Privacy Policy

1. Scope & who we are

This Privacy Policy explains how ChefHat handles personal data of creators (“Chefs”), subscribers (“Members” or “Fans”), and visitors. It applies to chefhat.io, chef subdomains (e.g. yourname.chefhat.io), and any custom domains we serve.

2. Information we collect

• Account data: your name, email address, and — for Chefs — the social media handle you connect. Sign-in is via email magic link or Google.
• Onboarding data: answers to the optional onboarding questionnaire and an optional phone number.
• Payment data: handled by Stripe. ChefHat does not store full card numbers; we receive limited billing metadata (e.g. subscription status, card last-4, country) from Stripe.
• Chef payout & identity data: collected and verified by Stripe (KYC) so you can be paid. ChefHat stores Stripe account identifiers and capability flags, not your full verification documents.
• Content data: the recipe videos and metadata from the social media account a Chef connects, and the recipes and images we derive from them.
• Member activity: recipes you view and save, shopping lists, cook logs, ratings, and comments you create.
• Technical data: device and browser information, IP address, and cookie/log data.

3. How we use your information

• Provide and operate the service: build and run Chef apps, process subscriptions and payouts, and generate recipes from videos.
• AI processing: we use automated tools, including Google's Gemini models, to analyze connected videos and extract recipe data (ingredients, steps) and to enhance images.
• Communications: transactional and onboarding emails (e.g. welcome and payment notices).
• Support, security, fraud prevention, and improving the product.

4. Legal bases (GDPR / LGPD)

Where required — for example in the EU/EEA under the GDPR, or in Brazil under the LGPD — we process personal data to perform our contract with you, for our legitimate interests in operating and improving the service, to comply with legal obligations, and with your consent where consent is needed.

5. How we share information — service providers

We share data with vendors that help us run ChefHat, under appropriate agreements. We do not sell personal data. Our main providers are:

• Stripe — payments, subscriptions, payouts, and identity verification.
• Supabase — database, authentication, and file storage.
• Resend — transactional and onboarding email.
• Apify — importing the videos from the social media account you connect.
• Google (Gemini) — AI processing of videos into recipe data.
• Vercel — application hosting and delivery.

6. Connected content & demo sites

We import the videos from the social media account a Chef connects to build their app, and we may generate demo previews from a handle; unclaimed demo previews are deleted within about a week. If you are a creator and want a demo or imported content removed, contact us and we will action it.

7. Legal disclosures & business transfers

We may disclose data where required by law or to protect rights, safety, and our service, and we may transfer data as part of a merger, acquisition, or sale of assets, subject to this policy.

8. Cookies

We use cookies for sign-in and session management and to remember preferences such as your chosen language. Essential cookies are required for the service to function.

9. Data retention

We keep personal data while your account is active and as needed to provide the service and to meet legal, tax, and accounting obligations, after which we delete or anonymize it. Backups may persist for a limited period.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or object to or restrict the processing of your personal data, and to withdraw consent. Contact us to exercise these rights and we will respond as required by law.

11. International transfers

We and our providers may process data in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for those transfers.

12. Children

ChefHat is not directed to children below the minimum age in your jurisdiction, and we do not knowingly collect their personal data.

13. Security

We use technical and organizational measures to protect personal data, but no method of transmission or storage is completely secure.

14. Changes to this policy

We may update this policy; we will revise the “last updated” date and communicate material changes.

15. Contact

Privacy questions or requests: support@chefhat.io. ChefHat is operated from Brazil and handles personal data in line with the LGPD. [A postal address and, where required, a data-protection contact or EU representative to be added by counsel.]