Sofra is built on a simple principle: your data belongs to you. This policy explains what we collect, how we use it, and what rights you have.
Four things can go off your device.
First, anonymous usage events — which screens you open, which recipe you tapped, whether the audio narration played — sent to our analytics provider (PostHog) tagged with a randomly generated device ID, never your name or email. This only happens if you turn on analytics consent inside the app (default off).
Second, when you use the Ask AI feature, your question and the relevant recipe text are sent to a language-model provider to generate a response (primarily Google Gemini, with fallback to Anthropic, OpenAI, or our hosted relay if the primary provider is unavailable).
Third, when you use voice cooking mode (CookModeMic), the audio of your spoken instruction is sent to a speech-to-text provider (OpenAI Whisper, via our hosted relay) for transcription, and is not retained after the response is returned.
Fourth, when you tap Find Local Stores to look up Middle Eastern grocers near you, the app requests your precise GPS location and sends those coordinates to Google (via the Gemini API with the Google Maps tool enabled). Google uses your coordinates to search Google Places for nearby grocers and returns a list. We rely on your explicit consent — the location permission you grant on first use — as the legal basis for this processing under GDPR Article 6(1)(a). Sofra does not retain your coordinates in any database, server log, or analytics system. Google's handling of data sent to its APIs is governed by Google's privacy policy and applicable API terms.
Your meal plans, saved recipes, cooking streak, and audio playback history stay on your device.
Anonymous usage events tell us which recipes resonate, which screens confuse, and where the cooking experience breaks. We use this to improve the app — never to advertise to you, never to sell to third parties. Recipe view counts also feed into how we recognize our recipe contributors. Your questions to Ask AI are processed in the moment to give you a useful answer; we do not store your AI conversation history on our servers.
Anonymous usage events do not leave your device unless you explicitly allow it. We default to OFF — events stay queued on your device until you choose. You can change this at any time using the toggle in the in-app privacy screen. If you change your mind later and turn it off, we will both stop new events and ask our analytics provider (PostHog) to delete the history of this device.
Recipe narration is delivered in two ways. The 12 featured Levantine narrations (in Lebanese and Syrian Arabic, performed by Microsoft Edge text-to-speech voices Layla and Amany) are bundled inside the app and play offline. The remaining narrations are streamed from a public CDN (jsDelivr). The CDN, like any web request, may log your IP address at the network edge for the duration of the request. We do not see or retain those logs.
We rely on a small set of services to run the app:
Each service has its own privacy policy and processes data according to its own terms.
Sofra is operated from Lebanon and uses service providers that may process data in other countries, including the United States, the United Kingdom, the European Union, and other jurisdictions. Where GDPR applies, Sofra relies on the contractual safeguards each provider makes available — for Google specifically, the EU Standard Contractual Clauses and the UK International Data Transfer Addendum incorporated by reference into the Google Cloud Data Processing Addendum; for other providers, the provider's own data-processing terms.
If you are located in the European Economic Area, the United Kingdom, Brazil, California, or any other jurisdiction with comparable data-protection laws, you have the right to access, correct, port, or erase your personal data. To exercise these rights:
You can delete your anonymous usage events from our analytics provider (PostHog) at any time using the button inside the app under Settings → Privacy. This removes your device's history of which screens you opened and which recipes you played. Your subscription record (managed by RevenueCat / Apple / Google) is retained for billing purposes; to cancel a subscription, use your Apple App Store or Google Play subscription settings. Uninstalling the app removes everything stored on your device. There is no account to delete because we never asked you to create one.
Sofra is not directed to children under the age of 13. We do not knowingly collect any personal information from children. The app is rated for general audiences and marked Not Made for Kids on Google Play and the equivalent on the App Store.
We may update this privacy policy as the app evolves. The effective date at the top of this page reflects the most recent revision. Material changes will also be communicated inside the app on next launch.
Sofra is a product of Lebanese Heritage Kitchen, a trading name of Thomas William Hornig, who is the data controller responsible for your personal data. UK Information Commissioner's Office (ICO) registration number: ZC129044. You can verify this registration at ico.org.uk/register.
For data subjects in the European Economic Area: Sofra processes EEA personal data on a small and occasional scale — single-digit EEA users at present, no special-category data, no profile-building, no automated decision-making, no advertising. On this basis the controller relies on the Article 27(2) GDPR exemption, which excuses controllers from appointing a designated EU representative where processing is occasional, does not include large-scale special-category data, and is unlikely to result in a risk to the rights and freedoms of EEA data subjects. The controller will reassess and appoint a designated representative as the user base or processing profile expands. Until then, EEA data subjects can exercise their rights by emailing support@sofrabeirut.com; we respond within 30 days.
If you have any questions about this privacy policy or want to exercise a data right, please contact us at support@sofrabeirut.com.