Famishly ("Famishly," "we," "us," or "our") operates the famishly.com website and related services (collectively, the "Service"), a marketplace that connects buyers with independent home cooks ("Cooks"). This Privacy Policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and the choices you have.

Famishly is operated from Canada and complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). For users in the European Economic Area, United Kingdom, or Switzerland we additionally honor the General Data Protection Regulation (GDPR). For California residents we additionally honor the California Consumer Privacy Act (CCPA/CPRA). By using Famishly you consent to the data practices described in this Policy.

1. Information We Collect

a. Information you give us directly

Account information: full name, username, email address, password (stored hashed, never in plain text), phone number, and role (buyer or Cook).
Cook profile information: shop name, bio, profile and food photographs, dish listings, prices, dietary tags, kitchen address (for pickup), and any cottage-food or food-handling certifications you choose to upload.
Buyer profile information: delivery address(es), dietary preferences, and saved favourite cooks.
Order information: the items you order or sell, order history, special instructions, scheduled pickup/delivery times, and order status, including the escrow status of the order (for example, whether the funds are held, the pickup is confirmed, or the payout has been released).
Messages: the contents of messages exchanged between buyers and Cooks through our in-app messaging. We store these so the conversation persists across sessions and so we can investigate disputes or abuse reports.
Payment and escrow information: we do not store full credit card or bank account numbers. Payments are processed by Stripe, Inc. (and Stripe Connect for Cook payouts). Stripe collects card and bank data directly; we receive only a tokenized reference, the last four digits of the card, card brand, and billing postal code. Because we hold order funds in escrow and release them to the Cook on confirmed pickup or by automatic release, we also keep payment and money-movement records for each order - the amounts charged, the platform and charity fees, the Stripe processing fee, the Cook payout, the timing of the hold and release, refunds, reversals, and the related Stripe charge, transfer, and payout identifiers. We keep these so we can administer escrow, process refunds, reconcile our accounts, and answer questions about an order. See Section 1(d) on payment and dispute records.
Pickup confirmations and review photos: when you confirm pickup of an order or leave a review, we record that confirmation (and its timestamp) and store any photos and text you choose to submit with a review or with a problem report. Review photos and text may be shown publicly on the Cook's profile and listings; photos submitted as part of a problem report are not made public and are used to administer the dispute.
Identity / KYC for Cooks: if you sell on Famishly, Stripe collects the legal name, date of birth, address, and government identification needed to comply with anti-money-laundering regulations. We receive a pass/fail verification status from Stripe but not the underlying ID document.
Support correspondence: if you call or email support, we keep a record of the conversation.

b. Information collected automatically

Device and usage data: IP address, browser type, operating system, referring/exit pages, pages viewed, and timestamps.
Cookies and similar technologies: session cookies to keep you logged in, preference cookies (theme, language), and analytics cookies. You can disable cookies in your browser, but parts of the Service will stop working.
Approximate location: derived from your IP address or, with your permission, your device, so we can show Cooks near you.

c. Information from third parties

Sign-in providers: if you sign in with Google, we receive your name, email, and profile picture from Google.
Payment processor: Stripe shares transaction status, payout and transfer status, refund and chargeback (card dispute) notifications, and risk signals with us.
Communications providers: Twilio (SMS) and Resend (email) may share delivery status of messages we send you.

d. Payment, dispute, and escrow records

Because Famishly holds order funds and releases them to Cooks, and because we administer Buyer problem reports, we keep records about money and disputes for each order. These include:

Money-movement records: a log of each charge, hold, release, refund, transfer reversal, and payout for an order, with amounts, the fee breakdown (platform fee, charity contribution, Stripe processing fee, Cook payout), timestamps, and the related Stripe identifiers, kept so the flow of funds is auditable and reconcilable.
Dispute records: if you report a problem with an order, we keep the reason you selected, any description and photos you submit, the Cook's response, the outcome (for example, release to the Cook, full refund, or partial refund), and who decided it, so we can administer the dispute and detect patterns of abuse.
Chargeback records: if a card dispute is raised with a bank or card issuer, we keep the information Stripe provides about it and any evidence we submit (which may include the pickup-confirmation timestamp and any order photos).
Cook risk records: for Cooks, we keep counts of upheld disputes and chargebacks and any payout holds or reserves applied, so we can protect Buyers and honest Cooks.

