Skip to main content
ChefsPantry
Home
Data processing and access requests

Data Processing

Effective date: April 8, 2026

This page describes how ChefsPantry processes personal data, our security commitments, and how to submit data subject access requests.

Scope and role

ChefsPantry acts as a data controller for personal information collected through the service. When you use ChefsPantry, we process your personal data to provide meal-planning, pantry management, grocery ordering, and related features as described in our Privacy Policy.

Processing purposes

We process personal data only for the purposes described in our Privacy Policy:

  • Providing and securing the service, including authentication and account management.
  • Generating meal plans, grocery outputs, and pantry workflows requested by you.
  • Processing payments, sending operational emails, and delivering customer support.
  • Improving product reliability, monitoring abuse and fraud risk, and troubleshooting incidents.
  • Complying with legal obligations and enforcing our Terms of Service.

Security measures

We implement administrative, technical, and organizational safeguards to protect personal data, including:

  • Encryption in transit (TLS) for all data communication.
  • Encryption at rest for our database and file storage.
  • Principle-of-least-privilege access controls with role-based permissions.
  • Audit logging on sensitive operations (authentication, billing, data access).
  • Regular dependency and security updates with automated vulnerability scanning.

For more details, see the "Retention and security" section of our Privacy Policy.

Subprocessor management

We maintain a list of subprocessors (third-party vendors) that process personal data on our behalf. Each subprocessor is contractually bound to process data only as instructed and to maintain appropriate security measures. We provide at least 30 days advance notice before adding a new subprocessor.

View the current list on our Subprocessors page.

Data subject access requests

You have the right to access, correct, delete, or port your personal data. We respond to verified requests within the timeframes required by applicable law:

  • CCPA/CPRA (California): 45 days, extendable by an additional 45 days when reasonably necessary.
  • GDPR/UK GDPR (EU/UK): 30 days, extendable by up to two additional months for complex requests.

To submit a request, email support@chefspantry.io or use the form below. We will verify your identity before responding.

Minimum 20 characters.

Prefer email? You can also write to support@chefspantry.io.

Data return and deletion

When you delete your account, we delete your personal data within 30 days, subject to encrypted backup rotation (up to 35 days). Billing records are retained for at least 7 years as required by U.S. tax law. Application logs and security telemetry are retained for up to 90 days, then deleted or fully anonymized.

For the full retention schedule, see our Privacy Policy.

International transfers

ChefsPantry and its subprocessors are primarily hosted in the United States. For transfers of EU/UK personal data, we rely on recognized transfer mechanisms such as the EU-U.S. Data Privacy Framework and 2021 Standard Contractual Clauses. For details on a specific subprocessor, please contact us.

Governing law

This data processing information is governed by the laws of the State of Utah, United States, consistent with our Terms of Service. For users in jurisdictions with additional data protection requirements (such as the EU, UK, or California), the applicable local law requirements are met as described in our Privacy Policy.

Contact

Questions about data processing can be sent to support@chefspantry.io.