Top of page

Privacy policy

At Cook it Recipes (hereinafter Cook it), transparency about how we collect, use and disclose your personal data is important to us. 

The purpose of this privacy policy (the “policy”) is to inform you about how we process personal data. We want you to know for what purposes and how we collect your personal data and how it is stored and used.

If you have any questions about this policy or our personal data handling practices, you can contact us at:

[email protected]
514-544-2665 (Montréal, QC)

877-559-0546 (Canada)

4220, Griffith street, Ville Saint-Laurent (Québec) H4T 4L6

As a participant in the AdChoices self-regulatory program in Canada managed by the Digital Advertising Alliance of Canada (DAAC), we adhere to DAAC’s principles for interest-based advertising, providing you with improved notification, transparency and control of our digital marketing practices. Click here for more information on our digital marketing practices.

This privacy policy applies when you browse and use our website at, and when you use our meal kit delivery services (the “Delivery Services”) or participate in our loyalty programs. It also applies when you communicate or interact with us on social media, by email or otherwise in connection with our contests or digital marketing activities. We will use the term “Services” when referring to all such activities without distinction.

This privacy policy applies to personal data. By “personal data” we mean any information that allows us to identify you directly or indirectly, including “cookies” and other electronic data. If you click on links leading to third parties’ websites, applications, or services from our Services, this privacy policy does not apply to the collection, use and disclosure of personal data by these external services. For example, if you navigate to our social media pages, the privacy policies of those third parties apply. (Facebook, Instagram, YouTube and Pinterest) It is always wise to read the privacy policies of third parties to understand their practices regarding your personal data.

  • Personal data related to the Cook it Services subscription

When you choose to sign up for Cook it Delivery Services, we will first ask you to verify whether we deliver to your area. To do this, we will collect your email address and postal code. 

In order to offer you the full range of Cook it Services and to deliver your food box to your desired address, we collect personal data such as the number of adults and children in your delivery package, your menu preferences, the number of recipes to be sent per week, your first name, your last name, your email address, your phone number, your payment method and your address for the Cook it box delivery.

We collect personal data about your transactional purchases, including the history, the amount, the type of products ordered, and your comments on previous recipes and ratings. Your account contains personal data such as your delivery schedule, language choice and food preferences.

These personal data are not shared with third parties for commercial purposes. If we share information about the use of our Delivery Services and product popularity, for example, we ensure that we prepare aggregate data that does not identify our subscribers.

  • Personal banking and financial data 

To provide our Delivery Services, we collect personal data related to your credit card. Our service provider, BrainTree, offers credit card payment as well as payment through your PayPal account. We do not have access to your credit card number, which is processed exclusively through BrainTree. 

We use a PCI DSS compliant third party, and we do not have access to this information which is processed directly through this third party implemented on our website. Our provider collects your credit card number, your full name, your credit card expiration date, the CVV number on the back of your credit card and order prices. BrainTree also monitors your transactions for fraud prevention purposes and may perform fraud risk analyses based on your personal data. BrainTree shares your personal data with PayPal and other credit card payment providers they use. Click here to view BrainTree’s privacy policy.

  • Data related to the Star Chef programs

All Cook it Services subscribers are automatically enrolled in the Star Chef program, a rewards program that allows you to accumulate stars with every purchase, by participating in the challenges and activities offered by Cook it and by referring Cook it to your friends. Subscribers may redeem their stars for items in Cook it‘s Pantry and/or access various promotions on our website. By participating in this program and completing challenges, you authorize Cook it to collect your personal data as well as information about your stars, rewards and the friends you refer to Cook it.

  • Automatically generated personal data 

When you use the Cook it Services, our servers automatically collect data about your access to the Services, including your IP address, your browser type and configuration, your operating system, the length of your visit, pages viewed, your geographic location, your language preferences and your device’s information. We collect this information to make our Services work efficiently, to fix bugs and to ensure the security of our Services. For example, we may collect your browser language to present you with the correct language version of the web application service. 

To ensure the security of our digital infrastructure—we collect and control audit logs particularly to monitor system performance, potential security threats and vulnerabilities, resource utilization, and to detect unusual system activity or service requests.

  • Personal data related to customer service

We will process your personal data to respond to your customer service requests or technical support requests related to our Delivery Services. We use external service providers for these purposes, including the Zendesk integrated ticketing system. Some of these providers are located in the United States. We will process the personal data you provide to us only for the purpose of responding to your requests, or to improve our Services in response to that request.

