22x22: Privacy Policy and Terms of Use
Privacy Policy
Last updated: August 9, 2025
1. Introduction
This Privacy Policy explains what information the 22x22 mobile application (hereinafter - "Application" or "we") collects and how this information is used. By using the Application, you agree to the terms of this Privacy Policy. If you disagree with any of its provisions, please refrain from using the Application.
The Application is designed for searching culinary recipes and fitness workouts. The service is available to users worldwide in different languages. The Application has no age restrictions for use. Login to the Application is carried out through phone number or Apple ID, with the possibility of registration and subsequent authorization.
2. Information Collection
We strive to collect only the personal information that is necessary to provide and improve our service. Below are the categories of data that may be collected when using the Application:
• Personal information provided by the user: During registration and use of the account, we may request and store your phone number (for login via SMS/OTP) or Apple ID profile data (for example, name and email if you use "Sign in with Apple"). This data is used to create an account, log into the system and synchronize your saved recipes (favorites) between devices. If desired, you can provide additional profile data (for example, avatar or username) - this is entirely at your discretion.
• User content: If you decide to use recipe search functions by photo of a dish or by entered ingredients, the Application may request access to the camera or image storage of your device. Photos of dishes uploaded for search are processed for recognition and recipe selection. Such images are not used for other purposes and are not stored longer than necessary to perform the search. Similarly, the list of ingredients that you enter to search for recipes is processed by us only for the purpose of providing relevant results.
• Application usage data: We automatically receive some technical and statistical information when you interact with the Application. This may include information about your device (model, operating system and application version), unique device identifiers, interface language, session times and dates, search queries within the application (for example, recipe keywords), viewed recipes and workouts, as well as actions in the Application (for example, adding recipes to "Favorites"). This data helps us understand user preferences and improve functionality.
• Analytics and diagnostic data: The Application may use analytics tools (for example, Google Firebase Analytics from Google) to collect aggregated statistics about application performance and user behavior. This service may automatically collect technical information (frequency of application use, viewed screens, function clicks, information about errors and crashes, etc.). We plan to use Firebase Analytics to understand which sections of the application are most in demand and how users interact with the service. Please note: data collected by Firebase Analytics does not allow us to directly identify your identity; it is used in anonymized form for statistical purposes.
• Additional data: In the future, we may implement new features that require collecting other types of information (for example, optional user surveys, reviews about recipes or workouts, etc.). In case of adding new data categories, we will update this Privacy Policy and request your consent if required by law.
We do not intentionally collect any sensitive personal data (for example, health information, racial or ethnic origin, political views, etc.) from users. Please refrain from providing such information through the Application.
3. Use of Information
The collected information is used exclusively for the purpose of ensuring the functioning and improvement of the Application, namely:
• Service provision: We process your data to perform the main functions of the Application. This includes authentication (account login), displaying personalized content (for example, the list of your favorite recipes), searching for recipes based on your queries or photos, selecting workouts, etc. If you subscribe, we use your credentials to provide you access to the full catalog of recipes and workouts.
• Support and communication with the user: We may use contact data (for example, phone or email received when logging in through Apple ID) to communicate with you regarding application operation. Usually we communicate through push notifications or within the application (for example, notifications about new recipes, service updates, important changes in terms). We do not send promotional SMS or emails without your separate consent. Push notifications can be disabled in device settings at any time.
• Product improvement and analytics: Information about application usage (p.2 above) is used to analyze user behavior and identify problems in service operation. For example, Firebase Analytics data helps understand which recipes are popular, which functions are used less, where failures occur. This allows us to optimize the interface, fix errors and offer more relevant content. Also aggregated (anonymized) data may be used for researching user preferences, developing new functions and overall service quality improvement.
• Security and abuse prevention: Collected data may be used to ensure the security of your account and our service. For example, we may use device information and IP address to detect suspicious activity (possible account hacking or unauthorized access). In case of detecting violations of Terms of Use (for example, attempts of illegal access, automatic data collection, application hacking, etc.) we may use collected information to investigate the incident and take necessary measures (including access restriction or violator account blocking).
