Privacy Policy

aso.kitchen

Last updated: February 28, 2026

1. Introduction

This Privacy Policy describes how aso.kitchen, operated by Efe Kucuk ("we," "us," "our"), collects, uses, stores, and protects your information when you use our website and services at aso.kitchen ("Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) where applicable.

2. Data Controller

The data controller responsible for your personal data is:

Efe Kucuk Operating as aso.kitchen London, United Kingdom Email: privacy@aso.kitchen

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, and authentication credentials when you create an account (including data received from social login providers such as Google or GitHub).

• Payment Information: Billing details processed through Stripe. We do not store your full credit card number, CVV, or other sensitive payment data on our servers. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy at https://stripe.com/privacy.

• Uploaded Content: Images, app icons, App Store URLs, and text prompts you submit to the Service for processing.

• Communications: Any messages or correspondence you send to us, including support requests and feedback.

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, generation history, credit usage, timestamps, and interaction patterns within the Service.

• Device and Browser Data: IP address, browser type, operating system, device type, screen resolution, and referring URLs.

• Cookies and Similar Technologies: We use essential cookies to maintain your session and authentication state. See Section 9 for more details.

3.3 Information from Third Parties

• Authentication Providers: If you sign in via Google, GitHub, or other social login providers, we receive your name, email address, and profile picture as authorized by you during the login flow.

• App Store Data: When you provide an App Store URL, we fetch publicly available information (app name, icon, description, category) from Apple's iTunes Lookup API. This is public data and does not include any personal information about the app's users.

4. How We Use Your Information

We use your information for the following purposes:

Purpose Legal Basis (UK/EU GDPR) Providing and operating the Service Performance of contract Processing payments and managing subscriptions Performance of contract Processing your uploaded content through AI models Performance of contract Sending transactional emails (receipts, account updates) Performance of contract Maintaining account security and preventing fraud Legitimate interest Analyzing usage to improve the Service Legitimate interest Responding to support requests Legitimate interest Complying with legal obligations Legal obligation

We do NOT use your information for:

• Selling or renting your personal data to third parties

• Targeted advertising or ad profiling

• Training AI models on your uploaded content or generated outputs

• Automated decision-making that produces legal effects concerning you

5. How We Share Your Information

We do not sell your personal data. We share information only with the following categories of recipients, and only to the extent necessary:

5.1 Service Providers

Provider Purpose Data Shared Stripe Payment processing Name, email, payment details Replicate AI image generation Uploaded images, text prompts Vercel Website hosting IP address, usage data Railway Database hosting Account data, generation history Cloud storage provider Asset storage Generated images Authentication provider (Auth.js) Account login Email, name, profile data

5.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

6. Data Retention

Data Type Retention Period Account information Duration of account + 12 months after deletion Payment records 7 years (UK tax/legal requirements) Generated content (paid plans) Duration of account Generated content (free plan) 24 hours Usage logs 12 months Support correspondence 24 months

After the retention period, data is permanently deleted or anonymized. You may request earlier deletion of your account and associated data (see Section 8).

We are not obligated to retain your generated content or history and may delete it in accordance with our Terms of Service.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS)

• Encryption of sensitive data at rest

• Secure authentication mechanisms

• Regular security reviews of third-party providers

• Access controls limiting data access to essential personnel only

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights

Under UK GDPR and EU GDPR (where applicable), you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete personal data.

• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.

• Right to Restriction: Request that we restrict the processing of your personal data in certain circumstances.

• Right to Data Portability: Request your personal data in a structured, commonly used, machine-readable format.

• Right to Object: Object to processing of your personal data based on legitimate interests.

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@aso.kitchen. We will respond within 30 days. We may request verification of your identity before processing your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk or your local supervisory authority.

9. Cookies

9.1 Essential Cookies

We use strictly necessary cookies for:

• Session management and authentication

• Security (CSRF protection)

• Remembering your preferences (theme, plan selection)

These cookies are required for the Service to function and cannot be disabled.

9.2 Analytics

We may use privacy-focused analytics (such as Vercel Analytics or similar) to understand aggregate usage patterns. These tools do not use third-party tracking cookies and do not track individual users across websites.

9.3 No Advertising Cookies

We do not use advertising cookies, tracking pixels, or any third-party advertising technologies.

10. International Data Transfers

Your data may be processed in countries outside the United Kingdom or European Economic Area, including the United States, where our service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the relevant authorities

• Adequacy decisions by the UK Secretary of State or European Commission

• Service providers certified under applicable data transfer frameworks

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@aso.kitchen.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to read the privacy policies of any third-party service you interact with.

13. AI Processing Disclosure

When you use the Service, your uploaded images and text prompts are sent to third-party AI model providers (currently Replicate) for processing. These providers process your data solely to generate the requested output and in accordance with their own data processing agreements. We do not authorize these providers to retain, train on, or reuse your inputs or outputs.

However, we cannot guarantee the data handling practices of third-party AI providers beyond our contractual agreements with them. You should review Replicate's privacy policy at https://replicate.com/privacy for information on their data practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to notify you via email or a prominent notice within the Service.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: privacy@aso.kitchen

For data protection inquiries specifically: privacy@aso.kitchen For general legal inquiries: legal@aso.kitchen

By using aso.kitchen, you acknowledge that you have read and understood this Privacy Policy.