Privacy Policy

Hugo — iOS

Last updated: May 22, 2026

This policy describes how Hugo ("we," "us") handles information when you use the Hugo mobile app on iOS. We describe what we collect, why, who we work with, and what choices you have.

If you also use our public website at https://usehugo.app (for example to learn about Hugo or follow links), the same policy applies to information collected through that site as described here. See Section 18 below for the small set of cookies and analytics the website uses, and how to control them.

1. What Hugo is

Hugo is a recipe app for iPhone. You can save and organize recipes, import from links you provide, adapt recipes and create your own versions, use collections, add private notes, and use optional AI help for cooking Q&A. Free and paid tiers may differ as shown in the app.

2. Information we collect

Depending on your choices and the features you use, this may include:

• Account and profile — if you create an account: email address, display name, and any other identifiers you provide.
• Your recipe library — text, structure, and media you add or import, links you submit for import, notes, favorites, collections, and relationships between recipes when you adapt one or create your own version.
• Import feature— when you paste a URL, we or our systems may request that content to extract recipe data. We process what is needed to run the import; we do not control third parties' own sites, cookies, or terms.
• AI features— when you start a chat or ask for help, your message, the recipe or context you attach, and the model's response are sent to a third-party AI provider (see Section 12). Do not send information you are not comfortable having processed for that purpose. You may avoid this entirely by not using the AI feature.
• Service operations — data needed to run, secure, and improve the app, such as device or app identifiers, IP address, timestamps, and diagnostic or error data.
• Error and crash reporting (Sentry) — we use Sentry to capture crashes and runtime errors so we can fix bugs. Reports may include device and OS information, app version, stack traces, a pseudonymous identifier, IP address, and the screen or action that triggered the error. We configure Sentry to avoid capturing your recipe content, notes, or AI prompts.
• Product analytics (PostHog) — we use PostHog to understand how features are used so we can improve Hugo. PostHog receives a pseudonymous identifier, app version, device and OS type, approximate region from IP, and event metadata describing which screens you open and which features you tap. We do not send your recipe content, notes, or AI prompts to PostHog.

3. Lawful bases for processing

Where the GDPR or UK GDPR applies, we rely on the following lawful bases:

• Contract performance (Art. 6(1)(b)) — providing the account, recipe library, import, and subscription features you signed up for.
• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service diagnostics, and improving Hugo, where those interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)) — complying with applicable law, tax obligations, and lawful government requests.
• Consent (Art. 6(1)(a))— AI chat and cooking Q&A features, which you initiate voluntarily. You may withdraw consent at any time by not using those features.

4. How we use information

We use information to provide and improve Hugo, process imports and AI requests, operate free and subscription features, communicate about the service, secure accounts, comply with law, and enforce our terms. We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising.

5. Subscriptions

Paid plans are processed by Apple through your Apple ID. We may receive subscription status or transaction identifiers from Apple to unlock features; we do not receive your full card number from Apple for that purchase flow.

6. Sharing

We use service providers to run Hugo, including hosting, authentication, import services, AI inference (see Section 12 for the AI providers we currently use), Sentry for error and crash reporting, and PostHog for product analytics. These providers are permitted to use data only to provide services to us and are bound by data processing terms consistent with this policy. We may disclose information if we believe in good faith it is required by law, or to protect the rights, property, or safety of users, Hugo, or the public.

7. Retention and deletion

We keep your information for as long as your account is active and as needed to provide the app, unless a longer period is required for security or legal compliance.

To request deletion of your account and personal data, email chefhugoapp@gmail.com with the subject "Account deletion request." We will process your request within 30 days. We are working on adding in-app account deletion and will update this section when it is available. Backups may retain data for a short additional period required for security.

8. Security

We use reasonable technical and organizational measures. No system is perfect; use strong authentication and keep your device updated.

9. Your rights

Depending on where you live, you may have the following rights regarding your personal data. To exercise any of them, email chefhugoapp@gmail.com. We may need to verify your identity before acting on a request.

• Access — obtain a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — request erasure of your personal data, subject to legal retention obligations.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to restrict processing of your data in certain circumstances (e.g. while a dispute is resolved).
• Objection — object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.
• Automated decision-making — you have the right not to be subject to a decision based solely on automated processing that produces significant legal or similarly significant effects. Hugo does not make such decisions about you; AI features provide suggestions only and are not used to make binding decisions.
• Withdraw consent — where we rely on consent (e.g. AI features), you may withdraw at any time by discontinuing use of that feature.

EEA and UK users may also lodge a complaint with their local supervisory authority. EU users: if you are unable to resolve a concern directly with us, you may contact the supervisory authority in your EU member state. An EU/EEA representative as required under GDPR Art. 27 is being appointed and will be listed here once confirmed.

10. LGPD — Brazilian users

Hugo is operated by Dowhile, a Brazilian company. Processing of personal data is therefore also governed by Brazil's Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018). We rely on the following legal bases under LGPD Art. 7:

• Execution of a contract (Art. 7, II) — providing the account, library, import, and subscription services.
• Legitimate interests (Art. 7, IX) — security, fraud prevention, and service improvement, balanced against your rights.
• Compliance with a legal obligation (Art. 7, II) — fulfilling obligations under applicable Brazilian and international law.
• Consent (Art. 7, I) — AI features, which you initiate voluntarily and may stop using at any time.