• Fulfilling legal obligations: In certain cases, we may process and store your data to comply with legal requirements. For example, if this is necessary at the request of competent authorities, when considering disputes, or to protect our legitimate interests (such as filing or defending against legal claims). We retain only information that is reasonably necessary for the specified purposes, and strictly within the framework of legal requirements.
We do not use your personal data for targeted advertising of third-party goods or services, as our application is monetized through a subscription model, not through advertising. We also do not sell or exchange user personal data with third parties for commercial purposes.
4. Disclosure of Information to Third Parties
We understand that your personal information should remain confidential. Therefore, we disclose personal data to third parties only in limited cases listed below, and with the application of necessary protective measures:
• Third-party service providers: To ensure the operation of the Application and individual functions, we engage reliable external service providers. In particular, your data may be processed by:
• Authorization services: for example, when logging in by phone number, we may use SMS code sending services (OTP) through a third-party SMS operator or service (possible option - Firebase Authentication from Google for phone login). These providers receive your phone number exclusively for sending a confirmation code and do not use it for other purposes. When logging in through Apple ID, interaction with Apple service occurs - in this case, Apple's privacy policy and terms apply (when logging in through Apple you can choose whether to provide us with your email or hide it; any data coming from Apple is used by us only for account registration).
• Analytics and crash reporting platforms: as mentioned, we use Firebase Analytics (and possibly other tools such as Firebase Crashlytics for tracking application errors). These services provided by Google act as our data processors. They may receive technical and anonymized information (for example, device identifiers, error reports, general IP location, usage statistics). All such data is processed according to confidentiality agreements with these providers and used only for our internal purposes. You can learn more about Google's privacy policies and Firebase terms of use on Google's official website.
• Data hosting and storage: our servers and databases may be hosted by a third-party cloud service provider. This is necessary for application functioning (storing your account, favorite recipes list, media files, etc.). Such providers (for example, cloud platforms) may be located in various countries. We enter into agreements with them that require protecting your data and complying with confidentiality requirements similar to those set forth in this Policy.
• Content partners: The Application provides access to recipes and video workouts, some of which may come from our partners (for example, recipes - through third-party API, video workouts - from partner fitness content channel). In general, we do not transfer your personal data (for example, your name or contact information) to partners when you view their content. However, when requesting a recipe through a third-party service API, information about the request itself is transmitted (for example, the desired dish name or ingredient list). This request may be accompanied by technical data (your device's IP address, region necessary for correct recipe delivery). Such calls to external API are part of the application's operation; the third-party recipe provider does not receive from us information identifying you personally, except for the mentioned technical data that automatically accompanies web requests. Regarding partner video materials - if they are hosted through platforms like YouTube or similar, when playing video, the corresponding platform may collect data according to its policy (for example, your IP address, viewing statistics). We recommend familiarizing yourself with the privacy policy of such third-party platforms when viewing embedded videos.
• By law requirement or for rights protection: We may disclose your information if we in good faith believe it is necessary to comply with applicable law, court order or mandatory government request. Disclosure may also occur if it is necessary to protect our rights, property or security, as well as the rights and security of our users or other persons. For example, in response to a legal process (court order, subpoena, etc.) or to prevent or investigate fraud and technical malfunctions for security purposes.
• Transfer during business reorganization: In case our company participates in a merger, acquisition, asset sale or other form of business transfer, user personal data may be transferred to the successor or new owner as part of the corresponding assets. In such case, we undertake to ensure confidentiality of your data during transfer and notify users (for example, through the application or by email) before your information comes under a different privacy policy.
In all the above situations, we transfer and disclose only the minimally necessary amount of data required to achieve the corresponding purpose. Third parties to whom we provide personal data are bound by obligations to protect it and may not use information outside the scope of instructions we provide.
