Privacy Policy
App: duka
Controller: duka
Address: Stockholm, Sweden
Contact: getduka@proton.me
Effective date: 2026-05-24
Supervisory authority: Integritetsskyddsmyndigheten (IMY) — imy.se
1. Who this policy applies to
This policy applies to anyone who uses the duka mobile application ("the app"). duka is a meal planning app that lets you build a personal recipe library, plan weekly meals, and generate shopping lists.
The data controller is the individual or entity named above ("we", "us"). If you have questions about how your data is handled, contact us at getduka@proton.me.
2. Data we collect, why, and on what legal basis
2.1 Account data
What: Email address, display name, and a unique user identifier assigned by our authentication provider (AWS Cognito).
How obtained: If you sign up with email and password, you provide this data directly. If you sign up or log in with Google Sign-In, your email address and display name are received from Google LLC on your behalf (this is an indirect source under GDPR Article 14). We receive only the fields your Google account shares with apps using Google Sign-In; we do not receive your Google password.
Why: To create and maintain your account, to authenticate you on each session, and to allow household members to identify each other by name.
Legal basis: Performance of a contract with you (GDPR Art. 6(1)(b)).
2.2 Household data
What: Household identifier, membership list (user IDs and display names), role (admin or member), and invite codes.
Why: To let multiple people share recipes, meal plans, and shopping lists inside a shared household.
Legal basis: Performance of a contract (Art. 6(1)(b)).
2.3 Recipes
What: Recipe name, ingredient list, instructions, cook time, tags, and optionally a photo you upload.
Why: To build your personal recipe library and to use as the source pool for meal planning.
Legal basis: Performance of a contract (Art. 6(1)(b)).
2.4 Meal plans
What: Which recipe is planned for which day and meal slot, and the current state of each planned meal (planned, ready, frozen, eaten, or skipped).
Why: To generate your weekly plan and keep it accurate as you cook or change your mind.
Legal basis: Performance of a contract (Art. 6(1)(b)).
2.5 Shopping lists
What: Aggregated ingredient quantities derived from your active meal plan.
Why: To generate and let you edit a ready-to-use shopping list.
Legal basis: Performance of a contract (Art. 6(1)(b)).
2.6 Dietary preferences
What: Tags you select in the app (e.g. vegetarian, low carb, quick, family, batch cook, weekend).
Why: To personalise meal suggestions. These tags are stored on our server and also cached locally on your device.
Legal basis: Performance of a contract (Art. 6(1)(b)). Because these tags may constitute data about your eating habits, we also rely on your explicit consent (Art. 6(1)(a) and Art. 9(2)(a)) when you actively select them in the app. You can remove them at any time in Settings.
2.7 AI meal suggestions
What is sent: When you use the "suggest meals" feature, our backend sends the following to the AI service: the names, tags, and cook times of recipes in your library; the meal slots to be filled; and your dietary preference tags. No names, email addresses, or other personal identifiers are sent to the AI service.
AI provider: We use Amazon Bedrock (Amazon Web Services), running the Amazon Nova Micro model hosted in the EU (eu-north-1, Stockholm). Your data does not leave the European Economic Area for AI processing.
No training use: AWS Bedrock does not use customer inputs to train foundation models. Your recipe data and preferences are used only to generate a response and are not retained by the model.
Why: To generate personalised meal suggestions from your existing recipe library.
Legal basis: Performance of a contract (Art. 6(1)(b)).
2.8 Security and rate-limiting data
What: A daily request counter per household, stored with a time-to-live of 24 hours, used to enforce limits on AI suggestion requests.
Why: To protect the service from abuse.
Legal basis: Legitimate interests (Art. 6(1)(f)) — preventing misuse while keeping the service available to all users.
2.9 Push notification tokens (future)
If we introduce push notifications, we will collect the device push token issued by Apple (APNs) or Google (FCM). We will update this policy and obtain your consent before doing so.
2.10 Analytics (future)
We do not currently collect analytics data. If we add analytics in future, we will update this policy and, where required, obtain your consent.
3. Data recipients and sub-processors
| Sub-processor | Role | Location | Basis |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting, database (DynamoDB), storage (S3), authentication (Cognito), AI inference (Bedrock) | EU (eu-north-1, Stockholm) | Data Processing Agreement under GDPR |
| Google LLC | Google Sign-In (OAuth 2.0) — provides email and display name on login | USA (EEA SCCs apply) | Standard Contractual Clauses |
We do not sell your data to third parties. We do not share your data with advertisers.
4. International transfers
Our primary infrastructure runs in AWS eu-north-1 (Stockholm, Sweden) and data does not leave the EEA in ordinary operation.
Google Sign-In involves Google LLC (USA). Google participates in the EU–US Data Privacy Framework and Google's Sign-In APIs are covered by Standard Contractual Clauses, providing an adequate level of protection under GDPR Art. 46(2)(c).
5. Retention
| Data | Retention |
|---|---|
| Account and all associated data | Until you delete your account |
| Recipe photos (S3) | Until you delete the recipe or your account |
| Rate-limit counters | 24 hours (automatic TTL) |
| Invite attempt records | 24 hours (automatic TTL) |
| Auth sessions (tokens) | Until you sign out or refresh token expires (Cognito default) |
When you delete your account, we will delete or anonymise all personal data within 30 days, except where retention is required by law.
6. Your rights under GDPR
As a data subject in the EEA you have the following rights. Exercise them by contacting getduka@proton.me.
| Right | What it means |
|---|---|
| Access (Art. 15) | Receive a copy of your personal data |
| Rectification (Art. 16) | Correct inaccurate data |
| Erasure (Art. 17) | Request deletion of your data (“right to be forgotten”) |
| Restriction (Art. 18) | Request that we limit processing |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Object (Art. 21) | Object to processing based on legitimate interests |
| Withdraw consent (Art. 7(3)) | Withdraw consent at any time for consent-based processing (dietary tags) — this does not affect the lawfulness of prior processing |
| Lodge a complaint | File a complaint with Integritetsskyddsmyndigheten (IMY) at imy.se |
We will respond to rights requests within 30 days.
7. Article 14 disclosure — data obtained from Google Sign-In
This section applies to users who sign in with Google (GDPR Article 14).
When you use Google Sign-In, Google LLC provides us with your email address and display name. This happens at the point of first login. The source of the data is Google LLC (accounts.google.com). The data is used solely for the purposes described in Section 2.1 (account creation and authentication). You have all the rights listed in Section 6 above in relation to this data.
8. Children
duka is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with their data, contact us and we will delete it.
9. Security
Data in transit is protected by TLS. Data at rest is encrypted by AWS. Authentication tokens are stored in the device's secure keychain (expo-secure-store). Invite codes use brute-force rate limiting. We apply the principle of least privilege to all IAM roles.
10. Changes to this policy
We will post updates to this page at getduka.com/privacy. For material changes that affect how we use your data, we will notify you in-app. The effective date at the top of this document reflects when the current version took effect.
11. Contact
Email: getduka@proton.me
Supervisory authority: Integritetsskyddsmyndigheten (IMY) — imy.se