Cheffed Privacy Policy
Last Updated: November 25, 2025
This Privacy Policy explains how Cheffed Ltd ("Cheffed", "we", "us", "our") collects, uses, discloses and protects your personal information when you use:
- our mobile application(s) ("App"); and
- our website at cheffed.app and any related pages ("Website"),
together, the "Services".
By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
We are committed to complying with applicable data protection laws, including (where they apply) the UK GDPR, EU GDPR, and relevant privacy laws in other jurisdictions.
1. Who We Are & How to Contact Us
The data controller responsible for your personal information is:
If you are in the EU/UK and we appoint an EU/UK representative, we will update this section with their details.
2. Information We Collect
The types of personal information we collect depend on how you use the Services.
2.1 Information you provide directly
- Account details: name, email address, password, profile photo, app language / region.
- Profile & preferences: dietary preferences, allergies, cuisine interests, cooking skill level, nutrition goals.
- Recipes & content: recipes you create or import, images you upload, notes, tags, cookbooks, meal plans, grocery lists, ratings and comments.
- Support & communication: messages you send to us (email, in-app support, social media), feedback, survey responses, bug reports.
- Payment information: when you purchase a Subscription via our Website, billing address and partial payment card details may be processed by our payment providers (we do not store full card numbers ourselves).
2.2 Information we collect automatically
When you use the Services, we automatically collect certain information, such as:
- Device & technical data: device model, operating system version, unique device identifiers, app version, language, time zone.
- Usage data: features you use, screens viewed, interactions with recipes, frequency of use, search queries, taps/clicks, and session duration.
- Log data: IP address, browser type, referring/exit pages, timestamps, crash logs and diagnostics.
- Approximate location: derived from IP address or device settings, used e.g. to localise units and content.
We may use cookies, SDKs, pixels and similar technologies to collect this information (see Section 7).
2.3 Information from third parties
We may receive personal information about you from:
- App stores (e.g. Apple, Google), relating to purchases and installation.
- Analytics providers (e.g. PostHog) that help us understand how the Services are used.
- Payment processors that confirm whether payments have been completed.
- Social or sign-in providers, if you choose to log in with them (e.g. Apple Sign-In) – this may include your name, email address and profile identifiers.
We treat information received from third parties in accordance with this Privacy Policy and any additional restrictions imposed by the source.
3. How We Use Your Information
We use your personal information for the following purposes and legal bases:
3.1 To provide and operate the Services
(performance of a contract / legitimate interests)
- create and manage your Account;
- save and sync your recipes, cookbooks, meal plans and grocery lists;
- enable Cook Mode and recipe timers;
- process Subscription payments and manage your plan;
- send service communications (for example, password reset emails, changes to our terms).
3.2 To personalise your experience
(legitimate interests / consent where required)
- suggest recipes, tags, cookbooks or features you might like;
- remember your dietary preferences, units (metric/imperial), and other settings;
- tailor in-app messaging and onboarding.
3.3 To improve the Services
(legitimate interests)
- analyse how users interact with the App and Website;
- debug issues, prevent crashes, and improve performance;
- develop new features and functionality.
3.4 To provide support
(performance of a contract / legitimate interests)
- respond to your questions, requests and complaints;
- investigate technical issues and service interruptions.
3.5 For marketing and communication
(consent / legitimate interests)
- send you product updates, tips, and offers related to Cheffed;
- run surveys, beta programmes, or promotions.
You can opt out of marketing communications at any time by using the unsubscribe link in our emails or adjusting your notification settings.
3.6 For security, fraud prevention and legal compliance
(legal obligations / legitimate interests)
- protect Accounts from unauthorised access;
- detect and prevent abuse of the Services;
- enforce our Terms of Use;
- comply with legal obligations and respond to lawful requests from authorities.
4. Sharing Your Information
We do not sell your personal information.
We may share your information with:
4.1 Service providers
Trusted third parties who perform services on our behalf, such as:
- cloud hosting and database providers (e.g. Supabase);
- analytics providers;
- email and push notification services;
- customer support tools;
- payment processors and subscription management providers.
