1. Introduction
Chef Broshurko ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard your information when you use our website, support pages, and mobile application (together, the "Service"). Please read this policy carefully. If you do not agree with this Privacy Policy, please do not use the Service.
2. Data Controller
The data controller responsible for your personal data is Chef Broshurko. For any privacy-related inquiries, please contact us at privacy@chefbroshurko.com.
3. Information We Collect
3.1 Information You Provide
- Account and authentication information: Name, email address, profile image, Clerk user identifier, authentication state, and sign-in provider information such as Apple or email sign-in.
- Preferences and planning settings: Preferred stores, selected brochure periods, dietary preferences, allergies or intolerances, budgets, servings, excluded ingredients, language, and platform settings.
- Shopping lists, recipes, and user content: Products you add, quantities, purchased status, planned and purchased costs, recipe requests, dish names, generated recipes, recipe images, day plans, missing ingredients, and saved recipe details.
- Feedback and support: Support requests, bug reports, feature requests, messages, language, platform, and any communications you send to us.
3.2 Information Collected Automatically
- Device and app information: Device type, operating system, app version, browser version for the website, language, platform, and network or request metadata needed to operate the Service.
- Usage and performance data: Features used, pages visited, interaction patterns, website analytics, speed measurements, and app events needed to improve reliability and usability.
- Diagnostics and crash data: Error logs, crash reports, and technical diagnostics that help us improve stability and performance.
- Log data: IP address or request metadata, access times, backend logs, webhook events, and security-related records.
3.3 Information from Third Parties
- Authentication and billing providers: Clerk account data, App Store or Google Play subscription status, RevenueCat entitlements, virtual currency or recipe credit balance, purchase or restore events, and related identifiers. We do not receive your payment card details from app stores.
- Website analytics, advertising measurement, and infrastructure providers: Vercel Analytics, Vercel Speed Insights, Google Tag Manager, Google Analytics, Google Ads conversion tracking, hosting, database, storage, and backend providers may process usage, performance, request, diagnostic, and consent-controlled marketing measurement data to operate and improve the Service.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service and its features.
- Personalise your experience, including preferred stores, brochure periods, dietary constraints, budgets, product suggestions, and shopping list flows.
- Generate AI-powered recipes, day plans, ingredient matches, shopping list suggestions, recipe images, and cost or savings estimates.
- Communicate with you about your account, feature updates, and support responses.
- Monitor and analyse usage patterns to improve the Service's performance and user experience.
- Detect, investigate, and prevent fraudulent or unauthorised activities.
- Comply with legal obligations.
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Consent: Where you have given us clear consent to process your data for specific purposes.
- Contractual necessity: Where processing is necessary to provide the Service and its features under our terms.
- Legitimate interest: Where we have a legitimate interest in processing your data (e.g., improving our services, security, and fraud prevention), balanced against your rights.
- Legal obligation: Where we are required to process your data to comply with applicable laws.
6. Data Sharing & Disclosure
We do not sell your personal data. We may share your information with:
- Service providers: Trusted third-party services that help us operate the Service, including Convex for backend database/storage/functions, Clerk for authentication, RevenueCat for subscription and entitlement management, Vercel for hosting and website analytics/performance, Google services for consent-controlled analytics and advertising measurement, and app stores for purchases. These providers process data under their own terms and data processing commitments.
- AI sub-processors: AI recipe, day-plan, ingredient-matching, shopping-list, pricing-assistance, nutrition-estimate, and image features may process selected products, dish names, prompts, budgets, servings, dietary preferences, allergies, excluded ingredients, generated outputs, and technical metadata through AI providers or gateways. We do not use your personal data to train our own AI models.
- Legal requirements: When required by law, regulation, legal process, or governmental request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service, maintain security, resolve support issues, enforce terms, and comply with legal obligations. You can delete your account in the mobile app from Profile settings. Account deletion triggers removal of your user record, preferences, shopping lists, shopping list items, recipes, recipe images stored by us, recipe generation records, and related account data in our backend, with best-effort RevenueCat customer cleanup. Some records may be retained where required by law, for fraud prevention, security, dispute resolution, tax or accounting obligations, or app store requirements. Deleting your account does not cancel an active App Store or Google Play subscription; subscriptions must be cancelled through the relevant app store. Anonymised or aggregated usage data may be retained for analytics.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request that we restrict the processing of your data.
- Right to portability: Request your data in a structured, machine-readable format.
- Right to object: Object to the processing of your data based on legitimate interests or for direct marketing.
- Right to withdraw consent: Withdraw any consent you have given at any time.
To exercise any of these rights, please contact us at privacy@chefbroshurko.com. We will respond to your request within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Secure authentication with industry-standard protocols.
- Regular security assessments and access controls.
- Employee training on data protection best practices.
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Chef Broshurko is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under this age, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised transfer mechanisms.
12. Cookies & Tracking Technologies
The website may use cookies or similar technologies for analytics, performance measurement, authentication, security, feature enhancement, and consent-controlled advertising measurement through tools such as Google Tag Manager, Google Analytics, and Google Ads conversion tracking. The mobile app may use secure local storage for authentication tokens, language settings, pending preferences, and similar app state. You can manage browser cookies through your browser settings, the website consent banner, and app permissions through your device settings.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you within the Service or by email. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:
- Email: privacy@chefbroshurko.com
- Data Protection Officer: dpo@chefbroshurko.com