Privacy Policy

1. Data we collect

Data you give us. Email address (newsletter sign-up), and any free-text you send via contact forms or correction emails.

Data collected automatically. IP address (truncated before storage), user-agent string, referring URL, pages viewed, approximate region (country and sub-region only, never street-level).

Cookies and similar technologies. Necessary cookies for session continuity and remembering your consent choice. With consent, anonymous analytics cookies and audience measurement cookies (see the Cookie Policy for the full table).

2. Legal basis for processing (GDPR Art. 6)

Art. 6(1)(a), Consent. Newsletter subscription. Non-essential cookies (analytics, audience measurement) load only after you opt-in via the cookie banner.

Art. 6(1)(b), Contract. Delivering the newsletter you subscribed to and responding to your direct correspondence.

Art. 6(1)(f), Legitimate interest. Site security, fraud prevention, aggregate traffic analytics where we rely on consent-free, privacy-preserving measurement. We have completed a legitimate-interest assessment and balanced our interest against your rights.

3. Purposes of processing

Delivering the site and the newsletter you signed up for.

Understanding which recipes are useful and which are not, in aggregate.

Responding to your correction tips, dietitian-review questions, and editorial correspondence.

Detecting abuse, scraping, and fraud.

Complying with legal obligations.

4. Retention

Newsletter subscribers, retained until you unsubscribe, plus a 30-day suppression record so we don't accidentally re-add you.

Aggregate analytics, raw event logs deleted within 90 days; anonymized aggregate reports kept indefinitely.

Correspondence, up to 3 years from last contact, then deleted unless we have a legal obligation to retain longer.

Cookie consent record, 13 months from your last choice (then we re-prompt).

5. Recipients and processors

We use the following processors. Each operates under a Data Processing Agreement and provides EU-adequate safeguards:

Vercel Inc. (US), hosting and CDN delivery.

Beehiiv (US), newsletter delivery (only if you subscribe).

Supabase (EU/US), image and asset storage.

Cloudflare (US), DDoS mitigation and edge caching.

We do not sell, rent, or trade personal data. We do not use your data to train AI models.

6. International transfers

Some of our processors are based in the United States. Where personal data leaves the EU/UK, transfers rely on Standard Contractual Clauses (SCCs) under Commission Implementing Decision (EU) 2021/914, supplemented where applicable by the EU–US Data Privacy Framework.

7. Your rights (GDPR Art. 15–22)

Subject to the conditions in the law, you have the right to:

Access (Art. 15), obtain a copy of the personal data we hold about you.

Rectification (Art. 16), correct inaccurate data.

Erasure (Art. 17), ask us to delete your data.

Restriction (Art. 18), limit how we process your data.

Portability (Art. 20), receive your data in a machine-readable format.

Object (Art. 21), object to processing based on legitimate interest.

Withdraw consent (Art. 7(3)), withdraw consent at any time, without affecting prior lawful processing. Withdrawing newsletter consent: click the unsubscribe link in any email. Withdrawing cookie consent: click “Cookie preferences” in the footer and pick Reject.

To exercise any of these rights, email privacy@thatcleanchef.com. We respond within one month (extendable by two months for complex requests, with notice).

8. Right to lodge a complaint

If you believe our processing infringes data protection law, you may lodge a complaint with your national Data Protection Authority. Examples:

Germany, Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

France, Commission nationale de l'informatique et des libertés (CNIL).

Italy, Garante per la protezione dei dati personali.

Spain, Agencia Española de Protección de Datos (AEPD).

Netherlands, Autoriteit Persoonsgegevens (AP).

Poland, Prezes Urzędu Ochrony Danych Osobowych (UODO).

Sweden, Integritetsskyddsmyndigheten (IMY).

Portugal, Comissão Nacional de Proteção de Dados (CNPD).

Other EU/EEA Member States have equivalent supervisory authorities listed at edpb.europa.eu.

9. Cookies summary

ThatCleanChef uses a small number of cookies:

Necessary, session continuity and remembering your consent choice. Always loaded.

Analytics, anonymized page-view counts (only with consent).

Audience measurement, newsletter referral attribution and aggregate audience reports (only with consent).

We do not use third-party advertising cookies. See the full Cookie Policy at /cookies.

10. Children

ThatCleanChef is not directed at children under 16. We do not knowingly collect data from children. If we learn we have, we delete it.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be highlighted on this page with a new “Last updated” date. Continued use of the site after a change constitutes acknowledgement.

12. Contact

Privacy questions: privacy@thatcleanchef.com.

General: hello@thatcleanchef.com.

Postal address: see the Impressum at /impressum.