Privacy Policy
Effective May 4, 2026 · Last updated May 28, 2026
Cookie is built by Landian, Inc. — a Wyoming corporation operating from 525 Randall Ave, Ste 302, Cheyenne, WY 82001 ("we," "us," or "Cookie"). This policy explains exactly what we collect, what we don't, and which third parties touch your data. We've kept it short and specific on purpose. If anything here is unclear, email hello@bakecookie.com.
The short version. Cookie shows you your camera roll on your device, and only the moments or Creator Mode videos you choose to bake are uploaded for server-side baking. Selected media may be processed by Google's Gemini API. We don't upload your full camera roll, we don't sell or share your data with advertisers, and we don't track you across other apps or websites.
What Cookie collects
Photos and videos from your camera roll
When you grant photo-library permission, Cookie reads photos and videos from your device so you can browse them inside the app and pick which moments to bake. Screenshots are detected via Apple's photo-library metadata and excluded on-device before anything reaches Cookie's server (you can change this behavior in Settings → Preferences → "Hide screenshots", but the default is to filter them). Only the moments you explicitly select for a bake are uploaded to Cookie's server-side baking pipeline, where we analyze the media, render the finished video, and store the result for delivery back to your app. Selected media may be sent to Google's Gemini API to generate scene descriptions, story summaries, and per-beat scripts. Before any cook you choose to make public is shown to other Cookie users, it passes through an automated server-side content-safety review.
Cookie does not upload your full camera roll. Only the media from the moments you choose to bake is processed.
Creator Mode video uploads
If you use Creator Mode, Cookie uploads the specific video you select and processes it into a draft Cookie with Cookie presentation, thumbnail generation, and an end card. Creator Mode uploads are stored with your account like other cookies and are removed through the same in-app cookie deletion and account deletion controls. Creator Mode does not create camera-roll moment clusters.
Audio
If you record yourself for the in-app karaoke feature, the recording is sent to our server to be mixed into your final video. If your photos include Live Photo audio, that audio rides along with the photo to Google Gemini for transcription so the script can reference what people actually said in the clip.
An anonymous user ID
When you launch the app, Firebase Authentication assigns a random anonymous identifier to your installation. We use it to keep your subscription state in sync and to apply per-user quotas. It is not your name, email, phone, or any identifier you'd recognize, and it doesn't follow you across other apps.
Subscription information
If you subscribe to Cookie Pro, Apple shares the subscription receipt with our payments processor (RevenueCat) and us so we can validate the purchase, restore it on other devices, and display the correct subscription state. We never see your credit card number — Apple handles payment.
Diagnostic data
If the app crashes, anonymized crash and performance data is collected via Firebase Crashlytics so we can fix bugs. There is no personal information attached.
Phone number (only if you sign in with phone)
If you optionally sign in with a phone number, Firebase Authentication holds your phone number to send the verification code and authenticate you. You can use Cookie without ever providing a phone number.
Contacts (only if you choose Find friends)
If you choose Find friends from contacts, Cookie reads phone numbers and email addresses from your contacts on your device and sends them to Cookie over an authenticated HTTPS request for normalization and server-side HMAC hashing. Cookie stores only protected contact hashes for friend discovery and tag suggestions; raw contact names, phone numbers, and email addresses are not stored.
What Cookie does not collect
- We don't upload your camera roll automatically. Only the moments you explicitly select for a bake leave your device.
- We don't transmit photos you don't pick — anything you skip stays on your phone.
- We don't read your contacts unless you explicitly choose Find friends, and then raw contact values are used only transiently for server-side hashing.
- We don't read your messages, calendar, location history, health data, financial data, or browsing history.
- We don't track you across other apps or websites.
- We don't sell your data.
- We don't show third-party advertising.
- We don't train AI models on your photos. Google's API terms forbid Gemini from training on submissions, and Cookie doesn't train its own models on user content.
Service providers
To operate the app we work with a small set of third-party service providers. The two you should know about specifically are:
- Cookie's Firebase and Google Cloud infrastructure receives the selected photos and videos needed to bake your finished video, stores temporary upload files while the bake runs, and stores finished videos until you delete them.
- Google processes the photos and videos you select for a bake so we can describe scenes, transcribe audio, and write the scripts that become your video. Photos are not used to train Google's models. They're retained briefly for abuse monitoring and then deleted.
- Apple handles your subscription payment, App Store distribution, and push notifications. We never see your credit card.
Beyond those two, we use ordinary infrastructure and tooling providers (cloud hosting, authentication, crash reporting, subscription receipt validation, AI voice synthesis for the narration). They receive only what they need to perform their role, never sell your data, and process it under contract on our behalf. We don't list them individually because the list shifts as we improve the product, and naming a company today doesn't add a meaningful privacy protection beyond the commitments here. If you'd like the current list — for due diligence, a data-subject request, or just curiosity — email hello@bakecookie.com and we'll send it.
How long we keep your data
- Selected bake inputs are stored temporarily while the server creates your video. TestFlight and internal-quality bakes may also be retained in restricted admin archives so we can debug failures and improve quality.
- Your finished videos stay on your device's library and on Firebase Storage until you delete them. Deleting a video in the app removes the storage object server-side too.
- Anonymous user ID persists while you have the app installed. Reinstalling resets it.
- Anonymized telemetry is retained for 90 days and aggregated.
- Crash logs follow Firebase Crashlytics' default retention (90 days).
- Photos sent to Google Gemini follow Google's API retention — not used for training, kept up to 30 days for abuse monitoring per Google's published API terms.
Your rights and choices
- Revoke photo access any time in iOS Settings → Privacy & Security → Photos → Cookie.
- Delete individual bakes by long-pressing a cookie in your Library → Delete. The video and its underlying record are removed from Cookie's servers.
- Sign out in Cookie → Me → Settings → Sign out. Disconnects this device from your @handle.
- Delete your account in Cookie → Me → Settings → Account → Delete account. This removes your profile, cookies, comments, likes, tags, contacts, notification settings, and Firebase Auth account from Cookie's active systems. You can still email hello@bakecookie.com for help or data requests.
- Cancel your subscription in iOS Settings → Apple ID → Subscriptions → Cookie.
- Request a copy of your data by emailing hello@bakecookie.com — we'll respond within 30 days.
- EU/UK residents: you have rights under GDPR/UK GDPR to access, correct, port, restrict, or object to processing of your personal data, and to lodge a complaint with your local supervisory authority. Contact us at the email above.
- California residents: you have rights under the CCPA/CPRA to know, delete, correct, and limit the use of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
Children
Cookie is not directed to children under 13 (or under 16 in the EU). We don't knowingly collect personal information from children. If you believe a child has provided us with information, contact hello@bakecookie.com and we'll delete it.
Security
We use HTTPS for all network requests, Apple's App Attest to verify legitimate app installations, and Firebase App Check to gate server access. Subscription receipts are validated server-side. No system is perfectly secure — if you suspect a vulnerability, email hello@bakecookie.com.
International data transfers
Cookie is operated from the United States. By using Cookie outside the US, you consent to transferring your information to the US, where data-protection laws may differ from your home country. Our service providers operate globally and rely on standard contractual clauses where required.
Changes to this policy
If we materially change this policy, we'll update the "Last updated" date and post a notice in the app. Continuing to use Cookie after a change means you accept the updated policy.
Contact
Landian, Inc.
525 Randall Ave, Ste 302
Cheyenne, WY 82001
United States
Email: hello@bakecookie.com