We do not transfer your personal data to third parties for their own marketing purposes or profiling.
5. Data Storage and Protection
We make significant efforts to ensure the security of your personal data. Below are the main measures and approaches to information storage:
• Storage periods: We store your personal information only as long as necessary for the purposes indicated in this Policy. For example, your account data and all related information (favorite recipes, settings, etc.) will be stored while your account is active. If you decide to delete your account or withdraw consent for processing, we will delete or anonymize the corresponding data (except in cases where their retention is required by law or for reasonable legitimate interests, see below). Aggregated and anonymized analytical data may be stored longer, as it is not tied to a specific user.
• Account deletion: If you want to stop using the Application and delete your data, you can contact us using the contacts indicated (section 9) with a request to delete your account. We will fulfill such request within reasonable time, deleting or anonymizing all personal data that we are not required to retain by law. Note that account deletion will result in loss of access to saved recipes, search history and other data associated with your profile.
• Security measures: Organizational and technical measures are applied to protect data. We use modern information protection methods, including encryption of data transmission channels (for example, all data transmission between client (Application) and server is carried out via secure HTTPS/TLS protocol), encryption or hashing of confidential data (for example, in case of password storage - although usually we don't use passwords for phone or Apple login, but if used, it would be stored in encrypted/hashed form). Access to databases with personal information is limited to authorized employees/contractors who are necessary for application maintenance, and these persons are obligated to maintain confidentiality.
• Firebase and security: If we store any user data on the Firebase platform (Google Cloud), this platform is certified according to leading security and privacy standards. Firebase encrypts data during storage and transmission and complies with GDPR requirements (for EU users) and other international norms. Nevertheless, we note that Google itself as a service provider may process data in various data centers around the world. We have configured services to ensure compliance with international data protection standards, including GDPR for users from the European Economic Area. We regularly update our security settings according to provider recommendations and monitor for vulnerabilities.
• Physical data location: Since our application is available globally, collected data may be processed and stored on servers located outside your country of residence. Including, in individual cases, user data may be transferred to servers located in various countries. We take necessary legal measures to ensure the legality of such cross-border data transfer. If you are located in the European Union, any transfers of your data outside the EEA are carried out based on Standard Contractual Clauses (SCC) or equivalent legal mechanisms provided by GDPR to ensure a level of protection comparable to European standards.
• Disclaimer of complete security guarantee: Despite all our efforts, no method of data transmission over the Internet or electronic storage method is 100% secure. We cannot completely guarantee absolute protection of information from all possible risks (for example, from cybercriminal actions, unauthorized access when bypassing our security measures, etc.). Nevertheless, we will immediately notify users and competent authorities about cases of significant personal data breaches if such (hypothetically) occurs, in accordance with applicable legislation.
6. Children's Privacy
The 22x22 Application does not contain content prohibited for children and is generally available to users of all ages. However, we recognize the importance of special protection of children's personal data. We do not intend to purposefully collect personal information from children under 13 years old (or equivalent minimum age in the corresponding jurisdiction, for example, 16 years in some European countries) without parental or legal guardian consent.
If you are under 13 years old, please do not register in the Application and do not provide us with information about yourself without parent/guardian participation. We recommend parents and legal guardians control children's use of mobile applications, including ours, and explain to children what data cannot be transmitted over the internet without permission.
If we become aware that we have received personal data from a child under 13 years old without verifiable parental consent, we will take steps to delete such information. A parent or guardian who discovers that their child has provided us with personal data without permission should immediately contact us (see section 9 "Contacts") so that we delete the corresponding data and, if necessary, disable the minor user's account.
7. User Rights
We strive to ensure transparency in data processing and respect the rights of all users regarding their personal information. Depending on applicable legislation, you have the following rights:
• Right to access: You have the right to request confirmation of the fact of processing your personal data and request a copy of the data we store about you. We will provide you with information about what categories of data are processed, for what purposes, to whom they are disclosed (if disclosed) and how long they are stored.
