Privacy Policy

COOKBOOK is an internalauthoring platform operated by Jack Morton (“we”, “us”). Our team uses it to structure pitch material and develop client presentation and experience concepts. Access is invite-only and protected by a site-wide gate and per-account sign-in; the platform is not open to the public, and clients do not log in to it. This policy explains what the platform processes, and how.

Information we process

• ·Account information.For team members who sign in: email address, name, and role. Access is protected by a shared site-wide access password (a gate) and per-account sign-in via a one-time code emailed to you — we do not store individual account passwords.
• ·Project content you provide. Presentations (e.g. PowerPoint files) and other materials uploaded to a project, the text and images extracted from them, and the concepts, renders, microsites, and documents generated from that content.
• ·Activity & usage records.An audit log of actions taken in the platform (who did what, and when) and AI-usage/cost records — used for security, accountability, and operating limits such as daily spend caps.

What we do not collect

We do not run third-party advertising or analytics trackers, build behavioral profiles, or sell or rent any information. There is no public sign-up, no marketing list, and no external contact form. The platform sets only the strictly-necessary cookies described below.

Cookies

COOKBOOK sets only essential cookies: a sign-in/session cookie that keeps you authenticated, the site-gate cookie that controls access, and a small preference cookie that remembers your light or dark theme. These are required for the platform to function; there are no advertising or cross-site tracking cookies.

How we use it

We use this information solely to provide and operate the platform: to ingest and structure uploaded material, generate concepts and deliverables, render output, enforce operating limits, and secure and administer the service. We do not sell personal information.

AI processing

Generating intelligence, concepts, copy, and renders sends the relevant project content to third-party AI providers for processing on our behalf: Anthropic (the Claude API) and Google Cloud(Vertex AI / Gemini). Under those providers’ API terms, content submitted through their APIs is not used to train their models; it is sent only to produce the output requested.

Hosting & sub-processors

• ·Supabase — database, authentication, and file storage (US region).
• ·Vercel — application hosting and content delivery.
• ·Anthropic and Google Cloud (Vertex AI) — AI processing, as above.

Each is engaged under its data-processing terms. We do not share project content with anyone else except as needed to operate the service or as required by law.

Storage & security

Data is encrypted in transit and at rest. Access is restricted by row-level security and role, the original uploaded files are preserved byte-for-byte, and the service-role credential has a single audited entry point. See our security overview for the threat model and the vulnerability-reporting path.

Retention

We keep project content and account information for as long as the related project is active and as needed to operate the platform. Project content is removed when a project is deleted, and a team member’s account information is removed when their access is revoked. There is no automated public deletion-request flow today — an internal team member can ask the platform administrator to delete a project and its files.

Security and usage records (the audit log and AI-cost ledger) are an append-onlyrecord kept for security and accountability, for the life of the engagement and a reasonable period afterward. Because that record is append-only by design, an erasure request against it is honored by the administrator redacting the personal identifier (e.g. the email) in the affected entries rather than deleting them, so the integrity of the security record is preserved. Specific retention periods are confirmed with counsel before any use outside the internal team.

Your choices & contact

Because COOKBOOK is an internal, invite-only tool, requests to access, correct, or delete information it holds — including the data-subject rights that may apply to you (access, correction, deletion/erasure, and a copy of your data) — are handled internally: contact your COOKBOOK platform administrator at Jack Morton, who will action the request and confirm completion. We do not operate a public contact form or external request inbox for this platform.

Changes

We may update this policy as the platform evolves. Material changes will be reflected by the “last updated” date above.