Legal · Privacy

Privacy Policy

Last updated: May 2026

The short version

CookSth is a recipe generator. We collect the minimum needed to keep the service running: a request count against your IP address so daily limits work, and — only if you sign up — your email plus a name. If you accept the cookie banner we add anonymous Google Analytics on top. We never sell your data and we never track you across the web.

What we collect

Recipes you generate

When you generate a recipe, it is saved to our database so the public collection can grow. Recipes themselves are not linked to your identity in the page itself — but if you were signed in when you generated them, we keep the association internally so we can show you your own history and enforce daily limits.

Analytics (with consent)

If you accept cookies, we use Google Analytics 4 to understand how people use CookSth — which pages they visit, how long they stay, what features they use. We have configured GA4 with:

  • IP anonymization enabled
  • Advertising features disabled
  • Data retention set to 2 months
  • Google Signals disabled

What we do not collect

  • Marketing email lists (we have no newsletter)
  • Payment information (the site is free)
  • Location data beyond country-level
  • Cross-site tracking identifiers

Cookies

We use cookies only when they are needed for the function you asked for. The cookies we may set:

CookiePurposeDuration
cooksth.session_tokenKeeps you signed in (only set if you create an account)30 days
cooksth_cookie_consentRemembers your cookie preference so we don't ask twice1 year
_gaGoogle Analytics identifier (only if you accept the banner)2 years
_gidGoogle Analytics session (only if you accept the banner)24 hours

Your rights

Under GDPR and similar privacy laws, you have the right to:

  • Decline cookies (use the banner or your browser settings)
  • Request deletion of any data we hold about you
  • Access any data we have collected
  • Lodge a complaint with your local data protection authority

Data transfers

Some of the services we use process data outside the EEA. Google Analytics data and Google account sign-in data may be processed in the United States — Google is certified under the EU-US Data Privacy Framework. If you choose to sign in with Facebook, Meta Platforms Inc. handles that authentication on its own infrastructure under its own privacy policy; we receive only your name, email, and a Facebook user identifier in return. We add nothing to either side of that exchange.

Contact

Questions about privacy? Email us at [email protected].