Under LGPD Art. 18, Brazilian residents have the right to: confirmation that processing exists; access to their data; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or excessive data; portability; deletion of data processed with consent; information about entities with which data has been shared; information about the consequences of not providing consent; and revocation of consent. To exercise these rights, email chefhugoapp@gmail.com.

Complaints may be lodged with Brazil's national data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD).

11. U.S. state privacy (e.g. California)

California residents (and residents of other U.S. states with applicable privacy laws) may have the right to know what personal information we collect, to delete it, to correct it, and to opt out of its sale or sharing. Hugo does not sell your personal information. Hugo does not share your personal information for cross-context behavioral advertising. We will not discriminate against you for exercising your privacy rights. To submit a request, email chefhugoapp@gmail.com.

12. AI data processing

When you use the AI cooking assistant, your message and any recipe context you attach are sent to one or more third-party AI inference providers. We currently use services from OpenAI, Anthropic, and Google. All three are based in the United States. Under their standard API terms, data you submit through the API is not used to train their models. We will update this section if we add, change, or remove providers.

If you are not comfortable with your queries being processed by these providers, do not use the AI feature. It is entirely optional and the rest of Hugo works without it.

13. International transfers

Dowhile is based in Brazil. If you use Hugo from the EU, UK, or another country, your data may be transferred to and processed in Brazil or the United States (where our AI providers and certain other service providers operate).

For transfers of personal data from the EU or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Art. 46(2)(c), and the equivalent UK mechanism under UK GDPR. For international transfers under Brazilian LGPD, we apply contractual safeguards with our providers consistent with LGPD Art. 33.

14. Children

Hugo is not directed at children. The minimum age to use Hugo is:

• 13 in the United States (as required by COPPA).
• 16 in the EU/EEA, or the lower age permitted by your member state (minimum 13) under GDPR Art. 8.
• Parental or guardian consent required for minors in Brazil under LGPD Art. 14.
• The minimum age applicable in your country in all other regions.

We do not knowingly collect personal information from children below these ages. If you believe we have, contact us at chefhugoapp@gmail.com and we will delete it promptly.

15. Third-party links

Import and sharing features can involve other sites. Their privacy practices are their own.

16. Changes

We may update this policy. We will change the "Last updated" date and, for material changes, provide additional notice in the app or by email where the law requires. If we add or change third-party SDKs, we will update this policy and the app's store privacy labels before those changes go live.

17. Marketing website — cookies and analytics

This section covers only the public marketing website (https://usehugo.app). The Hugo iOS app is described in the sections above.

We use Google Analytics 4 to understand how visitors find and use the site so we can improve it. Google receives a pseudonymous identifier, the pages you visit, referral source, approximate region derived from your IP, device and browser type, and basic interaction events (clicks on the App Store badge, FAQ expansions, section scroll depth, language switches, and Android waitlist form submissions, successes, and errors — the email itself is never sent to Google Analytics). Google Analytics is configured with IP collection retained only at country/region granularity, advertising features off, and no data sharing with Google Ads. We do not run third-party advertising on the site and we do not use the site to build cross-site behavioral profiles.

The website uses the following small set of cookies and local storage entries:

• hugo_consent (local storage) — remembers your cookie choice so we do not ask again. Strictly necessary; set only after you click Accept or Reject.
• hugo_locale (cookie, 12 months) — set if you manually pick a language in the footer, so the site stops trying to redirect you to a different language. Strictly necessary.
• _ga, _ga_*(cookies, up to 13 months) — set by Google Analytics 4 to distinguish unique visitors. Created only after you click Accept on the cookie banner. If you click Reject, GA4 runs in "consent denied" mode and these cookies are not written.

We also receive a CloudFront-Viewer-Country header from Amazon CloudFront on the first request, used only to decide whether to redirect a visitor at the root URL to a localized version of the homepage. This header is not stored.

To change your choice, clear the hugo_consententry from your browser's local storage for this site and reload — the banner will reappear. You can also clear all site cookies through your browser settings, or email chefhugoapp@gmail.com and we will help.

18. Android waitlist

If you submit the Android waitlist form on the marketing website, we collect your email address, optionally a name you provide, the language you used on the site, the page or section the form was submitted from, the country derived from a Cloudflare header, and a salted SHA-256 hash of your IP address used only for short-term abuse and rate-limit protection. We do not store your raw IP.

We use this information for the single purpose of notifying you when Hugo for Android is available. The form is protected by Cloudflare Turnstile, a privacy-friendly anti-bot challenge; Cloudflare receives the minimum signals needed to evaluate the challenge. Lawful bases: consent (GDPR Art. 6(1)(a) / LGPD Art. 7, I) for sending the notification email, and legitimate interests (GDPR Art. 6(1)(f) / LGPD Art. 7, IX) for spam and abuse prevention.

We keep waitlist entries until Hugo for Android ships, then for an additional 90 days to complete the launch notifications, and then we delete them. You can unsubscribe or ask for early deletion at any time by emailing chefhugoapp@gmail.com.

19. Contact

Data controller: Dowhile (CNPJ 24.931.801/0001-39), Brazil. Privacy questions: chefhugoapp@gmail.com. You can also use the support options listed in the App Store or in the app.