Skip to main content
ChefsPantry
Home
ChefsPantry privacy and cookie controls

Privacy Policy

Effective date: April 8, 2026

This Privacy Policy explains how ChefsPantry collects, uses, discloses, and safeguards personal information when you use our website, applications, and related services.

Information we collect

  • Account details such as name, email address, authentication identifiers, and profile preferences.
  • Household and meal-planning data such as dietary preferences, allergies, pantry inventory, grocery plans, and cook-session history.
  • Billing and subscription data processed through Stripe (we do not store full payment card numbers).
  • Support and communication data when you email us or respond to product updates.
  • Technical data such as IP address, browser/device data, app logs, and security/diagnostic telemetry.
  • Product analytics and engagement data such as page views, click events, feature usage, conversion events, session identifiers, and aggregated behavior signals — collected only after you grant analytics consent.

How we use information

  • Provide and secure the service, including sign-in, account management, and subscription access.
  • Generate meal plans, grocery outputs, and pantry workflows requested by you.
  • Process payments, send operational emails, and deliver customer support.
  • Improve product reliability, monitor abuse/fraud risk, and troubleshoot incidents.
  • Comply with legal obligations and enforce our Terms of Service.

How we share information

We may share personal information with service providers and partners that help us run ChefsPantry. We do not sell personal information for monetary value. Where you grant analytics consent, we share limited engagement data with our analytics and advertising partners (PostHog and Meta Platforms) so we can measure how well our marketing reaches new users. You can withdraw analytics consent at any time using the cookie controls below, which immediately stops all sharing with these partners.

  • Authentication and identity providers (Clerk).
  • Payment processors (Stripe).
  • AI vendors used for meal-plan and recipe generation (OpenAI, Google Generative AI). See the AI processing section below.
  • Infrastructure and data processing providers (Amazon Web Services, Supabase Postgres).
  • Email and notification providers (Amazon SES, Resend).
  • Application monitoring providers (Sentry).
  • Product analytics providers (PostHog) — only after you grant analytics consent.
  • Advertising attribution partners (Meta Platforms / Facebook Pixel) — only after you grant analytics consent.
  • Grocery retailer integration partners (Instacart, Kroger, Walmart) — only when you choose to send a shopping list to a retailer.
  • Professional advisors and authorities when legally required.

AI processing and third-party AI vendors

ChefsPantry uses third-party artificial intelligence vendors to generate meal plans, recipes, recipe images, ingredient parsing for recipe imports, and cook-mode instructions. The current AI vendors are OpenAI (used for the recipe-import parser, recipe generation, and DALL-E 3 meal images) and Google Generative AI / Gemini (used for weekly meal plan generation).

What we send. When you use an AI-driven feature, we send the relevant input to the AI vendor on your behalf. This includes your dietary preferences, allergies, household size, available pantry items, recipe URLs you choose to import, and similar context needed to fulfill your request. We do not send your name, email, payment details, or other identifiers that are not required by the AI feature.

How vendors use it. AI vendors process this data only to return the generated output to ChefsPantry. We have data-processing agreements with our AI vendors that prohibit using your inputs to train their general-purpose models. We store AI prompt and response telemetry in identifiable form for up to 30 days for quality monitoring, then anonymize or delete it. See the retention schedule below.

Limitations of AI output. AI-generated content can be inaccurate or unexpected. ChefsPantry applies automated safety checks (allergen filtering, dietary restriction enforcement) and prefers fallback content over unsafe output, but you should always read each recipe before cooking and verify it against your own dietary needs. See our Terms of Service for the complete AI-output disclaimer.

Subprocessors

We rely on the following subprocessors to provide ChefsPantry. For a detailed breakdown, see our Subprocessors page. We update this list when we add or remove a vendor. If you would like to be notified of changes, please email support@chefspantry.io.

  • ClerkAuthentication, sign-in, and account identity management (United States).
  • StripePayment processing and subscription billing (United States (primary)).
  • OpenAIAI meal-plan and recipe generation, recipe import parsing, recipe image generation (DALL-E 3) (United States).
  • Google (Generative AI / Gemini)AI meal-plan generation and ingredient parsing (United States (primary)).
  • Amazon Web Services (ECS, RDS, S3, CloudFront, SES)Application hosting, database, file storage, content delivery, and transactional email delivery (United States).
  • ResendTransactional email delivery (secondary path) (United States).
  • SentryApplication error monitoring and diagnostic telemetry (United States (primary)).
  • Supabase (Postgres)Database hosting and row-level security enforcement (United States (primary)).
  • PostHogProduct analytics and engagement telemetry (consent-gated; only after you grant analytics consent) (United States).
  • Meta Platforms (Facebook Pixel)Conversion tracking and advertising attribution (consent-gated; only after you grant analytics consent) (United States).
Cookie settings

Cookies, analytics, and tracking

We use essential cookies and similar technologies for authentication, security, and session continuity. Analytics cookies are optional and are used for product performance and UX telemetry.

Non-essential analytics events are disabled by default until you explicitly consent. You can change your analytics cookie preference at any time using the controls below.

