Privacy Policy

Effective Date: March 28, 2026 | Last Updated: March 28, 2026

1. Introduction

SusChef ("Company", "we", "our", or "us") operates the SusChef mobile application (available on iOS) and website located at suschef.co (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you access or use our Service.

By creating an account or using the Service in any way, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, and authentication credentials collected through our third-party authentication provider (Clerk). If you sign in via Apple, Google, or other SSO providers, we receive only the information you explicitly authorize those services to share.
  • Profile & Preferences: Dietary preferences, food allergies, cuisine preferences, household size, cooking skill level, lifestyle information, and health goals you provide during onboarding or update in settings.
  • User-Generated Content: Chat messages, recipe requests, meal plan feedback, fridge inventory data, grocery lists, and any other content you create within the Service.
  • Photos & Images: When you use the fridge scanning feature, you may grant access to your device camera or photo library. Images captured or selected are uploaded to our servers solely for AI-powered ingredient detection.
  • Support Communications: Any information you provide when contacting us via email or the in-app contact form, including your name, email address, and message content.

2.2 Information Collected Automatically

  • Usage Analytics: We collect anonymized usage data through PostHog, including feature interactions (e.g., generating meal plans, scanning fridge, chatting with AI), session duration, and screen views. This data is not linked to your personal identity.
  • Device Information: Device type, operating system version, app version, and general device identifiers necessary for app functionality.
  • Log Data: Server logs may record your IP address, request timestamps, and API endpoints accessed. These logs are used for security monitoring and are automatically purged on a rolling basis.

2.3 Information We Do NOT Collect

  • We do not collect payment card numbers or financial information directly. All payment processing is handled by third-party providers (e.g., Apple In-App Purchase, Stripe) and we never have access to your full payment details.
  • We do not collect precise geolocation data.
  • We do not access your contacts, microphone, or any device sensors beyond the camera (when explicitly granted).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain the core features of SusChef, including personalized meal plans, recipe recommendations, fridge inventory management, and grocery list generation.
  • AI Processing: To send your cooking preferences (not your identity or contact information) to AI providers for generating recipes, meal plans, and ingredient analysis.
  • Image Processing: To process uploaded fridge photos through AI for ingredient detection. Images are processed and are not used for any purpose beyond ingredient identification.
  • Personalization: To tailor content and recommendations based on your stated dietary preferences, allergies, and cooking habits.
  • Communications: To send transactional emails (welcome emails, account updates) and respond to support requests. We do not send unsolicited marketing emails.
  • Analytics & Improvement: To understand aggregate usage patterns and improve the Service. Analytics data is anonymized and cannot be used to identify individual users.
  • Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contractual Necessity: Processing necessary to provide the Service you requested (account creation, meal planning, recipe generation).
  • Consent: Where you have given explicit consent, such as granting camera access or opting into analytics.
  • Legitimate Interest: For security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights.
  • Legal Obligation: Where processing is required to comply with applicable law.

5. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal information to any third party for their marketing purposes. We share data only with the following categories of service providers, solely to operate the Service:

  • Clerk (clerk.com) — Authentication and identity management. Processes your email, name, and authentication tokens. Subject to Clerk's Privacy Policy.
  • PostHog (posthog.com) — Anonymized product analytics only. No personally identifiable information is sent. Subject to PostHog's Privacy Policy.
  • OpenAI (openai.com) — AI-powered recipe generation, meal planning, and fridge scanning. We send cooking preferences and ingredient data; we do not send your name, email, or other identifying information. Subject to OpenAI's Privacy Policy.
  • Amazon Web Services (AWS) — Cloud infrastructure, data hosting, and image storage. All data is encrypted at rest and in transit. Subject to AWS's Privacy Policy.
  • Resend (resend.com) — Transactional email delivery. Receives your email address solely for sending account-related emails. Subject to Resend's Privacy Policy.
  • Apple / Stripe — Payment processing for subscriptions. We do not receive or store your payment card details. Subject to their respective privacy policies.

We may also disclose your information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

6. Data Retention

  • Account Data: Retained for as long as your account is active. Upon account deletion, all personal data is permanently removed from our production systems within 30 days.
  • Chat History & Meal Plans: Stored to provide continuity of service. Deleted when you delete your account.
  • Uploaded Images: Fridge scan images are processed for ingredient detection and may be retained for up to 90 days to improve scan accuracy, after which they are automatically deleted. Images are never used for training AI models.
  • Analytics Data: Anonymized analytics data may be retained indefinitely as it cannot be linked to any individual user.
  • Server Logs: Automatically purged on a 90-day rolling basis.
  • Backup Systems: Deleted data may persist in encrypted backups for up to 90 days before being permanently removed.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

  • All data in transit is encrypted using TLS 1.2 or higher (HTTPS).
  • All data at rest is encrypted using AES-256 encryption.
  • Authentication tokens are securely managed through Clerk and never stored in plaintext.
  • API access is secured with short-lived bearer tokens.
  • We conduct regular security reviews of our codebase and infrastructure.

Despite these measures, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You use the Service at your own risk.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. You can delete your account directly from the app settings at any time.
  • Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@suschef.co. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Shine the Light: California residents may request information about our disclosure of personal information to third parties for direct marketing. We do not disclose personal information for third-party direct marketing.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place, including standard contractual clauses where required by applicable law.

11. Cookies & Tracking Technologies

Our website uses essential cookies required for authentication and session management (provided by Clerk). We use PostHog for anonymized analytics which may use cookies or similar technologies. We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. The mobile app does not use cookies.

12. AI-Specific Disclosures

  • SusChef uses third-party AI models (OpenAI) to generate recipes, meal plans, and process fridge scans.
  • Your cooking preferences and ingredient data are sent to AI providers to generate personalized content. Your name, email, and other identifying information are never sent to AI providers.
  • We do not use your personal data to train, fine-tune, or improve AI models. Your data is used solely for generating responses to your requests.
  • AI-generated content (recipes, meal plans) may not always be accurate. Always verify nutritional information and allergen content independently.

13. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have inadvertently collected personal information from a child under the applicable age, we will take steps to delete such information as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@suschef.co.

14. Third-Party Links

The Service may contain links to third-party websites, services, or content that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of material changes by updating the "Last Updated" date at the top of this page and, where required by law, by sending you an email notification. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

16. Disclaimer of Liability

To the maximum extent permitted by applicable law, SusChef shall not be liable for any unauthorized access to or alteration of your personal data, any material or data sent or received or not sent or received, or any transactions entered into through the Service. SusChef shall not be liable for any loss or damage arising from content generated by AI systems, including but not limited to recipes that may contain allergens not identified, inaccurate nutritional information, or unsuitable food combinations. Users are responsible for verifying all food safety and allergen information independently.

17. Governing Law

This Privacy Policy shall be governed by and construed in accordance with applicable law in the jurisdiction where the Company operates. Any disputes arising under or in connection with this policy shall be subject to the exclusive jurisdiction of the competent courts in that jurisdiction, without prejudice to your rights under applicable consumer protection laws.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

We aim to respond to all privacy-related inquiries within 30 days.