2. How We Use Your Information

To create and maintain your account and authenticate you.
To match buyers with nearby Cooks and process orders.
To process payments, hold order funds in escrow and release them to Cooks on confirmed pickup or by automatic release, and to process payouts, refunds, transfer reversals, and chargebacks via Stripe.
To administer Buyer problem reports and disputes, decide their outcome, and keep an auditable record of how each order's funds moved.
To display reviews and review photos you choose to submit, and to send order and review prompts.
To deliver in-app messages, order updates, receipts, and support replies.
To detect and prevent fraud, abuse, and violations of our Terms of Service, including applying payout holds or reserves to Cooks with a pattern of upheld disputes or chargebacks.
To improve the Service, including aggregate analytics and A/B testing.
To comply with legal obligations (tax reporting, lawful requests from authorities, court orders).
To send marketing or product-update emails - only if you have opted in, and you can unsubscribe at any time.

3. How We Share Your Information

We do not sell your personal information. We share it only in the limited cases below:

With the other party in a transaction: when you place an order, your first name, delivery or pickup address, phone number, and order details are shared with the Cook. When you sell an order, your shop name, public profile, and the order details are shared with the buyer. The full content of buyer/seller messages is visible to both parties. Pickup-confirmation status and the substance of a problem report are shared with the other party as needed to administer the order and any dispute (we do not, however, reveal a Buyer's contact details to a Cook beyond what is needed to complete the order). Reviews and review photos you submit may be displayed publicly.
With service providers who process data on our behalf under contract: Stripe (payments), Supabase (database and authentication hosting), Vercel (web hosting), Resend (transactional email), Twilio (SMS), Google (OAuth sign-in), and analytics providers.
For legal reasons: when required by law, subpoena, court order, or to protect the rights, property, or safety of Famishly, our users, or the public.
In a business transfer: if Famishly is acquired, merged, or sells substantially all of its assets, user data may be transferred to the successor subject to this Policy.
With your consent: in any other case where you direct us to share.

4. Data Retention

Account, profile, and order data: kept for as long as your account is active, plus up to seven (7) years afterward to satisfy tax, accounting, and dispute-resolution obligations.
Payment, escrow, dispute, and chargeback records: kept for as long as your account is active, plus up to seven (7) years afterward, to meet tax, accounting, anti-fraud, and dispute-resolution obligations and to defend or resolve card disputes and legal claims.
Review content and photos: kept while the review is published; if you delete a review or close your account, associated photos are removed or anonymized in line with the message-retention practice below, except where a copy is needed for a pending dispute.
Messages between buyers and Cooks: kept for the life of the account, then deleted or anonymized within 90 days of account closure unless retention is required for a pending dispute or legal claim.
Server logs and analytics: typically 13 months.
Marketing preferences and unsubscribe records: kept indefinitely so we can honor your opt-out.

5. Your Rights and Choices

Depending on where you live, you may have the right to:

Access the personal information we hold about you.
Correct information that is inaccurate or out of date.
Delete your account and personal information (subject to retention obligations above).
Export a copy of your data in a portable format.
Object to or restrict certain processing (GDPR).
Withdraw consent at any time where processing is based on consent.
Opt out of the "sale" or "sharing" of personal information (CCPA). Famishly does not sell personal information, but you may still submit a request to confirm.
Lodge a complaint with your local data-protection authority (e.g., the Office of the Privacy Commissioner of Canada, or your EU member state DPA).

To exercise any of these rights, email privacy@famishly.com or call +1 (780) 935-8664. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

6. Security

We use industry-standard safeguards including TLS in transit, encryption at rest for sensitive fields, hashed passwords (bcrypt), least-privilege database access, and audit logging. However, no method of transmission or storage is 100% secure. You are responsible for keeping your password confidential and notifying us immediately at security@famishly.com if you suspect unauthorized access to your account.

7. International Transfers

Famishly is headquartered in Canada and uses service providers located in the United States and the European Union. By using the Service you consent to the transfer, processing, and storage of your information in those countries, which may have data-protection laws different from those of your home country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

8. Children

Famishly is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date above and, for material changes, notify you by email or an in-app notice at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

10. Contact

Famishly Inc. - Privacy Office
Email: privacy@famishly.com
Phone: +1 (780) 935-8664