusting notification settings in-app.

Cavor employs a content recommendation system that analyzes your browsing history within the app, saved recipes, pantry ingredients, dietary preferences (if provided), and engagement signals such as likes and comments to surface food content we believe you will find valuable. These inferences are used only for in-app personalization and are not shared with third-party advertisers.

You may voluntarily specify dietary restrictions (e.g., vegan, gluten-free, nut allergy) in your profile. This constitutes health-adjacent data and is processed with heightened care. It is used exclusively to filter recipe content and is never sold or shared with food brands or third parties without your explicit consent.

You may disable personalized recommendations at any time in Settings > Privacy > Personalization. In this case, Cavor will serve you a non-personalized, editorially curated feed instead. Your usage data will still be collected for security and analytics purposes unless you exercise your broader data rights under Section 12.

When you upload photos, videos, written recipes, or comments to Cavor, that content is stored on our secure servers hosted by our cloud infrastructure providers. By submitting UGC, you grant Cavor a non-exclusive, worldwide, royalty-free license to host, display, distribute, and promote your content within the Service and in connection with marketing the Service, subject to your account privacy settings.

You retain full ownership of any original content you create and post. Cavor does not claim ownership over your recipes or videos. However, you represent and warrant that you have the necessary rights to any content you upload, including rights to any music, imagery, or third-party material incorporated therein, and that your content does not infringe any third-party intellectual property rights.

We use a combination of automated detection tools and human moderators to review reported content. Content that violates our Community Guidelines, including spam, misinformation about food safety, harassing commentary, or material that is hateful or sexually explicit, will be removed. Repeat or severe violators may have their accounts suspended or permanently banned.

Images and videos you upload may contain embedded metadata such as GPS coordinates, device model, or capture timestamp (EXIF data). We automatically strip geolocation EXIF data from your uploads before they are made publicly visible on the platform, to protect your physical location privacy.

When you delete UGC from your profile, it is removed from public view within 48 hours. Complete deletion from our servers and backup systems may take up to 90 days. Copies retained by other users (e.g., screenshots) are outside our control.

The Smart Recipe Generator processes the ingredient list you provide to generate suggested recipes in real time. This processing occurs on our servers, and the ingredient data is used only for the duration necessary to generate the result. We do not use your pantry data to profile you for advertising purposes or share it with food brands.

Recipes you save, favorite, or add to your personal cookbook are associated with your account and stored on our servers so they remain accessible across your devices. You can delete your saved recipes at any time from within the app.

When you unlock a Premium Recipe, we record the transaction identifier and the content identifier in your account entitlements. This information is used to restore your purchases if you reinstall the app or switch devices, in accordance with App Store and Google Play restore-purchase mechanisms.

We collect aggregate, de-identified statistics on which ingredient combinations are most frequently entered, which recipe types are most generated, and what Premium content is most popular. These analytics guide our content partnerships with chefs and food creators but cannot be used to identify individual users.

We share personal information with trusted third-party service providers who assist us in operating the Service, including cloud hosting providers, content delivery networks, payment processors, email delivery services, analytics vendors, and customer support platforms. These providers are contractually obligated to process your data only on our instructions and in accordance with applicable data protection laws.

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via in-app notice or email before your data becomes subject to a materially different privacy policy, and you will have the opportunity to request deletion of your account prior to any such transfer.

We may disclose your information to law enforcement agencies, courts, or regulators when required by law, court order, or governmental authority, or when we reasonably believe disclosure is necessary to protect the safety of any person, investigate fraud, or enforce our legal rights.

We do not sell your personal information to third parties. We will share your data beyond the cases described above only with your explicit, informed consent, which you may withdraw at any time.

Your username, profile photo, and any UGC you post publicly are visible to all Cavor users and may be indexed by search engines. You can change the visibility of your profile to “Private” at any time in Settings, which restricts your content to approved followers only.

Cavor integrates analytics software development kits (SDKs) to help us understand app performance and user engagement. These SDKs may collect device identifiers and usage events. We configure these SDKs to collect the minimum data necessary and, where available, enable privacy-safe modes that limit data sharing.

If you choose to log in via Apple or Google, those platforms may set their own cookies or collect data in accordance with their own privacy policies. We encourage you to review Apple's and Google's privacy policies independently. Cavor's use of data received from these sign-in flows is limited to account authentication and basic profile population.

We use third-party cloud providers to store user data and serve content globally. These providers are located in jurisdictions with adequate data protection standards or operate under appropriate contractual safeguards such as Standard Contractual Clauses (SCCs). Details of our infrastructure providers are available upon request at service@Cavor.run.

We retain your personal information for as long as your account remains active or as needed to provide the Service. If you have not logged in for 24 consecutive months, we may notify you and, following a reasonable notice period, delete or anonymize your inactive account data.

Financial transaction records, including Premium Recipe purchase history, are retained for a minimum of seven years to comply with applicable tax, accounting, and consumer protection laws.

When we receive a lawful preservation request or become involved in litigation, we may be required to retain certain data beyond our standard retention periods. In such cases, we will process only the data necessary to comply with the legal obligation and will delete it once the obligation is fulfilled.

