Privacy Policy
Last Updated: July 7, 2026 (v1.6)
This Privacy Policy explains how ChefxDoor (“we”, “us”, “our”) collects, uses, and shares information when you use the ChefxDoor mobile application and related services (the “Service”). By using the Service you agree to this Policy.
1. Information we collect
Information you provide
- Phone number. Required to create an account and receive SMS verification codes. Phone numbers are stored in a hashed form for lookup; the plaintext number is retained only where it is required to deliver SMS to you.
- Date of birth. Collected via an age-verification step the first time you use this version of the Service, whether your account is new or already existed. You cannot continue using the Service without providing a date of birth that confirms you are at least 18 years old. We store the date of birth, an age-verified flag, and the timestamp of verification. We do not display your date of birth to other users.
- Profile information. Name, profile photo, and (for cooks) kitchen name, bio, cuisines, and dietary tags.
- Listing and request content. Photos, descriptions, prices, pickup locations, and any text you submit when creating menus, stories, food requests, offers, messages, or reviews.
- Communications. Messages you send to other users through the in-app chat, and support requests you send to us.
- Consent and acceptance records. The version of our Terms of Service and this Privacy Policy you accepted, the date and time of acceptance, and your SMS consent choices (transactional and, if applicable, marketing), each stored with a version number, timestamp, source screen, and a hashed IP address and user agent at the time of consent. We retain these records to demonstrate compliance with applicable law (including TCPA and consumer-protection rules).
Information collected automatically
- Device and app information. Device model, OS version, app version, language, and crash diagnostics.
- Approximate or precise location. Used to surface nearby cooks, food, and requests, and to compute pickup distance. Precise location is only collected if you grant the permission. Other users see derived information such as approximate distance or area — they do not see your raw coordinates.
- Push notification token. Used to send message and request notifications to your device. We also record the device name and OS version at the time of registration so we can target a notification to the right device.
- Authentication and security logs. Sign-in attempts, verification-code requests, hashed IP address, and user agent, kept for fraud and abuse prevention and for investigating security incidents.
- Usage data. Pages viewed, items tapped, and timestamps, used to operate and improve the Service. Some events also include a small structured metadata payload (for example, the identifier of the button you pressed or the navigation path you came from) that we use for analytics and debugging.
- Story and engagement signals. View counts, follows, comments, demand signals, and other interactions associated with stories and listings. These signals are used to power discovery feeds, demand rankings, and recommendation systems. See Section 2 for details.
Information from third parties
- SMS provider (Twilio). Delivery status of verification codes and other SMS we send, including STOP/HELP keyword events used to honor opt-outs.
- Object storage and content delivery providers (including Cloudflare Stream and Cloudflare Images). Hosting, transcoding, and streaming of photos and videos you upload.
- AI providers (OpenAI). When you use AI-assisted features, the content you provide for that feature (such as food photos or dish descriptions) is sent to OpenAI to produce a response. This traffic is routed through a Zero Data Retention (ZDR) agreement: inputs and outputs are not retained by OpenAI on their servers beyond completing the request. We do not send your phone number, date of birth, profile photos containing your face, or other contact details to AI providers.
2. How we use your information
- To create and authenticate your account, including age verification and SMS verification codes.
- To connect cooks and customers, display listings, route messages and requests, and facilitate community discovery.
- Transactional SMS and push notifications. Verification codes, security alerts, new messages, new offers, accepted offers, request updates, and other essential service messages. These cannot be turned off without losing the ability to use the Service.
- Marketing SMS. Sent only if you have explicitly opted in via Settings → Notification Settings → SMS Preferences. Marketing SMS is off by default and can be turned off again at any time, in-app or by replying STOP.
- Discovery, ranking, and recommendations. Story views, follows, comments, and demand signals are used to generate demand insights, rank content in feeds, power the discovery algorithm, and surface relevant cooks and dishes to users. Stories that have expired from public view may be retained in internal analytics systems for service improvement. Engagement data is aggregated and is not shared with third parties in personally identifiable form.
- To prevent fraud, abuse, and security incidents, to enforce our Terms, and to investigate reports.