  • Personal data related to employment

If you decide to apply for one of the jobs on our website, we will collect any personal data you provide with your application and only for the purpose of processing your application. We use third parties who are responsible for facilitating the receipt of applicant profiles. Hiring service providers may host the personal data you share with them on servers located outside of Canada, including the United States. Here are some examples of our service providers: Grenier, Indeed.

  • Personal data related to communications and social media

When you communicate with us through forms, emails, contests, or social media, we collect the personal data you choose to share with us.

  • Use of personal data

Our goal is to better understand the needs of our customers, and help them discover our products or services, by communicating with them in a respectful and efficient manner.

Yes, and we maintain procedures to comply with applicable laws. You may withdraw your consent to receive email promotions at any time by using the automated feature in the emails, or by contacting us at vieprivé[email protected]. We do not purchase mailing lists, nor do we sell our mailing lists to third parties.

A “cookie” is a small file that is transferred from a website to your computer. It is used to store information about your interactions with our website, such as your preferences when you browse our website, and can be retrieved later by the website. Cookies may come from third parties, or they may be set by us. Cookies may be temporary, or they may be set for a longer period of time, up to a maximum of 24 months.

Session CookiesWe use session cookies to better understand how you interact with our website, and to monitor overall usage and web traffic information. A session cookie is a cookie that is set only for the duration of your browsing session.
Persistent CookiesWe use persistent cookies to recognize you each time you return to our website. For example, we create a persistent cookie that includes some basic information about you, such as your most recent search, the date of your most recent visit, pages visited, and files downloaded. A persistent cookie is set for longer than your browsing session and is necessary for behaviour analysis. They are never set for more than 2 years. 

We use the following types of cookies:

  • Cookies that are essential to the operation of the website and functional cookies that are required for certain features to be available, even if they are not essential to your use of the website.
  • Analytics cookies, which are used to generate aggregate statistics about traffic to our website and visitor behaviour. This type of cookie does not allow us to identify you individually. These cookies are often set by third parties, and this usage data is collected by them. Analytical cookies may be used to count the number of times an ad is shown to one of our subscribers and to calculate the cost of those ads. They also help us track the number of times you take certain actions, such as making a purchase following an advertisement. For example, the _fbp cookie is used by Facebook to provide us with analytical services and is set for a period of 90 days.

We also use cookies for marketing purposes, including targeted advertising for audiences available on social networks. Some cookies help us serve and measure our ads in different browsers and devices used by the same person. For example, these cookies may be useful to us in making sure you don’t see the same ad over and over again!

Yes, we use various cookie services provided by Google, including analytics and targeted advertising services, such as the DoubleClick, AdWords, AdSense and Google Analytics products. Through features provided by Google, we can combine these products with our other targeted advertising products, and target individuals based on their preferences.

You can use the feature Ads Settings provided by Google to manage your targeted advertising preferences. You will still receive ads based on factors such as your general location, browser type and search terms in the Google browser.For more information on how Google uses cookies, you can view their cookie policy here.

Targeted advertising is the delivery of ads that are based on your interests. To determine your interests, targeted advertising uses cookies to better understand your preferences through the information the cookie stores when you use a web browser. Without the mentioned advertising, you will still see advertisements, but they will not be personalized to your interests. For example, we use Facebook Pixel to create audiences that get targeted ads based on traffic to our website. You can review your Facebook ad preferences by clicking here, and you can also control the data used in targeted ads on Facebook by clicking here. These features also allow you to determine which ads you want to see through Facebook’s audience network advertising. You can also review the information that companies share with Facebook about your interactions with them when you visit their application or website by clicking here.

Browsers and devices have tools that allow you to control cookies: you can block them, ensure that you are notified when you are subject to cookies and control the cookies already stored on your device. However, if you block all cookies, you may not be able to access all the functionalities of the Services.

Depending on the browser that you are using, different instructions apply. Click on your browser to have more information:

We may share personal data with third parties in certain circumstances, including to administer, provide, secure and improve our Services, to respond to requests for assistance, to host our Services, to prevent fraudulent activity, or as required by law under a subpoena or other legal process. 

Our categories of third parties are:

  • Website/infrastructure/storage hosting providers
  • Payment services providers
  • Customer support tools providers
  • Employee recruitment services providers
  • Communication tools providers
  • Delivery services providers
  • Analytics and promotional services providers

We ensure that appropriate contractual clauses are included in our contracts when suppliers have access to personal data.

