Privacy Policy

We may collect the following categories of information:

• account information, such as name, email address, phone number, and role;
• profile and kitchen information, such as kitchen name, slug, branding images, and descriptions;
• order information, such as meals selected, side selections, quantities, prices, status, and pickup details;
• payment and billing metadata from our payment providers, such as customer IDs, checkout session IDs, payment intent IDs, and subscription status;
• device, browser, IP, and usage information typically collected through website operation, security logging, and hosting infrastructure;
• anti-abuse identifiers, such as hashed IP addresses, browser identity tokens, and normalized email values, used to enforce rate limits and detect platform abuse;
• audit and compliance records, such as agreement-acceptance logs (including IP and user-agent at the time of acceptance), order events, and payment events;
• communications and support information you send to us or through the Platform.

We use information to:

• create and maintain user accounts and kitchen profiles;
• display kitchen discovery pages and kitchen-specific menu pages;
• process orders, support pickup logistics, and apply cutoff, side-selection, and order-limit rules;
• process payments, refunds, subscriptions, and billing administration;
• authenticate users, secure the Platform, prevent abuse, and investigate fraud or violations;
• maintain operational records, audit trails, and dispute-resolution evidence;
• improve functionality, usability, and reliability of the Platform;
• communicate with users about orders, account activity, support, and policy updates.

We may share information:

• with kitchens and chefs, to the extent needed to fulfill customer orders and coordinate pickup;
• with service providers that support authentication, hosting, analytics, storage, communications, and payment processing;
• with payment and billing providers, including Stripe, to process transactions, refunds, subscription billing, and fraud review;
• with legal, regulatory, insurance, banking, or law-enforcement recipients when required by law or reasonably necessary to protect rights, users, or the Platform;
• in connection with a merger, acquisition, financing, sale of assets, or similar business transaction.

We do not promise that chef-facing data will remain hidden from kitchens where that data is necessary to operate the marketplace. For example, customer order details, pickup-related details, and customer contact information may be disclosed to the fulfilling kitchen as needed for order management and support.

Customer payments and chef subscription billing are processed by third-party payment providers. We do not store full payment card numbers on our own servers. However, we may receive payment-related metadata such as transaction identifiers, status updates, customer IDs, subscription IDs, and refund information.

Information that chefs choose to publish through the Platform, such as kitchen names, menu descriptions, logos, cover images, prices, pickup details, and kitchen slugs, may be publicly visible to customers and other visitors.

We retain information for as long as reasonably necessary to operate the Platform, maintain business and tax records, process refunds and billing events, enforce our terms, resolve disputes, comply with legal obligations, and preserve audit trails.

Because the Platform maintains operational and payment-related records, some account, order, and event data may be retained even after an account is no longer active.

We use commercially reasonable administrative, technical, and organizational measures intended to protect information. However, no system is perfectly secure, and we cannot guarantee that information will never be accessed, disclosed, altered, or destroyed without authorization.

Depending on your location, you may have legal rights to request access to, correction of, deletion of, or portability of certain personal information, or to object to or limit certain processing. Some requests may be denied where retention is required for legal, security, payment, fraud-prevention, tax, or operational reasons.

You may also update certain profile information within the Platform. To make a privacy request, contact us at privacy@eatcantina.co.

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through the Platform, contact us so we can review and address the issue.

The Platform may rely on or link to third-party services, including payment providers, authentication providers, hosting and database providers, or other external services. Their privacy practices are governed by their own policies, not ours.

Information may be processed or stored in the United States or other locations where we or our service providers operate. By using the Platform, you acknowledge that your information may be transferred to and processed in jurisdictions with data-protection rules different from those in your location.

We may update this Privacy Policy from time to time. The updated version becomes effective when posted unless a later date is stated. Your continued use of the Platform after the effective date indicates acceptance of the revised Privacy Policy.

Questions or privacy requests may be sent to privacy@eatcantina.co.