Privacy Policy
This Privacy Policy describes how Wokflow (“we”, “us”, “our”) collects, uses, and shares information when you use the Wokflow mobile application and related services (the “Service”).
1. Information We Collect
1.1 Information you provide
- Account information. Email address (or Apple Hide My Email relay address), password (stored hashed by Supabase Auth), display name, profile photo (if uploaded).
- Recipes and meal plans. Recipes you create, import, or generate; daily menus; meal rules; categories; cooking notes.
- Shopping and inventory. Grocery lists; kitchen stock items; checked-off purchases.
- Household data. Household name, member list, invitation codes; household-shared recipes, menus, chat messages.
- AI-generation inputs. Text prompts, photos, and URLs you submit for AI recipe generation.
- Discover content. Recipes you publish, comments, likes, follows.
- Support communications. Messages exchanged via the in-app Crisp Chat.
1.2 Information collected automatically
- Authentication tokens. Session tokens for Sign in with Apple, Google OAuth, or email login.
- Usage data. AI-generation counts, subscription state, last-active timestamps (for sync).
- Device data. iOS version, app version, locale (used for language selection and crash diagnostics).
1.3 Information from third parties
- Apple. When you sign in with Apple, Apple provides us with a unique identifier and (if you choose to share) your name and email.
- Google. When you sign in with Google, Google provides us with your name, email, and profile photo.
- Apple StoreKit. When you purchase a subscription, Apple provides the transaction identifier and subscription status. We do not receive credit-card or payment details.
2. How We Use Information
We use your information to:
- Provide and operate the Service (sync your data across devices, render menus, etc.)
- Enable household collaboration (share recipes/menus/messages within your household)
- Generate AI-assisted recipes per your request
- Enforce subscription quotas and tier limits
- Authenticate you and protect your account
- Provide customer support
- Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations
We do not sell your personal information.
3. How We Share Information
We share information with the following categories of third parties, only as necessary:
- Supabase — hosting, database, authentication, real-time sync, and file storage. Receives the data you create or upload.
- Apple Inc. — Sign in with Apple, In-App Purchase, push notifications. Receives identifiers required by Apple.
- Google LLC — Sign in with Google. Receives OAuth handshake data.
- Crisp IM SAS — customer support chat. When you open the support widget, we pass email, display name, subscription tier, household ID, and locale so the support agent has context.
- DeepSeek, Google (Gemini), OpenAI — AI recipe generation. Your text/photo/URL prompts are forwarded transiently and (per their published policies) are not used for further model training.
We may also disclose information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (with notice).
4. Data Retention
- Account data. Retained until you delete your account.
- Recipes, menus, household data. Retained until you delete them or your account.
- AI-generation logs. Usage counts retained indefinitely; prompt content not retained after generation completes.
- Support messages. Retained per Crisp’s retention policy.
- Backups. Deleted data may persist in encrypted backups for up to 30 days before being purged.
When you delete your account via Settings → Account & Privacy → Delete Account, we trigger a cascade deletion that removes your data from Supabase and our servers. Some operational logs may be retained anonymously for security and legal compliance.
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you (use Settings → Account & Privacy → Export My Data).
- Correct inaccurate information (edit your profile in-app).
- Delete your account and personal information (Settings → Account & Privacy → Delete Account).
- Object to or restrict certain processing.
- Withdraw consent where we rely on consent.
- Portability. The export produces a JSON archive of your local and cloud data.
- Lodge a complaint with a supervisory authority (e.g., your local data-protection authority in the EU/UK).
California residents also have the rights described in the California Consumer Privacy Act (CCPA), including the right to know, delete, and not be discriminated against for exercising those rights.
To exercise these rights, contact us at privacy@wokflow.app.
6. Security
We use industry-standard security measures, including:
- TLS encryption for all data in transit
- Encryption at rest (provided by Supabase)
- Hashed passwords (handled by Supabase Auth)
- Role-based access control (Supabase Row-Level Security)
- Limited internal access to personal data
No security measure is perfect. You are responsible for keeping your account credentials confidential.
7. Children’s Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. Parents who believe we may have inadvertently collected information from a child should contact privacy@wokflow.app.
8. International Data Transfers
We operate the Service from servers hosted by Supabase, which may be located outside your country of residence. By using the Service, you consent to the transfer of your personal information to these locations, subject to appropriate safeguards (such as standard contractual clauses) where required by law.
9. Cookies and Similar Technologies
The Wokflow iOS app does not use cookies. Our website (wokflow.app) uses only essential local storage to remember your language preference, and does not employ third-party tracking or advertising cookies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification or by updating the “Last updated” date above. Continued use of the Service after changes constitutes acceptance.
