Privacy Policy

When you create an account:

• Full name
• Email address
• Phone number
• Physical street address (street, city, ZIP)
• Password (stored in hashed form; we never see your plaintext password)

When you place an order (as a Customer):

• Order contents and special instructions
• Delivery address (if applicable)
• Tip amount
• Payment information processed by Stripe (we do not store full card numbers — see Section 4)

When you apply to be a Cook:

• Business name and bio
• MEHKO permit number and enforcement agency
• Cuisine types and meal listings
• Service area ZIPs and fulfillment preferences
• Stripe Connect onboarding information (processed by Stripe)
• Photos of yourself and your meals

When you communicate with us:

• Email content sent to platesend@gmail.com
• Reviews, ratings, and comments you post about Cooks
• Customer support requests

• Device and usage information: browser type, operating system, IP address, pages viewed, timestamps, referring URLs
• Cookies and similar technologies: session tokens for authentication; we do not currently use third-party advertising or tracking cookies
• Approximate location: derived from IP address or ZIP code you enter; we do not collect precise GPS location

• Stripe: payment confirmation, payout status, identity-verification status for Cooks (we do not receive or store full Social Security numbers, bank account numbers, or government ID images — Stripe holds those directly)
• Telnyx: SMS delivery status for messages we send to you about orders
• Supabase (our database provider): session and authentication data

When you place an order, the Cook receives your first name, last name initial, and (after the Cook accepts) your phone number for delivery coordination. If you select pickup, you receive the Cook's full address. If you select delivery, the Cook receives your delivery address. Order contents and special instructions are shared with the Cook.

We share information with vendors who perform services on our behalf:

• Stripe — payment processing and Cook payouts
• Telnyx — SMS delivery for order notifications
• Resend — transactional email delivery
• Supabase — database, authentication, and file storage
• Vercel — application hosting and deployment
• Netlify — marketing landing page hosting
• OpenStreetMap / Nominatim — geocoding ZIP codes and addresses for map display (we do not transmit user-identifying information; only the ZIP code or street address being geocoded)

These providers are contractually required to use information only for the services they perform for us.

We may disclose information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, including IFSI reporting requirements
• Protect the safety of users, the public, or PlateSend
• Investigate suspected fraud, abuse, or violations of our Terms of Service
• Cooperate with law enforcement, regulatory authorities (including the LA County Department of Public Health), or other lawful requests

If PlateSend is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction. You will be notified before your information becomes subject to a different privacy policy.

We may share aggregated or de-identified information (such as platform usage statistics) that cannot reasonably be used to identify you.

You may access, update, or correct most of your personal information through your account profile page at any time.

If you are a California resident, you have the following rights regarding your personal information:

• Right to Know — what categories of personal information we collect, the sources, the business purposes, and the categories of third parties with whom we share it
• Right to Access — a copy of the specific personal information we have collected about you
• Right to Delete — request that we delete personal information we have collected, subject to certain exceptions (e.g., fraud prevention, legal obligations)
• Right to Correct — request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing — PlateSend does not sell or share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information — you may request that we limit our use of any sensitive personal information to that which is necessary to provide the Service
• Right to Non-Discrimination — we will not discriminate against you for exercising these rights

To exercise any of these rights, email platesend@gmail.com with the subject line "California Privacy Request" and include enough information for us to verify your identity (typically the email and phone number associated with your account). We respond within 45 days.

Over the past 12 months, we have collected the following categories of personal information:

• Identifiers: name, email, phone, address, IP address, account ID
• Customer records information: the same identifiers tied to your account
• Commercial information: order history, payment status, reviews
• Internet activity: pages viewed, timestamps, device information
• Geolocation data: approximate location derived from IP and ZIP
• Inferences: preferences derived from order history (e.g., favorite cuisines)

We do not collect biometric, sensory, professional/employment-related, or education information. We do not knowingly collect personal information from individuals under age 18.

You may stop receiving SMS notifications by replying STOP to any message. This may impair our ability to notify you of important order events.

You may opt out of non-transactional emails using the unsubscribe link in any such email. Transactional emails (order confirmations, refund notices, etc.) cannot be opted out of without closing your account.

You may request account deletion by emailing platesend@gmail.com with the subject line "Delete My Account." We will delete your account and associated personal information within 30 days, except information we are legally required to retain (such as tax records and IFSI compliance documentation, retained for 7 years).