Privacy Policy

Version 1.0 — Effective May 17, 2026
Compliance: CAN-SPAM, CCPA, applicable state privacy laws

1. Overview

myrecipecard.kitchen ("we," "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share personal information when you use our Cook's Card generator and food cost analytics platform.

2. Information We Collect

2.1 Free Cook's Card Users

Data Type	Purpose	Required?
Name	Card personalization, lead identification	Yes
Email	Card delivery, rate limiting, email sequence	Yes
Cuisine type	Service customization, segmentation	Yes
Recipe data (name, portions, ingredients, instructions, notes)	Cook's Card generation	Recipe name required; others optional

2.2 Paid Subscribers

Data Type	Purpose	Required?
All free-tier data	Carried forward from signup	Yes
Business name & address	Service configuration, invoicing	Yes
Payment information	Subscription billing (processed by Stripe — we never see your full card number)	Yes
POS data exports	Food cost analysis, contribution margin ranking, menu engineering	Yes
Phone number	Account support, walkthrough scheduling	Optional

2.3 Automatically Collected

Data Type	Purpose
IP address	Rate limiting, security
Browser/device type	Site compatibility
Page views	Analytics (PostHog, self-hosted)
Email open/click rates	Email sequence optimization

2.4 What We Do NOT Collect

• Social Security numbers or tax IDs
• Personal financial information (bank accounts, personal credit cards)
• Employee personal data (we analyze menu items, not staff)
• Location/GPS data
• Biometric data
• Data from minors under 18

3. How We Use Your Information

Use Case	Data Used	Legal Basis
Generate Cook's Cards	Recipe data, email	Service delivery
Deliver food cost reports	POS data, business info	Contract performance
Send email sequence	Email, name, cuisine	Consent (opt-in at signup)
Process payments	Payment info via Stripe	Contract performance
Rate limiting	Email, IP address	Legitimate interest (abuse prevention)
Improve the Service	Aggregated, anonymized usage data	Legitimate interest
Respond to support requests	Account/contact data	Contract performance

4. Data Sharing

We do NOT sell, rent, or trade your personal information. Period.

We share data only with:

Third Party	Purpose	Data Shared
Stripe	Payment processing	Name, email, payment method (PCI-DSS compliant)
Resend	Email delivery	Email address, name
PostHog (self-hosted)	Analytics	Anonymized usage events

We will disclose information if required by law, court order, or to protect our rights.

5. POS Data — Special Protections

Your POS data (sales mix, item counts, revenue figures) is the most sensitive data we handle:

• Confidentiality: Your POS data is used exclusively for YOUR analysis. Never shared with other restaurants, competitors, or third parties.
• No aggregation: We do not pool your data with other restaurants for benchmarks without explicit written consent.
• Encryption: POS data is encrypted in transit (TLS/HTTPS) and at rest.
• Access control: Only Joe Hertel and authorized analysts access your data.
• Deletion: POS data is permanently deleted 90 days after subscription cancellation, or immediately upon written request.

6. Data Retention

Data Type	Retention Period
Free-tier lead data (name, email)	Until unsubscribe + 30 days
Cook's Cards generated	1 year; your downloaded copies are yours forever
POS data (paid subscribers)	Duration of subscription + 90 days
Financial reports generated	Duration of subscription + 90 days
Payment records	As required by tax law (typically 7 years)
Email engagement data	1 year

7. Your Rights

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (we comply within 30 days, subject to legal retention requirements)
• Unsubscribe: One-click unsubscribe from all marketing emails at any time
• Data portability: Receive your data in a standard format (CSV/JSON)
• Opt out of analytics: Contact us to opt out of PostHog tracking

To exercise any right, email joe@myrecipecard.kitchen with "Privacy Request" in the subject line. We respond within 30 days.

California residents (CCPA): You have additional rights under the California Consumer Privacy Act, including the right to know what data is collected and the right to opt out of data sales. We do not sell personal information.

8. Cookies & Tracking

• Essential cookies: Session management only
• Analytics: PostHog (self-hosted, no third-party tracking pixels)
• No advertising cookies. No Facebook pixel. No Google Ads tracking.
• No cross-site tracking.

9. Email Communications (CAN-SPAM)

When you subscribe to our newsletter or submit the Cook's Card form, you will receive email communications. Every email includes:

• Clear identification as from myrecipecard.kitchen
• Our physical mailing address
• Unsubscribe mechanism
• No deceptive subject lines

We honor unsubscribe requests within 2 business days.

10. Security

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for POS data at rest
• Input sanitization and XSS prevention on all form fields
• Rate limiting to prevent abuse
• Regular security reviews

No system is 100% secure. If we discover a breach affecting your data, we will notify you via email within 72 hours.

11. Children's Privacy

myrecipecard.kitchen is not directed at individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect.

13. Contact

Privacy questions or data requests:

• Email: joe@myrecipecard.kitchen (subject: "Privacy Request")
• Address: Lancaster, NH 03584