After the expiry of applicable retention periods, personal data is either securely deleted or rendered irreversibly anonymous. Anonymized data (which cannot reasonably identify you) may be retained indefinitely for aggregate analytics and research.

We implement industry-standard security measures to protect your personal information, including TLS 1.2+ encryption for all data in transit, AES-256 encryption for sensitive data at rest, strict access controls ensuring only authorized personnel can access personal data, and regular security audits and penetration testing.

Access to user data is restricted on a need-to-know basis and requires multi-factor authentication. All team members with access to personal data receive regular data protection training and are bound by confidentiality obligations.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware (where required by law) and will inform affected users without undue delay. Notifications will describe the nature of the breach, the data involved, and the steps we are taking to mitigate harm.

You are responsible for maintaining the confidentiality of your account credentials. We recommend using a strong, unique password and enabling any two-factor authentication options we offer. Please notify us immediately at service@Cavor.run if you suspect unauthorized access to your account.

Although Cavor is a mobile application and does not use browser cookies, we use analogous technologies including in-app local storage, session tokens, and mobile analytics SDKs to maintain your session, remember your preferences, and measure feature usage. These technologies are essential to the operation of the Service.

With your consent as requested through your device's operating system (iOS App Tracking Transparency / Android advertising ID settings), we may access your mobile advertising identifier to measure the effectiveness of any user acquisition campaigns. You can reset or limit advertising tracking at any time through your device settings.

If you access any Cavor web pages (such as our website or help center), we may use standard web cookies for session management, analytics, and fraud prevention. You can control web cookies through your browser settings, though disabling certain cookies may limit the functionality of our web properties.

Cavor serves a global user base, and your personal information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring personal data from the European Economic Area, the United Kingdom, or Switzerland to countries not deemed adequate by the European Commission, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA). For other cross-border transfers, we implement equivalent contractual or technical safeguards to ensure your data is protected.

In jurisdictions with mandatory data localization requirements (such as certain provisions under Brazil's LGPD or applicable local regulations), we take reasonable steps to store relevant data within the required territory or to comply with applicable localization obligations.

You have the right to request a copy of the personal information we hold about you. You can access much of this information directly from your in-app profile and settings. For a complete data export, submit a request to service@Cavor.run.

If any personal information we hold is inaccurate or incomplete, you may correct it directly in your account settings or by contacting us. We will action corrections within 30 days of your request.

You may request deletion of your account and personal data at any time from Settings > Account > Delete Account, or by emailing us. We will process your request within 30 days, subject to any overriding legal obligations that require us to retain certain data. Please review Section 18 for full details.

You may object to or request restriction of the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where processing is based on our legitimate interests. We will cease or restrict processing while we assess your objection, unless we have compelling legitimate grounds that override your interests.

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and to transmit that data to another service provider.

Where we rely on your consent as the legal basis for processing (e.g., marketing emails, personalization), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent, use the relevant in-app toggle or contact us at service@Cavor.run.

To exercise any of the rights listed above, please email service@Cavor.run with the subject line “Privacy Rights Request” and include your registered email address and a description of your request. We will verify your identity before acting on any request and will respond within the timeframes required by applicable law.

For users in the European Economic Area and the United Kingdom, Cavor acts as the data controller of your personal information. Our contact details are provided in Section 23.

We process your personal data on the following legal bases under Article 6 of the GDPR: (a) performance of a contract with you (to provide the Service); (b) compliance with a legal obligation; (c) our legitimate interests (service improvement, fraud prevention, security); and (d) your consent (for personalization and marketing communications).

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your national data protection supervisory authority. A list of EU supervisory authorities is available at the European Data Protection Board website.

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, sold, or disclosed; the right to delete personal information; the right to correct inaccurate personal information; and the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising.

Cavor does not sell personal information as defined under the CCPA/CPRA, nor do we share personal information for cross-context behavioral advertising. You therefore do not need to submit an opt-out request for these purposes, but all other rights described in Section 12 remain available to you.

We will not discriminate against you for exercising any of your California privacy rights. You will not receive a different level of service, be denied goods, or be charged different prices as a result of exercising your rights.

California residents may designate an authorized agent to submit requests on their behalf. We require written proof of the agent's authorization and may verify the identity of the California resident directly before processing any request.

Cavor is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18. During registration, we require users to confirm their date of birth, and we use reasonable verification measures to prevent access by minors. If we discover that we have inadvertently collected personal information from a person under 18, we will delete that information promptly upon becoming aware of it.

If you are a parent or guardian and believe that your child has created an account on Cavor without your consent, please contact us immediately at service@Cavor.run. We will investigate and, where confirmed, delete the account and all associated personal information without delay.

