Privacy Policy for SteakMaster

Last Updated: February 2026

Welcome to SteakMaster. Your privacy is important to us. This Privacy Policy explains how we handle information in the SteakMaster mobile application ("App").

1. Information We Do NOT Collect Directly

We believe you should own your data. SteakMaster is designed to work without collecting any Personally Identifiable Information (PII) directly from you.

  • No User Accounts: The App does not require you to create an account.
  • No Direct Personal Data: We do not ask for, access, or store your name, email address, phone number, or precise location.

2. Information Stored Locally on Your Device

To provide a personalized experience, the App stores some data directly and only on your device using SQLite database technology. This data is never transmitted to us or any third party and remains entirely under your control.

This locally stored data includes:

  • Cooking History: A log of your past cooking sessions (steak type, cooking method, doneness level, thickness, and timestamps)
  • Favorites: Any recipes or cooking configurations you have saved as a favorite
  • App Settings: Your preferences, such as the unit of measurement (cm/inches), notification settings, and language preferences
  • Notification Data: Locally scheduled cooking timer alerts and flip reminders (processed on your device only)

Your Control: You can clear this data at any time by clearing the app's data in your device settings or by uninstalling the App. All local data will be permanently deleted from your device.

3. Analytics Data Collection

We use Firebase Analytics (provided by Google LLC) to understand how users interact with our app and improve user experience. This service collects:

  • App usage patterns: Screens viewed, features used, and session duration
  • Cooking session statistics: Anonymized cooking data (type of steak, cooking method, doneness level - aggregated only)
  • Performance metrics: App load times, response times, and stability data
  • Device information: Device model, operating system version, and screen resolution
  • General location: Country/region level only (not precise GPS location)
  • Crash reports: Anonymous error logs to help us fix bugs

Important: This data is anonymous and NOT linked to your identity. Firebase Analytics assigns a random instance ID to your device but does not collect any personally identifiable information. We cannot identify individual users from this data.

Legal Basis (GDPR): We process analytics data based on our legitimate interest to improve app functionality and user experience, in accordance with Article 6(1)(f) of the GDPR.

4. Remote Configuration (Firebase Remote Config)

To improve the App and deliver updated cooking formulas and features without requiring you to update the App, we use Firebase Remote Config.

When the App checks for new configuration, it sends limited anonymous data:

  • App Information: Application package name, version number, and anonymous instance ID
  • Device Information: Device type, OS version, country, and language preference

Important: This data is used only for app configuration delivery and is NOT linked to your identity. No personal information is transmitted.

5. Permissions

The App requests the following permissions to provide its core functionality:

  • Notifications (Required): To alert you when it's time to flip your steak or when cooking is complete. Notifications are scheduled locally on your device using flutter_local_notifications library and are not transmitted to any server.
  • Vibration (Android): To provide haptic feedback for timer alerts
  • Schedule Exact Alarms (Android 12+): To ensure precise cooking timer notifications
  • Background Notifications (iOS): To deliver timer alerts even when the app is in the background

Why We Need These: All permissions are essential for the cooking timer functionality. Notifications are processed entirely on your device and never sent to external servers.

6. Data Retention

  • Local data (SQLite): Stored on your device indefinitely until you manually clear app data or uninstall the app
  • Analytics data: Retained by Firebase Analytics for 14 months, then automatically deleted
  • Remote config data: Not stored permanently; only used for real-time app configuration delivery
  • Notification data: Processed locally on your device; not retained after delivery

7. Your Rights and Control

You have full control over your data and the following rights:

  • Access: View all locally stored data directly within the app (Cooking History and Favorites screens)
  • Deletion: Clear all local data through your device settings (Settings > Apps > SteakMaster > Clear Data) or by uninstalling the app
  • Opt-Out of Analytics: Disable analytics collection in the app settings (Settings > Privacy > Disable Analytics). This will prevent Firebase Analytics from collecting any usage data going forward.
  • Data Portability: Request a copy of your data by contacting us at privacy@steakmaster.app. We will respond within 30 days.
  • Information Requests: Contact us at privacy@steakmaster.app for questions about data processing
  • Rectification: Edit or correct your cooking history and favorites directly within the app

