🍳Surprise Chef AI

Privacy Policy

Last updated: 3 April 2026

1. What We Collect

Surprise Chef AI collects and stores the following data that you provide:

  • Account information — email address, display name
  • Household data — household name, location, preferred store, weekly budget
  • Family profiles — names, age groups, dietary restrictions, allergies, food preferences, nutrition goals, and medical dietary notes
  • Pantry inventory — items, quantities, categories, stock status
  • Recipes — saved recipe cards including ingredients, steps, ratings, and notes
  • Meal plans — weekly meal plans with associated recipes
  • Shopping lists — items, quantities, prices, check status
  • Food events — cooking history, food reactions, milestones, preference changes
  • Grocery prices — price history from receipt scans and store lookups

2. How We Use Your Data

Your data is used to:

  • Provide personalised meal planning, recipe suggestions, and shopping lists through your AI assistant
  • Track your household's food preferences and cooking history over time
  • Generate dietary alerts based on family member allergies and medical notes
  • Estimate grocery costs based on your price history
  • Enable sharing features (shared recipes, public recipe directory)

We do not use your data to train AI models. Your data stays in your household and is never sold to third parties.

3. How We Store Your Data

All data is stored in Supabase (hosted on AWS) with:

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.2+)
  • Row Level Security (RLS) — you can only access your own household's data
  • API key authentication for MCP connections
  • OAuth 2.0 with PKCE for AI platform connections

4. Who Can Access Your Data

  • Household members — people you invite can see shared household data (pantry, meal plans, household recipes, shopping list)
  • Guests — people you invite as guests can only view meal plans and RSVP
  • Your AI assistant — Claude, ChatGPT, or any MCP-connected AI reads your household context to provide personalised help
  • Public viewers — only recipes you explicitly share via the “Share” button become publicly visible
  • Surprise Chef team — we may access data for debugging with your permission, but never routinely view user data

5. Data Retention

Your data persists until you choose to delete it. You can:

  • Delete individual recipes, meal plans, shopping list items, and food events at any time
  • Remove family profiles
  • Delete your account, which removes all associated data permanently

6. Your Rights

Under the Australian Privacy Act 1988 and GDPR (where applicable), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Withdraw consent at any time

7. Third-Party Services

  • Supabase — database and authentication
  • Cloudflare Workers — MCP server hosting
  • Vercel — web application hosting

We do not share your personal data with advertisers, data brokers, or any other third parties.

8. Cookies

We use essential cookies only for authentication session management. No tracking or advertising cookies.

9. Security Vulnerabilities

If you discover a security vulnerability, please report it to trevor@tpbkitchens.com.au. We take all reports seriously and will respond promptly.

10. Contact

For privacy-related questions or requests:

Email: trevor@tpbkitchens.com.au
Support: trevor@tpbkitchens.com.au

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of Surprise Chef after changes constitutes acceptance.