Privacy Policy

Effective as of February 2026. This policy describes how WhiskList collects, uses, and protects your information. It is intended to comply with the EU General Data Protection Regulation (GDPR) and UK GDPR where applicable.

1. Information We Collect

We collect information you provide when using WhiskList:

  • Account information: Email address, name, password (stored securely via our auth provider)
  • Kitchen/profile information: Kitchen name, description, contact details, address (for cooks)
  • Order information: Products ordered, quantities, delivery or pickup details, special instructions
  • Customer information: Name, email, phone (collected when you place orders or join a cook's list)
  • Payment information: Processed by Stripe; we do not store full payment card details
  • Communications: Messages and inquiries you send to us or through the platform

We also collect certain information automatically: IP address, browser type, device information, and usage data (e.g., pages visited, features used) to improve the platform and prevent abuse.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve WhiskList
  • Process orders and payments
  • Send transactional emails (order confirmations, cook date notifications)
  • Respond to your inquiries and provide support
  • Enforce our Terms of Service and prevent fraud or abuse
  • Analyze usage to improve the platform
  • Comply with legal obligations

Legal basis (GDPR/UK GDPR): We process your data where necessary for the performance of our contract with you, for our legitimate interests (e.g. security, platform improvement), with your consent where we ask for it (e.g. optional cookies), and to comply with legal obligations. Where we rely on legitimate interests, we ensure they are not overridden by your rights.

3. Sharing Your Information

We share information with:

  • Cooks: Order details (customer name, contact, items, special instructions) so they can fulfill orders
  • Customers: Cook kitchen information and order status as part of the ordering flow
  • Service providers: Supabase (auth and database), Stripe (payments), Resend (email) — they process data on our behalf under agreements that protect your data
  • Legal requirements: When required by law or to protect our rights, safety, or property

We do not sell your personal information. Some service providers may process data outside the European Economic Area or UK. Where we transfer data internationally, we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) are in place as required by applicable law.

4. Cookies and Similar Technologies

We use cookies and similar technologies for authentication and session management. Essential cookies are required for the platform to function; optional cookies are used only with your consent. For full details, including cookie types, purpose, and duration, see our Cookie Policy. You can change your preferences at any time via the "Cookie preferences" link in our site footer or through your browser settings.

5. Data Retention

We retain your information as long as your account is active or as needed to provide services and fulfill legal obligations. Order and transaction data may be retained for accounting and dispute-resolution purposes. When you delete your account, we delete or anonymize your data in accordance with our data retention practices.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability

To exercise these rights, contact us at support@whisklist.club. You can also update your account information in your settings. If you are in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection supervisory authority.

7. Security

We take reasonable measures to protect your information, including encryption in transit and at rest, secure authentication, and access controls. No method of transmission or storage is 100% secure; we encourage you to use strong passwords and protect your account credentials.

8. Children

WhiskList is not intended for users under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us and we will delete it.

9. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the platform. Continued use of WhiskList after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy or your data? Contact us at support@whisklist.club. See our Terms of Service for the legal terms governing use of WhiskList.