Privacy Policy

Last Updated: June 30, 2025

1. Introduction

Welcome to Sous™ ("App," "we," "our," or "us"), a product offered by Aurora Technologies LLC ("Company"). We are committed to protecting your privacy and complying with applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using Sous™, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. This Privacy Policy is incorporated into and forms part of our Terms of Service.

If you are using our Services on behalf of a business or other entity, you represent that you have the legal authority to accept these terms on that entity's behalf, in which case "you" will mean that entity.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

Account Information: Name, email address, password, profile picture, and other profile information.
Payment Information: Credit card details, billing address, and transaction history. Note that we use third-party payment processors who collect and process your payment information directly. We do not store complete credit card information on our servers.
User Content: Recipes, meal plans, shopping lists, dietary preferences, food allergies, and other content you create using our Services.
Communication Data: Information provided in communications with us, including customer support inquiries, feedback, and survey responses.
Social Media Information: If you choose to connect your social media accounts to our Services, we may receive certain information from those accounts, depending on your privacy settings.

2.2 Usage Information

We automatically collect certain information about your device and how you interact with our Services, including:

Device Information: IP address, device type, operating system version, hardware model, mobile network information, and unique device identifiers.
Usage Data: Screens viewed, time spent on features, search queries, actions taken within the app, frequency and duration of use, features used, and other interaction data.
Location Data: General location information derived from your IP address. If you explicitly grant permission, we may collect more precise location data.
Log Data: Server logs, error reports, performance data, and crash reports.

2.3 Data Collection Technologies

We use analytics and similar technologies to collect information about your app usage and preferences. These technologies help us understand how users interact with our Services, personalize content, measure the effectiveness of our features, and improve your experience.

The types of data we collect include:

Essential Data: Necessary for the basic functionality of our Services.
Preference Data: Enables our Services to remember your preferences and settings.
Analytics Data: Helps us understand how you use our Services so we can improve them.
Marketing Data: Used to deliver relevant communications and track campaign performance.

You can control data collection through the privacy settings in the app. Blocking certain data collection may limit some features.

3. How We Use Your Information

We may use the information we collect for various purposes, including to:

Provide, maintain, and improve our Services;
Process transactions and send related information;
Personalize your experience with content and features relevant to you;
Send administrative messages, updates, security alerts, and support messages;
Respond to your comments, questions, and requests;
Communicate with you about new features, offers, promotions, rewards, contests, upcoming events, and other news about our Services and partners (you may opt out of marketing communications);
Monitor and analyze trends, usage, and activities;
Detect, investigate, and prevent fraud, abuse, and other illegal or unauthorized activities;
Debug and repair errors;
Protect the rights, property, security, and safety of our users, our Services, and the public;
Enforce our Terms of Service and other policies;
Comply with applicable laws, legal processes, and regulatory requirements;
Create aggregated, de-identified, or anonymous data, which we may use and disclose for any purpose.

4. Legal Basis for Processing (EU and UK Users)

If you are located in the European Union or United Kingdom, we collect and process your personal information on the following legal bases:

Performance of a Contract: Necessary to provide Services;
Legitimate Interests: To provide and improve Services, marketing, prevent fraud, and ensure security;
Consent: For specific uses, such as marketing. You can withdraw consent at any time;
Legal Obligation: To comply with legal requirements.

You may withdraw your consent at any time, but this will not affect the legality of processing that occurred prior to withdrawal.

5. Sharing of Information

We may share your information with:

Service Providers: Third-party vendors, consultants, and other service providers who perform services on our behalf, such as payment processing, data analytics, email delivery, hosting, customer service, and marketing assistance. These service providers are contractually bound to only use your information to provide services to us and in accordance with this Privacy Policy.
Business Partners: Partners with whom we offer co-branded services or engage in joint marketing activities, with your consent where required by law.
Affiliates: Our parent company, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Data Monetization Partners: We may share aggregated, de-identified, or anonymized usage data, cooking trends, recipe popularity metrics, and demographic insights with food industry partners, market research companies, and analytics firms for commercial purposes. This data cannot be used to identify you personally. Please note that under certain state privacy laws, such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), this type of data sharing may be considered a "sale" or "sharing" of your personal information.
Advertising Networks: We may share certain data with advertising partners and networks to deliver targeted advertisements. This may also constitute "sharing" of personal information under California law. You can opt out of targeted advertising through your device settings or by contacting us.
Research and Analytics: We may license aggregated usage patterns, cooking behaviors, and demographic data to academic institutions, market researchers, and food industry analysts for research purposes.
Legal Requirements: When we believe in good faith that disclosure is necessary to (i) comply with any applicable law, regulation, legal process, or governmental request, (ii) enforce our Terms of Service and other agreements, (iii) protect the rights, property, or safety of Aurora Technologies LLC, our users, or others.
Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar event, including during the negotiation of such an event.
Consent: With your consent or at your direction, including if we notify you that the information you provide will be shared in a particular manner and you provide such information.

