Privacy Policy
Last updated: 24 May 2026
NutriChef AI ([ABN pending registration]) (“we”, “us”, “our”) operates the NutriChef web application (the “Service”). This Privacy Policy explains how we collect, use, store, disclose and protect personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs).
1. What we collect (APP 3, APP 5)
- Account information: email address, name, profile photo, and a unique identifier issued by our identity provider (Clerk Inc.).
- Household + dietary profile: household size, dietary preferences, allergens, cuisines, budget. You provide this; you may decline, but features depend on it.
- Pantry photographs: images you upload for AI analysis. Images are processed by Google Gemini Vision and discarded after extraction; we retain only the structured item list.
- Meal-plan + recipe activity: recipes you save, meal plans you create, shopping lists you generate.
- Subscription + billing: handled by Stripe Inc.; we never store card details on our servers.
- Technical data: IP address, user-agent, timestamps, server-side request logs. No advertising trackers.
2. Why we collect it (APP 3, APP 6)
We collect personal information only for purposes reasonably necessary to: (a) operate the Service; (b) personalise recipes, meal plans, and pantry analysis; (c) bill subscriptions; (d) send transactional emails; (e) diagnose errors and improve reliability; (f) meet our legal obligations.
3. Anonymity + pseudonymity (APP 2)
Public pages (this Privacy Policy, the Terms of Service, the homepage, and the sign-in / sign-up flows) do not require an account. Beyond that, the Service’s personalisation features require an authenticated identity; we do not currently support a pseudonymous mode.
4. Disclosure to third parties (APP 6, APP 8)
We disclose personal information only to the providers below, each under contract. This list reflects integrations that are currently live — when new integrations are introduced we will update this section and notify account holders by email.
| Provider | Purpose | Region |
|---|---|---|
| Clerk Inc. | Authentication | United States |
| Neon Inc. | Database hosting | Sydney, Australia (ap-southeast-2) |
| Stripe Inc. | Subscription billing | United States / Australia |
| Google LLC (Gemini) | AI image + text generation | United States |
| Resend Inc. | Transactional email delivery | United States |
| Inngest Inc. | Background job orchestration (event payloads) | United States |
| Spoonacular | Recipe data source (sends recipe queries only — no personal information) | United States |
| Vercel + Railway + Fly.io + Cloudflare | Application hosting + CDN | Multi-region (Sydney primary) |
Cross-border disclosure (APP 8): by using the Service you consent to the disclosure of your personal information to the overseas recipients listed above for the purposes described.
5. Direct marketing (APP 7)
We do not send marketing email by default. If we introduce a newsletter, it will be opt-in only and every message will carry a one-click unsubscribe link.
6. Data quality + correction (APP 10, APP 13)
You can correct your account name, email, household and dietary information at any time from your account settings. For corrections you cannot make yourself, contact us at privacy@nutri-chef.org.
7. Security (APP 11)
- All connections use TLS 1.2 or higher.
- Database access is restricted to schema-scoped roles per microservice.
- Secrets are stored in a managed secrets vault (Doppler) with access controls.
- Stripe and Clerk webhooks are signature-verified before processing.
- Pantry images are not retained after analysis.
8. Access (APP 12) + retention
You may request a copy of all personal information we hold about you by emailing privacy@nutri-chef.org. We aim to respond within 30 days at no cost (we may charge for repeated or unreasonable requests, as permitted by the Act). Deleting your account removes your personal information from our active databases within 30 days, except where retention is required by law (e.g. financial records).
9. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will delete it.
10. Changes to this policy (APP 1)
We may revise this policy from time to time. Material changes will be notified by email to the address on your account at least 14 days before they take effect. The current version is always available at this URL.
11. Complaints + OAIC
If you believe we have breached the APPs, contact us first at privacy@nutri-chef.org and we will respond within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Web: www.oaic.gov.au
- Phone: 1300 363 992
Contact: privacy@nutri-chef.org · See also Terms of Service.