Privacy Policy

1. Who We Are

CookBid ("we", "our", "us") operates the website at cookbid.com and provides a restaurant equipment auction aggregation service. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR).

2. What Data We Collect

We collect the following data when you use our Service:

• Account data: email address, username, password (hashed), Telegram chat ID (if linked)
• Saved searches: keywords, categories, price ranges, location preferences you save
• Usage data: pages viewed, searches performed, alerts clicked
• Technical data: IP address, browser type, device information (collected via standard server logs)

We do not collect payment card information — all payments are processed by Stripe, and we only store a subscription status token.

3. How We Use Your Data

We use your data for:

• Providing and maintaining the Service (authentication, saved searches, alerts)
• Sending auction alerts you've subscribed to (via Telegram and/or email)
• Improving the Service through aggregated analytics
• Communicating with you about your account, subscription, or support requests
• Compliance with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

• Consent: you explicitly consent when creating an account and subscribing to alerts
• Contract: processing is necessary to provide the Service you've signed up for
• Legitimate interest: analytics and Service improvement, where our interest does not override your privacy rights

5. Data Sharing

We do not sell your personal data. We may share data with:

• Stripe: payment processing (your email, subscription plan — no card details)
• Resend: email delivery service for alerts and confirmations
• Telegram: for delivering alert messages to your Telegram account
• Legal authorities: if required by law or to protect our rights

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Saved searches and alert preferences are deleted immediately upon account deletion. Server logs are retained for 90 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are hashed using bcrypt
• All traffic is encrypted via HTTPS
• API tokens are stored with restricted access
• Server infrastructure is hosted in Nuremberg, Germany (Hetzner)
• Regular security updates and monitoring

8. Your GDPR Rights

Under GDPR, you have the right to:

• Access: request a copy of all data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: limit how we process your data
• Portability: receive your data in a machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication (JWT tokens stored in localStorage) and session management. No tracking or advertising cookies are used. Our cookie usage is minimal and strictly functional. See our Cookie Policy for details.

10. International Transfers

Your data is stored on servers in the European Union (Germany). If we use third-party services that process data outside the EU (e.g., Stripe, Resend), we ensure they are Privacy Shield certified or have Standard Contractual Clauses in place.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified via email or a prominent notice on the Service. Continued use after changes constitutes acceptance.

12. Contact

Data Controller: CookBid
Email: [email protected]
For GDPR-related requests, please use the subject line "GDPR Request".