Privacy Policy

Account information: your name and email address, which you provide when you sign up.

Business data: your business name, type, state, menu items, equipment, and staff information. You enter this during onboarding and can update it anytime.

Compliance data: HACCP plans, temperature logs, cleaning logs, receiving logs, and documents you upload. This is the core of what PassMyKitchen stores for you.

Usage data: pages you visit and features you use. We collect this through PostHog to understand how people use the product so we can improve it.

Payment data: payments are processed by Razorpay. We never see or store your card details. We only store your subscription status and invoice records.

We use your data to provide the PassMyKitchen service: storing your compliance records, generating your HACCP plan, and running your daily checklists.

When you generate a HACCP plan or ask a compliance question, your business data is sent to the Claude AI API for processing. See the "AI data processing" section below for details.

We send transactional emails (signup confirmation, password reset, billing notifications) using Resend. We do not send marketing emails without your consent.

We use anonymized analytics data to improve the product. This means we can see that "50 users completed a checklist today" but not what any individual user logged.

When you use PassMyKitchen, your business data is sent to Anthropic's Claude API to generate your HACCP plan and answer your compliance questions. This data is processed per Anthropic's API terms and is not used to train their models.

We send only the minimum context needed for each request. For example, when generating a HACCP plan, we send your business type, menu items, equipment list, and state. We do not send your account email, payment information, or unrelated data.

Your data is stored in Supabase, a US-based database provider. All data is encrypted at rest and in transit. Access to your data is controlled by row-level security, which means each user can only access their own business data.

We use the following third-party services to operate PassMyKitchen:

• Supabase (database): stores your account, business, and compliance data.
• Anthropic (AI): processes your business data to generate HACCP plans and answer compliance questions.
• Razorpay (payments): processes your subscription payments. Receives your payment card details directly.
• Resend (email): sends transactional emails. Receives your email address and name.
• Vercel (hosting): hosts the PassMyKitchen web application.
• PostHog (analytics): collects anonymized usage data to help us improve the product.
• Sentry (error tracking): receives error reports when something goes wrong, which may include page URLs and browser information.

Access your data: you can view all your data within the PassMyKitchen app at any time.

Export your data: you can export your data in JSON format from your account settings.

Delete your data: you can delete your account and all associated data from your account settings. After deletion, your data is preserved for 30 days in case you change your mind, then permanently deleted.

Opt out of analytics: you can opt out of PostHog analytics tracking. Essential cookies for authentication cannot be disabled.

Authentication cookies (essential): these keep you logged in. They are required for the app to work.

PostHog analytics cookies (optional): these help us understand how people use the product. You can opt out of these.