GDPR Rights: If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

8. Third-Party Services and Data Sharing

We use the following third-party services:

  • Firebase Analytics (Google LLC): Anonymous usage analytics
  • Firebase Remote Config (Google LLC): App configuration delivery

Important: We do NOT sell, rent, or share your personal information with third parties for marketing purposes. The data collected by Firebase is anonymous and not linked to your identity.

International Data Transfers: Firebase services may process data outside your country of residence. Firebase is provided by Google LLC and complies with applicable data protection laws, including GDPR and CCPA. Google uses Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers.

9. Children's Privacy (COPPA Compliance)

Our App is not directed to individuals under the age of 13. We do not knowingly collect any personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@steakmaster.app, and we will take steps to delete such information.

Recommendation: The app should be used under adult supervision for users under 18, as it involves cooking with hot surfaces and sharp objects.

10. California Residents (CCPA Rights)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know: You have the right to request disclosure of what personal information we collect, use, and disclose
  • Right to Delete: You have the right to request deletion of your personal information (fulfilled by clearing app data or uninstalling)
  • Right to Opt-Out: You have the right to opt-out of the sale of personal information. We do NOT sell your personal data to third parties.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at privacy@steakmaster.app with the subject line "CCPA Request".

11. Data Security

We take the security of your data seriously:

  • Local Data Protection: All data stored on your device using SQLite is protected by your device's built-in security features (device encryption, biometric locks, etc.)
  • Secure Transmission: All communication with Firebase services uses HTTPS encryption (TLS/SSL)
  • Minimal Data Collection: We follow the principle of data minimization - we only collect what is necessary for app functionality
  • Anonymous by Design: Firebase Analytics data is anonymous and cannot be traced back to individual users

However, please note that no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security.

11.1 Data Breach Notification

Important Context: SteakMaster does NOT store your personal data on our servers. All your cooking history, favorites, and settings are stored locally on your device only using SQLite. We cannot access, view, or retrieve this data.

Potential Data Breach Scenarios (Extremely Rare):

The only theoretical data breach risk involves our third-party service provider (Firebase Analytics by Google LLC), which processes anonymous usage data. In the highly unlikely event of a security incident affecting Firebase Analytics data:

  • GDPR Compliance (EU): We will notify the relevant supervisory authority within 72 hours of becoming aware of any breach involving EU resident data
  • CCPA Compliance (California): We will notify affected California residents without unreasonable delay if personal information is compromised
  • User Notification: If a breach is likely to result in a high risk to your rights and freedoms, we will notify you through an in-app notification or via our website
  • Notification Contents: We will describe the nature of the breach, the data affected (if any), the likely consequences, and the measures taken to address the breach

Why the Risk is Extremely Low:

  • ✅ We do NOT collect personally identifiable information (PII)
  • ✅ Firebase Analytics data is anonymous and cannot be linked to individual users
  • ✅ Your cooking data never leaves your device
  • ✅ We do NOT operate our own servers or databases
  • ✅ Google Firebase has enterprise-grade security (used by billions of users worldwide)

Your Local Data Protection: Since your personal cooking data is stored only on your device, the security of this data depends on your device's security features (device encryption, screen lock, biometric authentication). We recommend enabling these features for maximum protection.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

Notification of Changes: We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated "Last Updated" date
  • Displaying an in-app notification when you open the app after an update

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • General Support: support@steakmaster.app
  • Privacy Inquiries: privacy@steakmaster.app
  • Data Subject Requests: privacy@steakmaster.app (GDPR/CCPA requests)
  • Website: https://steakmaster.app

Response Time: We aim to respond to all privacy inquiries within 30 days. For urgent matters, please mark your email as "Urgent - Privacy Request".