They only process your information as instructed by us and under appropriate confidentiality and security obligations.
4.2 Affiliates
We may share information with our group companies (if any) for operational, support and administrative purposes.
4.3 Legal and safety
We may disclose information if we reasonably believe it is necessary to:
- comply with a law, regulation, legal process or governmental request;
- enforce our Terms of Use;
- protect the rights, property or safety of Cheffed, our users, or the public.
4.4 Business transfers
If we are involved in a merger, acquisition, financing, reorganisation, or sale of all or part of our business, your information may be transferred as part of that transaction. We will take reasonable steps to ensure your privacy continues to be protected.
4.5 With your consent
We may share your information for other purposes if you consent or request that we do so.
5. International Transfers
We may store and process your personal information in countries other than the one in which you are located, including the United Kingdom, European Union, and United States.
When we transfer personal information outside the UK/EEA, we will:
- rely on an adequacy decision (where available), or
- use appropriate safeguards such as Standard Contractual Clauses, or
- rely on another legally permitted transfer mechanism.
By using the Services, you understand that your information may be transferred to and processed in these locations.
6. Data Retention
We retain personal information for as long as reasonably necessary to:
- provide the Services;
- comply with legal, tax or accounting requirements;
- resolve disputes and enforce our agreements.
If you close your Account, we will:
- delete or anonymise personal information associated with your Account within a reasonable period, except where we need to retain certain information for legal or legitimate business purposes (for example, transaction records, security logs);
- keep de-identified or aggregated data that does not identify you, which we may use for analytics and product improvement.
7. Cookies & Similar Technologies
We use cookies and similar technologies in our Website and App to:
- keep you signed in;
- remember your preferences;
- analyse usage and performance;
- support marketing and measuring the effectiveness of campaigns.
Cookies may be:
- session cookies, which are deleted when you close your browser; or
- persistent cookies, which remain on your device until they expire or are deleted.
You can control cookies through your browser settings and, where applicable, through in-app controls. If you disable cookies, some features of the Services may not function properly.
We may use third-party analytics cookies (e.g. PostHog). These providers may collect information about your use of our Services and other sites over time. Please review their own privacy policies for details.
8. Security
We take reasonable technical and organisational measures to protect your personal information, including:
- encryption in transit (HTTPS) and at rest where appropriate;
- access controls and authentication;
- secure development and logging practices.
However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your information.
You are responsible for:
- keeping your Account password confidential;
- using a unique, strong password;
- notifying us promptly if you suspect unauthorised access to your Account.
9. Your Rights
Depending on where you live, you may have certain rights regarding your personal information.
If you are in the UK/EEA (or similar jurisdictions), you may have the right to:
- Access: obtain a copy of the personal information we hold about you.
- Rectification: request correction of inaccurate or incomplete information.
- Erasure: ask us to delete your personal information in certain circumstances.
- Restriction: ask us to restrict processing in certain circumstances.
- Portability: receive your information in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.
- Object: object to processing based on our legitimate interests, and to direct marketing at any time.
- Withdraw consent: where we rely on consent, you may withdraw it at any time (this does not affect the lawfulness of processing before withdrawal).
To exercise these rights, contact us at privacy@cheffed.app. We may need to verify your identity before responding. We will respond within the time period required by law.
If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority (for example, the Information Commissioner's Office in the UK).
10. Children
The Services are not intended for children under 16 (or under the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age.
If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@cheffed.app and we will take steps to delete such information where required by law.
11. Third-Party Links & Services
The Services may contain links to third-party websites or services (including recipe sites, supermarkets, social networks, or video platforms). We are not responsible for the privacy practices of those third parties.
We encourage you to read the privacy policies of any third-party services you use.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- post the updated version on the Website and/or in the App; and
- update the "Last updated" date at the top.
If we make material changes, we will provide additional notice (for example, via email or in-app messaging). Your continued use of the Services after the changes take effect means you accept the updated policy.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact us at:
Email: privacy@cheffed.app
Postal: Cheffed Ltd, [Registered address]