11. Contact
- Email: privacy@wokflow.app
- In-app: Settings → Help & Support
隐私政策
本《隐私政策》说明 Wokflow(“我们”) 在您使用 Wokflow 移动应用程序及相关服务(“本服务”) 时如何收集、使用和共享信息。
1. 我们收集的信息
1.1 您主动提供的信息
- 账户信息。电子邮箱(或 Apple “隐藏我的邮箱”中转地址)、密码(由 Supabase Auth 以哈希形式存储)、显示名称、个人头像(如已上传)。
- 菜谱与菜单。您创建、导入或生成的菜谱;每日菜单; 用餐规则;分类;烹饪笔记。
- 购物与库存。购物清单;厨房库存条目;已勾选的 购买项。
- 户组数据。户组名称、成员列表、邀请码;户组共享的 菜谱、菜单和聊天消息。
- AI 生成输入。您为 AI 菜谱生成提交的文字提示、 图片、网址。
- 发现内容。您发布的菜谱、评论、点赞、关注关系。
- 支持沟通。通过应用内 Crisp Chat 交换的消息。
1.2 自动收集的信息
- 认证令牌。Apple 登录、Google OAuth 或邮箱登录的 会话令牌。
- 使用数据。AI 生成计数、订阅状态、最近活动时间戳 (用于同步)。
- 设备数据。iOS 版本、应用版本、本地化区域设置 (用于语言选择和崩溃诊断)。
1.3 来自第三方的信息
- Apple。当您使用 Apple 登录时,Apple 向我们提供 唯一标识符以及(若您选择共享)您的姓名和电子邮箱。
- Google。当您使用 Google 登录时,Google 向我们 提供您的姓名、电子邮箱和头像。
- Apple StoreKit。当您购买订阅时,Apple 向我们 提供交易标识符和订阅状态。我们不接收信用卡或付款详情。
2. 我们如何使用信息
我们使用您的信息以:
- 提供和运营本服务(跨设备同步数据、生成菜单等)
- 实现户组协作(在户组内共享菜谱/菜单/消息)
- 按您的请求生成 AI 辅助菜谱
- 执行订阅配额和档位限制
- 对您进行身份验证并保护您的账户
- 提供客户支持
- 检测和预防欺诈、滥用和安全威胁
- 履行法律义务
我们不会出售您的个人信息。
3. 我们如何共享信息
仅在必要时,我们与以下类别的第三方共享信息:
- Supabase — 托管、数据库、身份认证、实时同步、 文件存储。接收您创建或上传的数据。
- Apple Inc. — Apple 登录、应用内购买、推送通知。 接收 Apple 要求的标识符。
- Google LLC — Google 登录。接收 OAuth 握手数据。
- Crisp IM SAS — 客户支持聊天。当您打开支持小窗时, 我们传递邮箱、显示名称、订阅档位、户组 ID 和本地化区域,以便支持 人员了解上下文。
- DeepSeek、Google (Gemini)、OpenAI — AI 菜谱生成。 您的文字/图片/网址提示以暂时性方式转发,按其公开政策不用于进一步 模型训练。
法律要求、保护我们的权利时,或在合并、收购或资产出售(附通知)的 情况下,我们也可能披露信息。
4. 数据保留
- 账户数据。在您删除账户前持续保留。
- 菜谱、菜单、户组数据。在您删除内容或账户前持续 保留。
- AI 生成日志。使用计数无限期保留;提示内容在生成 完成后不再保留。
- 支持消息。按 Crisp 的保留政策保留。
- 备份。已删除数据在加密备份中可能保留至多 30 天, 之后被清除。
当您通过“设置 → 账户与隐私 → 删除账户”删除账户时, 我们触发级联删除流程,将您的数据从 Supabase 和我们的服务器中移除。 出于安全和法律合规目的,部分运营日志可能以匿名形式保留。
5. 您的权利
根据您所在司法辖区,您可能享有以下权利:
- 访问我们持有的关于您的个人信息(使用 “设置 → 账户与隐私 → 导出我的数据”)。
- 更正不准确的信息(在应用内编辑您的资料)。
- 删除您的账户和个人信息 (“设置 → 账户与隐私 → 删除账户”)。
- 反对或限制某些处理活动。
- 撤回同意我们依赖同意进行处理的场景。
- 可携带性。导出生成包含本地与云端数据的 JSON 归档。
- 向监管机构投诉(如欧盟/英国当地的数据保护机构)。
加州居民还享有《加州消费者隐私法》(CCPA) 中规定的权利,包括知情权、 删除权和不因行使权利而受到歧视的权利。
如需行使上述权利,请联系 privacy@wokflow.app。
6. 安全
我们采用行业标准的安全措施,包括:
- 所有传输中数据使用 TLS 加密
- 静态数据加密(由 Supabase 提供)
- 密码哈希存储(由 Supabase Auth 处理)
- 基于角色的访问控制(Supabase 行级安全)
- 限制内部对个人数据的访问
没有任何安全措施是完美的。您有责任妥善保管账户凭证。
7. 儿童隐私
本服务不面向 13 岁以下儿童。我们不会有意收集 13 岁以下儿童的个人 信息。如果我们得知收集了此类信息,将予以删除。家长如认为我们可能 无意中收集了儿童信息,请联系 privacy@wokflow.app。
8. 国际数据传输
我们通过 Supabase 托管的服务器运营本服务,这些服务器可能位于您居住国 之外。使用本服务即表示您同意此类传输,并在法律要求的情况下采取适当 保障措施(如标准合同条款)。
9. Cookie 与类似技术
Wokflow iOS 应用不使用 Cookie。我们的网站 (wokflow.app) 仅使用必要 的本地存储来保存您的语言偏好,不采用第三方追踪或广告 Cookie。
10. 政策变更
我们可能会不时更新本隐私政策。重大变更将通过应用内通知或更新上述 “最后更新”日期的方式告知。变更后继续使用本服务即视为接受。
11. 联系方式
- 邮箱: privacy@wokflow.app
- 应用内:“设置 → 帮助与支持”