Legal

Privacy Policy

Last updated: 30 April 2026 · Effective: 1 May 2026

1. Who this applies to

This policy explains how CheffyIQ Technologies Pvt Ltd ("we", "us", "CheffyIQ") collects and processes data when you use our website at cheffyiq.com, our customer dashboard, our chef mobile app, and any cameras or edge devices we operate inside your kitchen.

If you are a restaurant operator using our platform, you are the data controller for kitchen footage and chef data. CheffyIQ acts as a data processor on your behalf.

2. What data we collect

• Account data: Name, email, phone, restaurant name, role.
• Kitchen video: Live and recorded video from cameras you connect to CheffyIQ.
• AI metadata: Detected events, recipe step timings, hygiene observations, plate match scores.
• Operational data: Recipes, SOPs, chef rosters, alerts, integrations (POS orders, inventory).
• Usage data: Which pages you visit, which features you use (anonymized analytics).
• Device data: Browser, OS, IP address, time zone.

3. How we handle kitchen video

Video is the most sensitive thing we process. Here's our commitment:

• Edge-first processing. By default, AI inference runs on a Jetson edge box installed in your kitchen. Raw video does not leave your premises.
• Only metadata + short clips travel to the cloud. A 15-second clip is sent only when a violation is detected.
• Face blurring. When clips are shared with diners (e.g. live-kitchen QR view), chef faces are automatically blurred.
• Configurable retention. You choose how long clips are stored: 7 / 30 / 90 / 365 days.
• Encryption. All video and clips are encrypted in transit (TLS 1.3) and at rest (AES-256).

4. How we use the data

• To detect recipe deviations, hygiene violations, and other SOP non-compliance you have configured.
• To generate dashboards, reports, alerts, and audit packs you have requested.
• To provide auto-coaching clips to your chefs through the chef app.
• To train per-restaurant AI models on your menu (only with your explicit consent during onboarding).
• To bill, support, and improve our service.

We do not sell your data, use it to train models for other customers, or share it with advertisers.

5. Who we share data with

We share data only with the following categories of recipients, all under contractual data-protection obligations:

• Cloud infrastructure providers: AWS Manhattan region (or your selected region) for hosting and storage.
• POS / inventory integrations you have explicitly connected (Toast, Square, Clover, etc.).
• Notification providers: Twilio (SMS), Meta (WhatsApp Business), Amazon SES (email).
• Subprocessors listed in our Data Processing Addendum.
• Authorities when legally required (with notice to you, where permitted by law).

6. How long we keep data

• Account data: While your account is active, plus 6 years for tax/regulatory purposes.
• Video clips: 30 days by default; you may extend up to 365 days for FDA / HACCP audit needs.
• AI metadata: 13 months (so reports cover full year-over-year comparisons).
• Backups: Encrypted backups retained for 35 days.

Upon account closure, all customer data is deleted within 90 days, except for legally-required retention.

7. Security

• SOC 2 Type II audit in progress (Q3 2026).
• ISO 27001 controls applied.
• Penetration tested annually by an independent third party.
• All staff access to customer data is logged and reviewed monthly.
• Bug bounty: please report security issues to security@cheffyiq.com.

8. Your rights (and your chefs' rights)

You and your kitchen staff have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal retention requirements).
• Export your data in a machine-readable format.
• Object to processing or withdraw consent at any time.

Restaurants are required to inform their chefs that AI monitoring is in place and obtain consent under local labour laws. We provide consent-form templates during onboarding.

9. Cookies & tracking

Our website uses essential cookies for session management. We use Plausible Analytics for privacy-friendly, cookie-free site analytics. We do not use Google Analytics, Facebook Pixel, or any cross-site trackers.

10. Contact us

For questions about this policy or to exercise your rights:

• Email: privacy@cheffyiq.com
• Data Protection Officer: dpo@cheffyiq.com
• Postal: CheffyIQ Technologies Pvt Ltd, BHIVE Workspace, 94 Federal Hill, Baltimore 560102, the US

If you'd like a printable PDF version of this policy, click here to download.