Important Notice: We may sell, license, or otherwise commercially exploit aggregated, de-identified data about cooking trends, recipe preferences, and user behaviors. While this data cannot identify you personally, it helps us fund and improve our Services. You have the right to opt out of the "sale" or "sharing" of your personal information under California law. To exercise this right please email [email protected].

5A. Data Monetization and Commercial Use

Data We May Monetize: We may derive commercial value from the following types of aggregated, anonymized data:

Cooking trends and recipe popularity metrics
Demographic cooking preferences and behaviors
Ingredient usage patterns and substitution data
Meal planning and dietary preference statistics
App usage patterns and feature engagement metrics
Geographic cooking trends and regional preferences

Commercial Partners: We may share this data with food manufacturers, grocery chains, kitchen equipment companies, cookbook publishers, and market research firms.

Revenue Sharing: Revenue from data monetization helps us provide free features and keep subscription costs low.

Your Rights: You can opt out of data monetization, request information about data sales, or limit the use of your data for commercial purposes by emailing [email protected].

5B. Third-Party Services and Integrations

Third-Party Service Providers: We integrate with various third-party services to provide our functionality. These services have their own privacy policies and data practices:

Payment Processing

Apple App Store & Google Play: In-App Purchase processing, subscription management, and payment security. Subject to Apple's and Google's Privacy Policies.

Analytics and Performance

Firebase Analytics: App usage tracking, crash reporting, and performance monitoring. Subject to Google's Privacy Policy.
Firebase Cloud Messaging: Push notifications and in-app messaging. Subject to Google's Privacy Policy.
Supabase: Database hosting and user authentication. Subject to Supabase's Privacy Policy.

Infrastructure and Hosting

Railway: Application hosting and deployment. Subject to Railway's Privacy Policy.
Vercel: Static asset hosting and CDN services. Subject to Vercel's Privacy Policy.

Data Processing and Security

TogetherAI: AI recipe & image generation and natural language processing. Subject to TogetherAI's Privacy Policy.
AWS Services: Cloud storage and processing services. Subject to Amazon's Privacy Policy.

Data Sharing with Third Parties: We only share the minimum necessary data with these services to provide functionality. Each service processes data according to their own privacy policies and data processing agreements.

Third-Party Liability: We are not responsible for the privacy practices of third-party services. We recommend reviewing their privacy policies directly.

Service Changes: Third-party integrations may change over time. We will update this policy to reflect material changes in our service providers.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention periods vary by region, and generally follow these guidelines:

European Union and United Kingdom: 2 years after last activity
United States: 3 years after last activity
Canada: 2 years after last activity
Australia: 2 years after last activity

When determining our retention periods, we consider:

The amount, nature, and sensitivity of the information;
The potential risk of harm from unauthorized use or disclosure;
The purposes for which we process the data and whether we can achieve those purposes through other means;
Applicable legal, regulatory, tax, accounting, or other requirements.

When we no longer need your personal information, we will either delete or anonymize it. If we cannot delete or anonymize your data (for example, because it is stored in backup archives), we will securely store your data and isolate it from further processing until deletion is possible.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 For Users in the EU and UK (GDPR)

Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request that we correct inaccurate or incomplete information.
Right to Erasure: You can request that we delete your personal data in certain circumstances.
Right to Restriction of Processing: You can request that we restrict the processing of your data in certain circumstances.
Right to Data Portability: You can request a copy of your data in a structured, commonly used, machine-readable format and/or request that we transmit this data to another service provider where technically feasible.
Right to Object: You can object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes or where processing is based on legitimate interests.
Rights Related to Automated Decision-Making: You can request human intervention in certain automated decisions that have legal or similarly significant effects on you.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement of data protection law has occurred.

7.2 For California Residents (CCPA/CPRA)

Right to Know: You can request information about the personal information we have collected, used, disclosed, and sold, including the categories of personal information, the categories of sources, the business purposes for collecting, and the categories of third parties with whom we share the information.
Right to Access: You can request a copy of specific pieces of personal information we have collected about you.
Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sales/Sharing: You can direct us not to sell or share your personal information.
Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of your sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
Right to Correction: You can request that we correct inaccurate personal information.

7.3 For Users in Other Jurisdictions

Users in other jurisdictions may have similar rights under their applicable laws. We will comply with applicable data protection laws when responding to requests.

7.4 Exercising Your Rights

You can exercise your rights by:

Accessing the Privacy & Data Settings in your account profile;
Emailing us at [email protected];
Writing to us at: Aurora Technologies LLC, 2040 Linglestown Road Suite 109, Harrisburg, PA 17110, USA.

We will respond to your request within the timeframe required by applicable law (generally within 30 days for EU/UK requests and 45 days for California requests). We may need to verify your identity before processing your request. In some cases, we may charge a reasonable fee for access requests or decline to process requests that are manifestly unfounded or excessive, particularly if they are repetitive.

8. Security

We implement appropriate technical and organizational measures to protect your personal information. These measures include:

Encryption of sensitive data both in transit and at rest;
Secure access controls and authentication mechanisms;
Regular security assessments and penetration testing;
Monitoring systems for suspicious activity;
Regular backups of data;
Employee training on data protection and security practices;
Vendor security assessments.

