Privacy Policy

Effective Date: January 14, 2026
Last Updated: January 14, 2026

Hey, We Need to Talk About Privacy (Required but Important Stuff)

Look, nobody actually enjoys reading privacy policies. We get it. But here’s the thing: we collect some information about you when you use our website, and you deserve to know exactly what we’re doing with it. We promise to explain this in actual human language, not legal gibberish.

This Privacy Policy applies to cookiesfreegluten.com and all our related services, including our newsletter, mobile apps, and social media platforms where we collect user data.

Who We Are

We’re LLC Cookies Free Gluten, a team of food-obsessed humans based in Portland, Oregon, who care deeply about both gluten-free cooking AND your privacy. When we say “we,” “us,” or “our,” we’re talking about the company and our team members who handle your information with care.

For privacy-specific questions or concerns, email our Privacy Officer directly: [email protected]

Information We Collect (And Why We Actually Need It)

Information You Give Us Directly

When you subscribe to our newsletter: We collect your email address and first name (optional). Why? So we can send you the recipes, tips, and updates you asked for. We’ll never send your email to spam merchants or use it for anything except what you signed up for.

When you create an account: We collect your name, email address, username, and password (which we encrypt immediately—more on security later). This lets you save favorite recipes, leave comments, access premium content, and manage your preferences.

When you comment on recipes: We collect your name, email, and the actual comment content. This lets us respond to your questions and build community through recipe discussions. Your email isn’t displayed publicly unless you choose to make it visible.

When you contact us: Emails to any of our team addresses mean we store your email address, name, and message content. We keep this information to provide customer service, respond to questions, and improve our content based on your feedback.

When you make a purchase: If you buy premium meal plans, recipe books, or other paid content, we collect billing information (name, address, payment details). We use Stripe for payment processing, which means we never see or store your full credit card numbers—Stripe handles that securely.

When you join our private Facebook group: We see your Facebook profile information (name, profile photo, whatever’s publicly visible). We use this only to approve memberships and facilitate community interaction within the group.

Information We Collect Automatically

Device and usage information: When you visit our website, we automatically collect technical information like your IP address, browser type, device type, operating system, and how you interact with our site (which pages you visit, how long you stay, what you click on). This helps us understand what content is useful, fix technical problems, and improve website performance.

Location data: We collect general location information (city and country level, not your exact address) based on your IP address. This helps us understand our audience demographics and provide region-relevant content (like recipes using ingredients available in your area).

Cookies and similar technologies: We use cookies (the digital kind, not the delicious kind—though we love those too). More details in our separate Cookie Policy, but basically: cookies help us remember your preferences, keep you logged in, and understand how people use our site.

How We Use Your Information (The Real Reasons)

To deliver the content you requested: Sending newsletter recipes, providing account access, displaying saved favorites, delivering purchased content. This is the obvious stuff.

To improve your experience: Understanding which recipes are most popular, what search terms people use, which pages load slowly, where people get confused or frustrated. This helps us make the website better for everyone.

To communicate with you: Responding to your emails, answering recipe questions, notifying you about important website updates, sending occasional surveys about what content you’d like to see. We promise not to be annoying about this.

To prevent fraud and maintain security: Detecting suspicious activity, preventing spam comments, protecting against hacking attempts, ensuring payment processing is secure. Nobody wants their recipe blog hacked or their payment information stolen.

To analyze and improve our content: Understanding which recipes get made most often, what topics generate the most questions, which tutorials are helpful. This shapes our content strategy so we’re creating stuff you actually want.

To personalize content: Showing you recipe recommendations based on what you’ve previously saved or searched for. If you’re obsessed with desserts, we’ll probably suggest more dessert recipes. Pretty straightforward.

Legal compliance: Sometimes we’re legally required to keep certain information (like payment records for tax purposes). We keep this stuff only as long as required by law.

How We Share Your Information (And When We Don’t)

We Never Sell Your Personal Information

Let’s be crystal clear: we will never, ever sell your email address, browsing data, or any other personal information to third parties. Your information is not a commodity we trade for profit. Period.

When We Do Share Information

Service providers we trust: We work with specific companies to help run our website and business. These include:

  • Email service provider (Mailchimp): Handles newsletter delivery and email marketing automation
  • Website hosting (Hostinger): Stores website content and ensures everything loads quickly
  • Payment processor (Stripe): Processes purchases securely without us ever seeing your full payment details
  • Analytics providers (Google Analytics): Helps us understand website traffic and user behavior
  • Content delivery network (Cloudflare): Speeds up website loading times globally
  • Customer support software (Help Scout): Manages support ticket organization and response

All these companies are required by contract to protect your data and use it only for the specific purposes we’ve authorized. They can’t use your information for their own marketing or other purposes.

Legal requirements: If legally required by court order, subpoena, or government regulation, we may disclose information. We’ll notify you about such requests unless legally prohibited from doing so.

Business transfers: If our company is acquired, merged, or we sell assets, your information would be transferred to the new owners. We’d notify you before this happens and explain how your privacy rights might be affected.