Cavor has a strict zero-tolerance policy toward any content or behavior that constitutes, promotes, facilitates, or glorifies child sexual abuse and exploitation (CSAE). This includes, without limitation, any content involving child sexual abuse material (CSAM), grooming, solicitation of minors, or any other exploitation of individuals under 18. Such content is strictly prohibited on our platform. We utilize both automated scanning tools and human review processes to detect and remove CSAE material. When CSAE content is identified, we immediately remove it, permanently suspend the responsible account, report the content to the National Center for Missing & Exploited Children (NCMEC) CyberTipline or the equivalent authority in the relevant jurisdiction, and cooperate fully with law enforcement investigations. Users who encounter suspected CSAE content are strongly encouraged to report it immediately using the in-app reporting feature or by contacting us at service@Cavor.run.

In addition to age verification at registration, Cavor implements content moderation policies, community reporting mechanisms, and staff training programs designed to prevent any form of child exploitation or harm on our platform. We regularly review and update these safeguards in line with evolving best practices and legal requirements.

Certain advanced recipes and exclusive content collections within Cavor are available for purchase. All payment transactions are conducted through the Apple App Store or Google Play billing systems. Cavor does not handle raw payment credentials; we receive only anonymized purchase confirmation data from the respective platform.

If Cavor offers subscription tiers, we store your subscription status, tier level, and renewal date to manage your entitlements. Subscription management, including cancellation, is handled through the respective app store platform, in accordance with Apple's and Google's subscription policies.

Refund requests for in-app purchases are governed by the refund policies of the applicable app store platform (Apple App Store or Google Play). We encourage you to review those policies before making a purchase. For exceptional circumstances, you may also contact us at service@Cavor.run.

Cavor may send you push notifications for various purposes, including alerts about new comments or reactions on your posts, recipe recommendations based on your saved ingredients, reminders for weekly cooking challenges, updates about new Premium content, and important service or security announcements.

You can control which types of push notifications you receive through Settings > Notifications within the app. You may also manage push notification permissions at the operating system level through your device's settings. Note that disabling all notifications may cause you to miss important security alerts related to your account.

We may send transactional emails (such as purchase confirmations and account security alerts) which are necessary for the operation of the Service and cannot be opted out of while your account is active. Marketing emails are optional and can be unsubscribed from at any time via the link in any such email.

You can permanently delete your Cavor account at any time by navigating to Settings > Account > Delete Account and confirming the deletion. Alternatively, you may submit a deletion request by emailing service@Cavor.run from your registered email address.

Upon account deletion, your profile, saved recipes, pantry data, and personal UGC will be removed from public view immediately. Complete erasure from our live databases will occur within 30 days. Residual copies in encrypted backup archives will be purged within 90 days from the next scheduled backup rotation cycle.

Notwithstanding the above, we may retain certain information after account deletion where required by law, including transaction records (for up to 7 years), content that is the subject of a legal hold, and anonymized or aggregated analytics that cannot be linked back to you.

Cavor may contain links to external websites or resources referenced by creators in their recipe posts or tutorial descriptions, such as ingredient suppliers, kitchen equipment retailers, or cooking blogs. These third-party sites are not operated by Cavor, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

In some cases, links to third-party products or services may be affiliate links through which Cavor or a creator may earn a commission if you make a purchase. The presence of an affiliate link does not influence the privacy practices described in this Policy, and your personal data is not shared with affiliate partners without your consent.

We are committed to making our privacy controls accessible to all users, including those with disabilities. Our in-app privacy settings are designed to be compatible with screen readers and other assistive technologies. If you encounter accessibility barriers when exercising your privacy rights, please contact us at service@Cavor.run and we will assist you through an alternative channel.

This Privacy Policy is published in English as the primary governing language. Where translations are provided as a courtesy in other languages, the English version shall prevail in the event of any conflict or inconsistency.

This Privacy Policy and any disputes arising from it shall be governed by applicable international data protection law and the laws of the jurisdiction in which Cavor is incorporated, to the extent not superseded by mandatory local law in your country of residence (including, where applicable, GDPR, CCPA/CPRA, LGPD, PDPA, or PIPL).

If you have a concern about how we handle your personal data and our response to a direct complaint has not been satisfactory, you have the right to escalate your complaint to the relevant data protection supervisory authority in your country. For EEA users, this is your national data protection authority. For UK users, this is the Information Commissioner's Office (ICO). For California users, this is the California Privacy Protection Agency (CPPA).

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new product features. When we make material changes, we will notify you by: (a) posting the revised Policy in the app with a prominent notice, (b) sending a push notification or in-app banner, and/or (c) sending an email to your registered address at least 14 days before the changes take effect. Non-material clarifications may be updated without advance notice.

Your continued use of Cavor after the effective date of a revised Policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you may delete your account and discontinue use of the Service before the changes take effect.

We maintain a version history of this Privacy Policy. You may request prior versions by contacting us at service@Cavor.run.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Privacy team at:

• Email: service@Cavor.run
• Subject Line: “Privacy Inquiry – [Your Name]”

We aim to respond to all privacy-related inquiries within 30 days of receipt.

To report suspected Child Sexual Abuse and Exploitation content or behavior on the Cavor platform, please use the in-app “Report” button on any post or profile, or contact us immediately at service@Cavor.run with the subject line “CSAE Report.” We treat all such reports as the highest priority and will respond without delay.