- To debug, monitor, and improve the Service.
- To comply with legal obligations and to maintain records of consent and policy acceptance.
3. How we share information
- With other users. Your public profile, listings, stories, requests and offers, and any messages you send to a counterparty are visible to that counterparty as needed to operate the community platform. We do not share your date of birth, raw coordinates, hashed phone, IP address, or consent records with other users.
- With service providers. Hosting, database, SMS delivery (Twilio), push delivery, video streaming and content delivery, error monitoring, analytics, and AI processing providers, under contracts that limit them to processing data on our behalf.
- For legal reasons. When required by law, court order, or to protect the rights, property, or safety of ChefxDoor, our users, or the public.
- In a business transfer. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred subject to this Policy.
We do not sell your personal information.
4. Messaging, moderation, and admin access
Private messages between users are accessible to the sender and the recipient. ChefxDoor staff do not routinely read private messages. We may, however, access message content, listing content, story content, or report metadata in the following limited circumstances:
- Reports and flags. When a user reports content or another user, the reported content and surrounding context may be reviewed by our moderation team to enforce our Terms and Community Guidelines.
- Automated abuse detection. Our systems may flag content (for example, suspected spam, fraud, or unsafe behavior) for review.
- Legal or safety obligations. When required by law, court order, or to address an imminent threat to a person’s safety.
- Debugging. A small number of authorized engineers may access technical logs that contain message metadata (such as timestamps and identifiers) when investigating an incident; access is logged and limited to what is necessary.
Access to user data inside ChefxDoor is restricted to authorized staff under a need-to-know basis, and administrative actions are logged.
5. Data retention
- Account information and anonymization. Your profile, listings, and messages are retained while your account is active. Within 30 days of account deletion, your phone number, date of birth, profile photo, and name are replaced with anonymized placeholder values. Message content you sent is anonymized in the same processing cycle. The underlying account record is retained in anonymized form to preserve referential integrity with consent records, moderation history, and financial audit trails.
- Request location coordinates. Precise latitude and longitude you provide in food requests are cleared 90 days after the request date. City-level information is retained for aggregate analytics.
- Cook kitchen location audit records. Each time a cook updates their kitchen location, a record of the change is written to an internal audit log (used to guard against accidental overwrites). These audit records are retained for up to 2 years and then permanently deleted.
- Consent and authentication records. Terms acceptance, Privacy acceptance, SMS consent, and authentication logs are retained for a longer period — typically several years — to comply with TCPA, consumer-protection, and audit requirements, even after your account is deleted.
- Analytics and engagement data. Aggregated story and engagement signals may be retained beyond account deletion in anonymized or de-identified form and may continue to inform recommendation and ranking systems.
- Moderation and safety records. Reports filed against content or accounts, moderation decisions, and safety incident logs may be retained for an extended period to support enforcement consistency and to defend against legal claims, even after your account is deleted.
- Backups. May contain residual copies of your data for a limited period after deletion before they are overwritten in the normal backup rotation (within 90 days).
You may request deletion of your account at any time (see Section 8).
6. Security
We use industry-standard safeguards including encryption in transit (TLS), hashed phone numbers and hashed IP addresses in our database, encrypted date-of-birth storage, signed authentication tokens, scoped access controls for staff, and audit logs of administrative actions. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.
7. Age restriction and children
ChefxDoor is intended for users who are at least 18 years of age. The Service is not directed to, and we do not knowingly collect personal information from, anyone under 18. We do not knowingly collect personal information from children under 13, and the Service is not intended to be used by children under 13 in any capacity. If you are under 18, you may not create an account or use the Service.
We confirm age by collecting date of birth at signup and computing age server-side; accounts that fail this check are not granted access. If you are a parent or guardian and you believe a person under 18 has provided us with personal information, please contact support@chefxdoor.com. We will promptly delete the account and any associated personal information, except where retention is required by law.
8. Your rights and choices
- Access, correction, and deletion. Update your profile in the app, or email support@chefxdoor.com to request access to or deletion of your account data.
