Legal

Privacy Policy

Last updated: May 2026

Welcome to Leato! This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Leato mobile application (the "App"). Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of your data as described in this policy.

1. Who We Are

Leato is a gamified cooking companion. If you have any questions or concerns about this policy or your personal data, you can reach our privacy team at:

  • Email: theleatostudio@gmail.com

2. Minimum Age Requirements

Leato is available to users aged 13 and older. We do not knowingly collect personal data from children under the age of 13. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers immediately.

3. Data We Collect & Why

Account & Identity Information

  • Google Sign-In: To log in, you must use your Google account. We receive your Google email address, display name, and profile picture URL.
  • Username: You choose a username at sign-up. This is publicly visible to other users.
  • Profile Settings: We collect your chosen nationality and country of residence to tailor pricing and notification languages.

Device & App Activity Data

  • Device Identifier: We generate or collect a device ID (such as an Android ID) purely to prevent referral fraud and detect abusive multi-account behavior. This is never used for advertising tracking.
  • Game Activity: We track recipes cooked, XP earned, your current streak, badges unlocked, and recipe ratings. This powers the gamification engine and the app's Leaderboard.
  • Leaderboard Information: Your username, chosen avatar icon, XP, and PRO status (if applicable) are visible to all Leato users on the Leaderboard.

AI Cooking Assistant

  • Your messages and cooking queries are sent to Google Gemini to provide interactive cooking advice.
  • Conversation history is stored temporarily and automatically deleted after 7 days.

Dish Verification (Camera & Photos)

  • When you use our "Verify Dish" feature, you capture a photo using your device camera. This photo is sent via secure connection to Google Gemini for an automated cooking review.
  • Leato does not permanently store these initial photos. They are processed in-transit and discarded.
  • Appeals: If your photo is rejected and you submit a manual appeal, the photo is temporarily uploaded to our secure servers for human review by a Leato team member. It is deleted immediately after the appeal is resolved.

Grocery Feature Analytics

  • If you use our grocery basket handoff feature, we record basic usage statistics (such as which delivery provider you tapped).
  • This data is linked to a secure, anonymized hash—not your email or username—and is kept strictly for improving the App's functionality.

Payments & Subscriptions

  • Premium Subscriptions (Global): All premium subscriptions are securely managed via Google Play Billing (RevenueCat). We share your Firebase account ID with RevenueCat to sync your premium status.
  • Optional Donations (Support the Dev): If you choose to use the "Buy me a coffee" feature, the payment is processed securely via Razorpay (for users in India) or Google Play Billing / RevenueCat (for all other users). For Razorpay transactions, we record your order and payment IDs for verification and auditing. We do not store your credit card or bank details.

Crash Reports & Support

  • Crashlytics: We collect automated crash stack traces (excluding personal data) via Firebase to fix bugs and improve App stability.
  • Support: If you contact us for support or send in-app feedback, we store your message, name, and email address to assist you.

4. How We Use Your Data

We use the collected data for the following purposes:

  • To operate, maintain, and personalize the App.
  • To verify cooking completions and award XP.
  • To operate the competitive Leaderboard (which may include simulated competitor entries alongside real users to ensure a consistent experience).
  • To process payments securely.
  • To send local cooking reminders (only if you opt-in on your device).
  • To detect and prevent fraud, multi-account abuse, and unauthorized access.

5. Who We Share Your Data With

We only share data with trusted third-party service providers required to operate Leato:

  • Google LLC (Firebase Auth, Cloud Firestore, Firebase Storage, Crashlytics): For primary database hosting, authentication, secure photo storage during appeals, and crash reporting.
  • Google LLC (Gemini API): For AI chat features and automated dish photo verification (in-transit processing only).
  • Razorpay: For secure processing of optional "Buy me a coffee" donations in India.
  • RevenueCat: For subscription management and verification.

Note on Grocery Delivery Apps (Blinkit, Zepto, Swiggy, etc.): Leato redirects you to these apps using deep links but does not share your Leato personal data with them via API.

6. Your Rights & Account Deletion

You have the right to access, correct, and delete your personal data.

Account Deletion

You can request full deletion of your account and personal data at any time:

  1. In-App: Go to Profile → Settings → Delete Account.
  2. Online: Email us at theleatostudio@gmail.com with the subject "Account Deletion Request" from the email address linked to your Google account.

What happens when you delete your account:

  • Your profile, authentication data, support tickets, AI chats, and verification appeals are permanently erased.
  • Donation Payment Records (India): Per Razorpay's Terms of Service and applicable financial laws, we must retain donation transaction proofs (Order ID, Payment ID, amount, timestamp) for 10 years. Upon account deletion, the personal identifier (UID) linking these records to you is removed so the financial data becomes anonymized.
  • Analytics: Grocery usage statistics and recipe ratings are retained in an aggregated, fully anonymized format that cannot be traced back to you.
  • Audit Trail: We keep a secure, minimal record of your deletion request to prove legal compliance.

7. Security

We take data security seriously:

  • All data is encrypted in transit using HTTPS.
  • We use Firebase App Check to prevent bot/scripted access to our servers.
  • High-risk fields (like XP and Premium status) are locked and can only be modified by our secure backend servers, never directly by the user app.

8. International Data Transfers

Your information, including Personal Data, is processed primarily on Google Cloud servers. The Google Gemini API and RevenueCat are operated in the United States. Razorpay operates in India. By using Leato, you consent to the transfer of data to these secure facilities.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also notify you via in-app alert for significant changes.

10. Contact Us

For privacy-related questions, data access requests, or concerns, please contact:

  • Email: theleatostudio@gmail.com
  • Website: leato.in