With your consent: If we want to share your information in ways not described here, we’ll ask your explicit permission first.

Your Rights and Choices (You’re in Control)

Access Your Information

You can request a copy of all personal information we have about you. Email [email protected] with “Data Access Request” in the subject line. We’ll respond within 30 days with a complete export.

Correct Your Information

Found something wrong? You can update most information directly through your account settings. For things you can’t change yourself, email us at [email protected].

Delete Your Information

Want us to delete your account and associated data? Email [email protected] with “Delete My Account” in the subject line. We’ll permanently delete your information within 30 days, except:

  • Information we’re legally required to keep (like payment records for tax purposes)
  • Anonymized data that can’t be traced back to you
  • Comments you’ve made (which we’ll anonymize but keep for community continuity)

Opt Out of Marketing

Every marketing email includes an unsubscribe link. Click it, and you’re immediately removed from that list. You can also manage email preferences in your account settings or email us at [email protected].

Important note: Even if you unsubscribe from marketing emails, we’ll still send essential account-related emails (like password reset requests or important service updates).

Limit Data Collection

You can:

  • Use browser settings to block or limit cookies
  • Use “Do Not Track” browser settings (which we honor)
  • Browse in private/incognito mode
  • Use ad blockers to prevent tracking pixels
  • Disable JavaScript (though this breaks some website functionality)

For California Residents (CCPA Rights)

If you’re in California, you have additional rights:

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to opt out of “sale” of personal information (which we don’t do anyway)
  • Right not to be discriminated against for exercising these rights

To exercise these rights, email [email protected] with “CCPA Request” in the subject line.

For EU/UK Residents (GDPR Rights)

If you’re in the EU or UK, you have these rights:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to erase your data (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

To exercise these rights, email [email protected] with “GDPR Request” in the subject line.

Data Protection and Security (How We Keep Your Info Safe)

We take security seriously. Here’s what we do:

Encryption: All data transmitted to and from our website uses SSL/TLS encryption (that’s the little padlock icon in your browser). Stored passwords are encrypted using industry-standard hashing algorithms.

Limited access: Only team members who need access to personal information to do their jobs can access it. Emma, Sarah, Mike, and our technical team have access; random people do not.

Regular security audits: We conduct quarterly security reviews and update our systems to address new threats.

Secure hosting: Our website is hosted on secure servers with multiple backup systems and protection against DDoS attacks.

Payment security: We never store credit card numbers. Stripe (our payment processor) is PCI-DSS compliant, which is the gold standard for payment security.

Employee training: Everyone on our team completes privacy and security training annually.

But let’s be honest: No system is 100% secure. We do everything reasonably possible to protect your data, but we can’t guarantee absolute security. If we ever experience a data breach affecting your information, we’ll notify you promptly and explain what happened and what we’re doing about it.

International Data Transfers

Our servers are primarily located in the United States. If you’re accessing our website from outside the US, your information will be transferred to, stored, and processed in the US. We ensure appropriate safeguards are in place for these transfers, including standard contractual clauses for EU data.

Children’s Privacy (Under 13)

Our website is not intended for children under 13. We don’t knowingly collect information from children under 13. If you’re a parent and believe your child has provided us with personal information, please contact us immediately at [email protected] and we’ll delete it promptly.

How Long We Keep Your Information

We keep your information only as long as necessary for the purposes described in this policy:

  • Active accounts: Information retained while your account is active
  • Inactive accounts: After 2 years of inactivity, we’ll send an email asking if you want to keep your account. No response = deletion after 30 days
  • Newsletter subscribers: Until you unsubscribe
  • Purchase records: 7 years (required for tax and accounting purposes)
  • Support emails: 3 years for customer service continuity
  • Analytics data: Anonymized after 26 months (Google Analytics default)
  • Blog comments: Permanently (but anonymized if you delete your account)

Changes to This Policy

We’ll update this privacy policy occasionally as our practices evolve or laws change. When we make changes:

  • We’ll update the “Last Updated” date at the top
  • For minor changes, we’ll just post the updated policy
  • For significant changes affecting your rights, we’ll email active users and display a prominent notice on our website

We encourage you to review this policy periodically. Continued use of our website after changes means you accept the updated policy.

Our website contains links to other websites (ingredient sources, product recommendations, partner blogs). We’re not responsible for those sites’ privacy practices. When you leave our website, read the privacy policy of whatever site you visit next.

Questions, Concerns, or Complaints?

We’re serious about privacy. If you have questions, concerns, or complaints about how we handle your information:

Email our Privacy Officer[email protected]
Response time: We’ll respond within 48 hours (usually faster)

Mail us:
Privacy Officer
LLC Cookies Free Gluten
123 Gluten Free Way, Suite 200
Portland, OR 97204

For EU residents: You also have the right to lodge a complaint with your local data protection authority if you’re unsatisfied with our response.

Summary (TL;DR Version)

We collect information you give us and some automatic usage data. We use it to run our website, send you recipes, improve our content, and provide customer service. We never sell your information. You can access, correct, or delete your data anytime. We use standard security measures to protect your information. Questions? Email [email protected].