Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes how Collaborative Kitchens Management Services LLC (“we”, “us”, “Collaborative Kitchens AI”) collects, uses, and protects information you provide when you use our catering management platform at collaborativekitchens.ai (the “Service”).

1. Information We Collect

We collect information you provide directly to us when you:

• Create an account (name, email, company name, phone number, address)
• Enter data about your business (events, clients, menus, recipes, inventory, vendors, staff, documents)
• Subscribe to a paid plan (billing details handled by Stripe — we never see full card numbers)
• Contact our support team (conversation content)
• Use our AI assistants (prompts and conversation history, stored for context continuity)

We also automatically collect usage data: pages visited, features used, IP address, browser type, and similar technical information. This helps us improve the Service.

2. How We Use Your Information

• To provide and operate the Service
• To process billing and manage subscriptions (via Stripe)
• To send transactional emails (receipts, event reminders, account notifications)
• To answer support questions
• To train internal AI models only on aggregated, anonymized data — never on identifiable customer content
• To comply with legal obligations

3. Who We Share Information With

We do not sell your personal data. We share information only with service providers strictly necessary to operate the Service:

• Stripe — payment processing
• Clerk — authentication
• Supabase — database hosting
• Vercel — web hosting and edge delivery
• Resend — transactional email delivery
• Anthropic (Claude)— AI model inference (your prompts may be sent to Anthropic to generate responses, per Anthropic’s data processing terms)

We may also disclose information if required by law, subpoena, or to protect our rights, users, or the public.

4. Google API Services — Limited Use disclosure

Collaborative Kitchens AI’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access:

• Google Calendar (calendar.events scope) — when you connect your Google Calendar in Settings → Integrations, we use this scope to create, update, and delete calendar events that correspond to confirmed catering bookings inside your Collaborative Kitchens AI account. We never read unrelated events from your calendar.
• Profile (email, openid) — used solely to display which Google account you connected and to refresh access tokens.

How we use Google data — and what we don’t do:

• We use Google user data only to provide and improve the calendar-sync feature you opted into.
• We do not use Google user data for advertising, targeting, or re-selling to third parties.
• We do not use Google user data to train, fine-tune, or evaluate AI models — including our own internal models or third-party AI providers (Anthropic Claude).
• We do notread Google user data unless it’s required to operate the connected feature, and only humans on our security/support team with explicit user permission may view such data when investigating a bug or security issue.

Where Google data is stored and how it’s protected:

• Access and refresh tokens are stored in our database (Supabase, US region), encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Tokens are scoped to a single organisation row and protected by row-level security — no other customer can access your tokens.
• We never store Google user passwords. Authentication is handled entirely by Google’s OAuth 2.0 servers.

How to revoke access:

• From inside Collaborative Kitchens AI: Settings → Integrations → Disconnect.
• From Google: visit myaccount.google.com/permissions and remove Collaborative Kitchens AI.
• On disconnect we revoke tokens via the Google revoke endpoint and mark your integration row as “revoked”. We do not delete previously synced calendar entries from your Google Calendar — you can remove them manually.

5. Data Retention

We keep your account data for as long as your account is active. When you cancel, your data is retained for 90 days in case you re-activate, then permanently deleted. You can request immediate deletion by emailing us.

6. Security

We use industry-standard encryption (TLS in transit, AES-256 at rest), row-level security in our database, and role-based access controls. No system is 100% secure, but we take reasonable measures to protect your information.

7. Your Rights

Depending on where you live, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Export your data in a portable format
• Opt out of marketing emails (transactional emails are required to operate the Service)

To exercise any of these rights, email collaborativekitchenshelp@gmail.com. We respond within 30 days.

8. Cookies

We use cookies and similar technologies to keep you signed in, remember your preferences, and measure how the Service is used. You can disable cookies in your browser, but some features may not work.

9. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from children.

10. International Transfers

Our servers are based in the United States. If you access the Service from outside the US, your data will be transferred to, stored, and processed in the US.

11. Changes to this Policy

We may update this policy as we grow. We’ll notify you by email at least 30 days before any material change takes effect.

12. Contact

Collaborative Kitchens Management Services LLC
1421 Ashby Ave
Berkeley, CA 94702
Email: collaborativekitchenshelp@gmail.com