• Right to correction: If any personal data that we store about you is inaccurate or incomplete, you have the right to demand its correction or completion. For example, if you changed your phone number or discovered an error in your name provided to us, please update the information in your profile or contact us with a request to make corrections.
• Right to deletion ("right to be forgotten"): You may at any time request deletion of your personal data if you believe that the need for their processing has ceased. This applies, for example, when you withdraw your consent, or data is no longer required for the purposes for which it was collected, or if you believe that data was processed unlawfully. Please note: in some cases we may retain certain data despite a deletion request - exclusively if their storage is necessary for legitimate reasons (for example, to fulfill legal obligations, resolve disputes or protect against possible claims). In any case, if you completely delete your account, most data will be deleted, and remaining information will be anonymized.
• Right to restrict processing: In some situations you may request temporary restriction of processing your data (for example, if you dispute data accuracy or legality of their processing - for the period while we consider your appeal). When restricting processing, we will continue to store data but will not use it until the restriction is lifted (except for storage and cases provided by law).
• Right to data portability: For users from jurisdictions where this right is provided (for example, EU under GDPR), you may request provision of your data in structured, widely used machine-readable format, or (when technically possible) direct transfer of this data to another operator/service according to your instruction. Usually this relates to data that you provided to us yourself (for example, profile information, favorite recipes) and which is processed based on your consent or for contract performance.
• Right to withdraw consent: In cases where personal data processing is carried out based on your consent (for example, you gave consent to send notifications about new recipes), you have the right to withdraw your consent at any time. Consent withdrawal does not affect the legality of processing carried out before withdrawal. If you withdraw consent, we will stop processing the corresponding data or providing corresponding services dependent on consent (provided that we have no other legal basis for continuing processing).
• Right to object to processing: You have the right to object to processing your personal data if we process it based on our legitimate interests. In such situation we will stop processing, except in cases when we have compelling legitimate grounds to continue or if this is required by law (for example, to establish, exercise or defend legal claims).
• Right to file a complaint: If you believe that your privacy rights are violated, you can contact us directly, and we will try to resolve your problem. In addition, you have the right to file a complaint with the competent supervisory authority for personal data protection in your country. For example, for EU users - this is the local data protection authority; for users from other countries - corresponding authorized bodies.
To exercise your rights or obtain additional information, you can contact us in any convenient way indicated in section 9 "Contacts". We may ask you to confirm your identity (to ensure that the request actually comes from the data owner) and specify request details. We will respond to all legitimate requests within the timeframes established by law (usually no later than 30 days, with possible extension if necessary, about which we will notify you).
Please note that some of the listed rights may not apply in your specific jurisdiction or to certain data processing. We apply them to the extent provided by the corresponding legislation.
8. Changes to this Policy
We may from time to time update this Privacy Policy - for example, in connection with the appearance of new application features, changes in legislation or implementation of new technologies/services. If changes are significant, we will make reasonable efforts to notify users about such changes. We may notify you through push notification, banner when launching the application, email (if we have your email), or other explicit way.
The current version of the Policy is always available in the Application interface and/or on the official website (if one exists). Please periodically review this section to track changes. The last update date indicated at the beginning of the Policy will help understand when it was last changed.
If you continue to use the Application after the updated Policy comes into force, this means your agreement with it. In case of disagreement with the changed policy terms, you must stop using the Application and, if necessary, request deletion of your data.
9. Contacts
If you have questions, suggestions or complaints related to privacy and processing of your data in the 22x22 Application, please contact us. We are open to feedback and will try to respond promptly to your appeals.
Contact information for data protection questions:
• Email: 22x22.app@gmail.com
You can also use the feedback function directly in the application (if implemented) or through our official social media communities (if any) to ask questions of interest.
We value your trust and do everything possible to keep your personal information safe. Thank you for using 22x22!