At this time, ChefsPantry does not respond to browser Do Not Track signals in a standardized way, because no uniform industry standard has been adopted.

Retention and security

We retain personal information only for as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce agreements. The schedule below describes our standard retention windows. Backup rotation may extend retention by an additional 90 days as encrypted backups age out.

  • Account profile and preferencesRetained while your account is active. Deleted within 30 days of account deletion (subject to encrypted backup rotation up to 35 days).
  • Pantry inventory, meal plans, cook history, and shopping listsRetained while your account is active. Deleted within 30 days of account deletion.
  • Billing records and invoicesRetained for at least 7 years after the relevant transaction to comply with U.S. tax and financial recordkeeping requirements.
  • Support emailsRetained as long as needed to resolve your inquiry and any related follow-up, then deleted in accordance with our standard data hygiene practices.
  • Application logs and security telemetryRetained for up to 90 days, then deleted or fully anonymized.
  • AI prompt and response telemetry (internal quality monitoring)Retained for up to 30 days in identifiable form, then deleted.

We use administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for our database and file storage, principle-of-least-privilege access controls, audit logging on sensitive operations, and regular dependency and security updates.

Your privacy rights

Depending on your location, applicable law may provide rights such as:

  • Access a copy of personal information we hold about you.
  • Request correction or deletion of personal information.
  • Request data portability where required by law.
  • Object to or restrict certain processing where required by law.
  • Withdraw consent when processing is based on consent.

To submit a privacy request, email support@chefspantry.io, or submit a request online below.

Minimum 20 characters.

Prefer email? You can also write to support@chefspantry.io.

California residents' rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the following rights regarding personal information we hold about you:

  • Right to know. Request the categories and specific pieces of personal information we have collected, the sources, the purposes of collection, and the categories of third parties we share it with.
  • Right to delete. Request that we delete personal information we have collected from you, subject to legal exceptions (for example, billing records we are required to retain).
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. ChefsPantry does not sell personal information for monetary value. We do share limited engagement data for cross-context behavioral advertising with PostHog and Meta Platforms when you grant analytics consent. You can opt out at any time by withdrawing analytics consent through the cookie controls on this page, or by contacting us at the email below.
  • Right to non-discrimination. We will not deny you service, charge you a different price, or provide a different level of service for exercising any of the rights above.
  • Right to limit use of sensitive personal information. Request that we limit our use of sensitive personal information to what is necessary to perform the service you requested. ChefsPantry does not use sensitive personal information (including allergy or religious dietary information) for any purpose other than providing the meal-planning service you requested.

To exercise any of these rights, email support@chefspantry.io or use the privacy request form above. We will verify your identity before responding and respond within the timeframes required by California law (generally 45 days, extendable by an additional 45 days when reasonably necessary).

You may also designate an authorized agent to make a request on your behalf. We will require proof of the agent's authority and may require you to verify your own identity directly.

EU and UK data subject rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation and equivalent UK and Swiss laws give you the rights listed in "Your privacy rights" above, plus the right to lodge a complaint with your local supervisory authority. To exercise your rights, email support@chefspantry.io.

Lawful basis for processing. We process personal information on the lawful bases of (a) performance of a contract (to provide the service you requested), (b) legitimate interests (to secure and improve the service, prevent fraud, and communicate operationally), (c) consent (for optional analytics cookies and marketing communications), and (d) legal obligation (to keep billing records and respond to lawful requests). For health-related data such as allergies that you choose to share, we additionally rely on your explicit consent under Art. 9(2)(a) GDPR and use it solely to provide the meal-planning service.

International data transfers. For transfers of EU/UK personal data to the United States, we work with our subprocessors to put recognized transfer mechanisms in place (such as the EU-U.S. Data Privacy Framework or 2021 Standard Contractual Clauses). If you are an EU/UK resident and would like to know the current status for a specific subprocessor, please contact us at the email above.

International transfers

If you access the service outside the country where our systems are hosted, your information may be transferred internationally. Where required, we rely on recognized transfer safeguards.

Children's privacy

ChefsPantry is intended for adult users (typically the household member responsible for meal planning and grocery purchasing). We do not knowingly create accounts for children under 13, and the service is not directed to children under 13.

Information adults provide about minors in their household. Some ChefsPantry features ask whether the account holder is cooking for children and allow the account holder to specify general age bands (such as "toddler", "school-age", or "teen") so that meal-plan suggestions can be biased toward kid-friendly options. This information is provided by the adult account holder about their household composition, not collected from a minor directly. We do not collect names, contact details, photos, or other identifying information about minors. The age-band setting is treated as ordinary household preference data and is subject to the same retention and security controls as other preference data. ChefsPantry does not personalize content based on any minor's individual identity, and we do not show advertisements to users based on minor-related household preferences.

If you believe a child under 13 has created an account in violation of this policy, please contact support@chefspantry.io and we will promptly delete the account and any associated data.

Changes to this policy

We may update this Privacy Policy from time to time. We will update the effective date above and provide notice of material changes through the website or by email when legally required.

Contact us

Questions about privacy, account access, or data rights can be sent to support@chefspantry.io.