  • Access to data

Personal data is only accessible to authorized employees and third parties in the course of their work and our services.

Data about our subscribers are business assets of Cook it. As a result, subscriber data, including personal data, may be disclosed in connection with a merger or acquisition involving Cook it, the formation of a separate business, the sale or pledge of Cook it’s assets, and in the event of insolvency, bankruptcy, liquidation or legal redress.

We retain personal data for as long as necessary to provide you with our Services or as required by applicable law, whichever is longer. We use both persistent and session cookies. Session cookies are deleted as soon as you close your browser, while persistent cookies remain active on your device for some time. For example, Google Analytics cookies remain on your device for two (2) years.

We implement security measures commensurate with the risks, including using providers that have appropriate certifications and safeguards. Our credit card payment service provider, BrainTree, is PCI DSS Level 1 certified, and they do not host your payment validation code when you pay online. We use 3D Secure 2 (3DS2), the new industry standard for authenticating individuals for credit card payments to protect you from identity theft. When you pay by credit card, your credit card number is stored in BrainTree Vault, which is encrypted with multiple encryption keys, so that even in the event of unauthorized access to the Vault, your credit card information would be unreadable. We use multi-factor authentication to protect our account access to BrainTree, which also conducts vulnerability scans on a quarterly basis and ensures that an intrusion test is conducted annually on the credit card processing environment. 

Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. It is your responsibility to keep your credentials secure and we suggest that you use secure networks, such as a private network, when shopping online.

Our web platform is hosted on Amazon Web Services (AWS) servers located in Canada. However, our service providers may process your personal data outside Quebec, including in the United States, depending on their location. These countries may have different laws to protect or provide access to your personal data.

While not absolute, the rights that may apply to you include the right to access your personal data and the right to rectify your personal data if they are incorrect, incomplete, invalid or ambiguous.

To exercise your rights or if you have any questions about how we collect, use or disclose your personal data, or about how we have responded to your request, please let us know by contacting us at:

[email protected]

514-544-2665 (Montréal, QC)

877-559-0546 (Canada)

4220, Griffith street, Ville Saint-Laurent (Québec) H4T 4L6

If you wish to exercise any of these rights and the situation allows it, we will assist you at no additional charge. However, if you request a transcription, reproduction or transmission of your personal data, we may charge you reasonable fees to process your request—subject to applicable law. In this case, we will contact you regarding such fees before processing your request.

For security reasons and to prevent fraudulent requests, we may ask you to provide proof of identity with your request. Once the request is processed, we will securely delete this personal data.

If your request is denied, we will notify you in writing and provide detailed reasons and information on how to challenge our decision. We will retain the relevant personal data until you have exhausted your options. We will certainly respond to your request within thirty (30) days.

Please note that the Office of the Privacy Commissioner of Canada drafted this informative page to help you access your personal data when it is held by a business. 

If you have any questions about your rights regarding the protection of your personal data, you may contact Quebec’s Commission d’accès à l’information (Access To Information Commission):

Toll-free: 1-888-528-7741

Email: [email protected]

Hours of operation: 8:30 a.m. to 12:00 p.m.  /  1:00 p.m. to 4:30 p.m.

Mailing addresses

City of Québec office
Suite 2.36
525 René-Lévesque Boulevard East
City of Québec, QC  G1R 5S9
Telephone: 418-528-7741
Fax: 418-529-3102
Montréal office
Suite 900
2045 Stanley Street
Montréal, QC  H3A 2V4
Telephone: 514-873-4196
Fax: 514-844-6170

If you live outside the province of Quebec, you may contact the Office of the Privacy Commissioner of Canada:

9 a.m. to 4 p.m. (ET)
Toll-free: 1-800-282-1376

Mailing address

Office of the Privacy Commissioner of Canada 

30 Victoria Street 

Gatineau, QC

K1A 1H3

You can also fill out this information request form.

If you have a complaint. We will do our best to answer your questions and, if necessary, improve our privacy protection processes. We will also provide you with additional information about our practices if requested.
If you are still not satisfied, you can file a complaint with Quebec’s Commission d’accès à l’information using this online form or with the Office of the Privacy Commissioner of Canada using this online form.

We may update this privacy policy from time to time, so please be sure to review this policy before using our services. Below is the date of the last update.

Latest update: May 10, 2023