- Location and notifications. You can disable location access and push notifications at any time in your device settings.
- SMS. Manage transactional and marketing SMS in Settings → Notification Settings → SMS Preferences. You may also reply STOP to any SMS to opt out; carriers typically treat STOP as a global block for all ChefxDoor messages from that number, including transactional ones, which may impair your ability to use the Service.
- California residents. You have the rights described in the California Consumer Privacy Act, including the right to know, delete, and not be discriminated against for exercising your rights. We do not sell your personal information.
9. Geographic availability — United States only
ChefxDoor is available exclusively in the United States. During our current Illinois beta, the Service is primarily available in the Chicago metropolitan area and surrounding Illinois communities. We do not offer or accept users from outside the United States at this time, and accounts associated with non-US phone numbers cannot complete registration.
All data is processed and stored on servers located in the United States. If you are a US resident using the Service while temporarily outside the country, your information continues to be processed under this Policy.
10. Changes to this policy
We may update this Policy from time to time. Each version of this Policy has a version number and a “Last updated” date. We record which version of the Terms of Service and this Privacy Policy you accepted, when, and from which screen. If we make material changes, we will prompt you to review and accept the new version the next time you open the app and will not let you continue without accepting it. Continued use of the Service after the changes take effect means you accept the updated Policy.
11. Illinois Biometric Data (BIPA)
ChefxDoor processes photos and videos you upload as part of the Service. This section explains our practices with respect to the Illinois Biometric Information Privacy Act (740 ILCS 14) (“BIPA”).
- No biometric identifiers collected. ChefxDoor does not use facial recognition technology and does not extract, collect, store, or use biometric identifiers or biometric information as defined by BIPA — including retina scans, iris scans, fingerprints, voiceprints, scans of hand or face geometry, or biometric templates. Photos and videos you upload are stored and served as-is; they are not processed to generate biometric templates or to identify individuals by physical characteristics.
- AI image processing. When you use AI-assisted features (such as food image enhancement), photos of food or dishes you submit are sent to OpenAI to generate a response. ChefxDoor does not submit profile photos containing your face, or any other personally identifiable image, to AI providers for generative processing. Content sent to OpenAI is processed under a Zero Data Retention agreement and is not retained by OpenAI beyond completing the request. ChefxDoor does not receive or store biometric templates from OpenAI.
- Video processing. Cooking story videos you upload are hosted and served via Cloudflare Stream for transcoding and delivery. Cloudflare does not extract biometric information from your videos on our behalf.
- Retention and destruction. Photos you upload are retained while your account is active and removed from public serving within 30 days of account deletion. Videos hosted via Cloudflare Stream are deleted within 30 days of account closure. Backup copies containing residual image or video data are overwritten within 90 days in our normal backup rotation. ChefxDoor does not retain biometric data beyond these periods.
- No sale of biometric data. ChefxDoor does not sell, lease, trade, or otherwise profit from any biometric data.
- Future biometric features. If ChefxDoor ever implements features that collect biometric identifiers or biometric information as defined under BIPA, we will first: (a) inform you in writing of the specific data to be collected, the purpose, and the retention schedule; and (b) obtain your affirmative written consent before collecting any such data.
12. Breach notification
In the event of a security breach that affects your personal information, we will act promptly and transparently:
- Containment. Upon discovering or being notified of a potential breach, we will immediately work to contain it, preserve evidence, and assess the scope and nature of information affected.
- User notification. If we determine that a breach creates a risk to your personal information, we will notify you by in-app alert and, where we have a valid email address, by email. We will describe what happened, what information was affected, and what steps we are taking to address it. We aim to provide this notification within 72 hours of confirming the breach where technically feasible.
- Regulatory notification. We will notify applicable regulatory authorities (including under the Illinois Personal Information Protection Act and any other applicable state law) within the timeframes required by law.
- Remediation. We will take appropriate steps to remediate the breach, which may include credential resets, access revocation, and improvements to our security controls.
To report a security concern or suspected breach, contact us immediately at support@chefxdoor.com.
13. Contact us
For privacy questions, contact ChefxDoor at support@chefxdoor.com.