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at [email protected].

9. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws different from your country. Specifically, our servers are located in the United States, and our service providers and partners operate around the world.

When we transfer personal data outside of the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as:

Using standard contractual clauses approved by the European Commission, UK, or Swiss authorities;
Transferring to countries recognized as providing adequate protection;
Implementing appropriate supplementary measures, where necessary;
Obtaining your explicit consent, in limited circumstances.

You can request a copy of the safeguards we use for international transfers by contacting us at [email protected].

10. Children's Privacy and Protection

10.1 Age Restriction Policy

Sous™ is intended for users who are 18 years of age or older. We do not knowingly collect, use, or share personal information from individuals under the age of 18. Users must confirm they are 18 or older during account registration. We reserve the right to verify user ages and may request additional verification if we suspect a user is under 18.

10.2 Inadvertent Collection of Children's Data

If we discover that we have inadvertently collected personal information from a child under 16 without appropriate parental consent:

We will delete such information within 30 days of discovery
We will cease any further collection from that user
We will not use the information for any purpose
We will notify the user (if possible) and request verification of age

10.3 Parental Rights and Controls

If you are a parent or guardian and believe your child under 16 has provided personal information to us:

Contact us immediately at [email protected]
Use the subject line: "Child Privacy Concern"
Provide your child's name, account information (if known), and proof of parental relationship
Request deletion of your child's account and data

We will respond to such requests within 72 hours and delete any confirmed child data within 30 days.

10.4 Compliance with Children's Privacy Laws

We comply with applicable children's privacy laws, including:

Children's Online Privacy Protection Act (COPPA) in the United States
General Data Protection Regulation (GDPR) provisions for children in the EU
UK Data Protection Act provisions for children
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
Australia's Privacy Act requirements for children

10.5 Reporting Child Safety Concerns

If you encounter content or behavior that may endanger a child's safety:

Email [email protected] immediately
Contact local authorities if there is immediate danger

We will investigate all child safety reports within 2 hours and take immediate action when necessary.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, and services. Your interactions with these third parties are governed by their privacy policies, not ours. We encourage you to read the privacy policies of every third-party service that you visit or use. We may also integrate third-party analytics tools, social media features, and advertising services, which may collect information about your use of our Services. These third parties may use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites.

12. Your California Privacy Rights

If you are a California resident, California law provides you with additional rights regarding your personal information. This section describes your rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

12.1 Notice of Collection

In the past 12 months, we have collected the following categories of personal information:

Identifiers (e.g., name, email address, IP address)
Commercial information (e.g., products purchased, subscription data)
Internet activity information (e.g., browsing history, app usage)
Geolocation data (when permitted by you)
Audio, electronic, visual information (e.g., profile pictures)
Inferences drawn from other personal information
Sensitive personal information (e.g., precise geolocation, account credentials)

12.2 Sources of Personal Information

We collect personal information from you directly, from your device, from service providers, and from publicly available sources.

12.3 Selling or Sharing Personal Information

Under California law, we are required to disclose if we "sell" or "share" personal information. We do not sell personal information for monetary consideration, but some of our advertising and analytics partners may collect information from our users for targeted advertising purposes, which may be considered "sharing" under California law. This includes online identifiers and internet activity information. You can opt-out of this sharing by clicking the "Do Not Sell or Share My Personal Information" link in our app settings or by contacting us.

12.4 Retention of Personal Information

We retain personal information as outlined in the Data Retention section of this policy.

12.5 Your Rights

California residents have the rights described in Section 7.2 of this policy. To exercise these rights, please follow the instructions in Section 7.4.

12.6 Shine the Light

California's "Shine the Light" law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed personal information (if any) for their direct marketing purposes in the prior calendar year. To make such a request, please contact us at [email protected] with "Shine the Light Request" in the subject line.

13. Intellectual Property Protection

All content, features, and functionality within Sous™, including but not limited to text, graphics, logos, icons, images, audio clips, digital downloads, data compilations, and software, are the exclusive property of Aurora Technologies LLC, its licensors, or other content providers and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws. The Sous™ application name, logo, brand identity, user interface, and all associated visual and brand elements are trademarks of Aurora Technologies LLC. The trademark protection does not extend to the generic word "chef" but specifically to our branded application and its distinctive features. Unauthorized use of any Sous™ trademarks, logos, or branding elements may violate applicable trademark laws.

If you are a California resident, California Civil Code § 1798.83 (the "Shine the Light" law) permits you to request information once per calendar year about our disclosure of your personal information to third parties for their direct marketing purposes, if any. To make such a request, please email us at [email protected] with "Shine the Light Request" in the subject line or write to us at the address provided in Section 15.

We will process and respond to valid "Shine the Light" requests within 30 days of receipt, as required by California law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page;
Updating the "Last Updated" date at the top of this page;
Providing in-app notifications or alerts;
Sending an email to the address associated with your account (for significant changes).

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Services after we post changes indicates your acceptance of those changes.

15. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]
Address: 2040 Linglestown Road Suite 109, Harrisburg, PA 17110, USA
Phone: (717) 219-4561