Privacy Policy

1.1 Chef Next Door Pty Ltd (ACN 696 915 518 / ABN 38 696 915 518) (we, us, our, or Chef Next Door) is committed to protecting the privacy of individuals who use our platform.

1.2 This Privacy Policy explains how we collect, use, disclose, store, and handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1.3 By using our platform, creating an account, or providing personal information to us, you acknowledge that you have read this Privacy Policy.

1.4 Chef Next Door operates as a marketplace facilitator only. We connect independent Chefs with Customers. We do not prepare, sell, or supply food.

2.1 From Customers:

2.2 From Chefs:

2.3 Information collected automatically: Technical and usage information such as IP address, browser type, device type, pages visited, and usage patterns for platform improvement and security purposes.

3.1 Under the Privacy Act 1988 (Cth), health-related information (including allergy and dietary information) is classified as sensitive information subject to additional protections.

3.2 We do not ask Customers to provide allergy or health information. The Order Notes field is a general-purpose free-text field. However, Customers may choose to include allergy, dietary, or health-related information voluntarily.

3.3 Incidental collection: If you include health-related information in your Order Notes, we treat this as incidental collection of sensitive information. By entering such information, you provide your explicit consent to us:

• (a)collecting that information; and
• (b)transmitting it to the relevant Chef for the sole purpose of order fulfilment.

3.4 Our role — data messenger/conduit only: Chef Next Door acts as a data conduit in relation to any health, allergy, or dietary information included in Order Notes. We pass it to the Chef as-is. We do not:

• (a)ask for, require, or solicit health information;
• (b)verify, assess, interpret, or act on allergy or dietary information;
• (c)provide medical, dietary, or nutritional advice;
• (d)guarantee that the Chef will read, understand, or comply with any request;
• (e)guarantee the accuracy of any allergen information provided by the Chef; or
• (f)operate as a health service provider.

3.5 Responsibility: The Chef is solely responsible for reviewing and acting on allergy or dietary information. You are responsible for independently verifying with the Chef that food is safe for you.

3.6 Retention and deletion:

• (a)Order Notes (which may contain allergy/dietary information) are retained for 90 days after order completion for dispute resolution and regulatory compliance purposes.
• (b)After 90 days, Order Notes are deleted or de-identified unless retention is required by law or for an active dispute or safety investigation.
• (c)Under their separate agreement, Chefs must not retain Customer health or allergy information longer than necessary for order fulfilment and any applicable dispute period.

3.7 Your choices: You are not required to enter any health or allergy information to place an order. If you prefer not to provide this information through the platform, you may contact the Chef directly.

4.1 We use personal information for:

• (a)Platform operation: facilitating Listings, orders, communication, and account management;
• (b)Payment facilitation: enabling Stripe split payments or recording direct payment arrangements;
• (c)Compliance: collecting and storing onboarding documents (ABN, FSS certificate);
• (d)Communication: responding to enquiries, sending order confirmations, policy notifications;
• (e)Dispute resolution: handling complaints, facilitating communication between parties;
• (f)Safety and integrity: detecting fraud, enforcing Terms, protecting users;
• (g)Legal obligations: complying with tax, regulatory, and reporting requirements;
• (h)Marketing: sending promotional communications (with consent, subject to opt-out); and
• (i)Platform improvement: analysing usage patterns using aggregated or de-identified data.

5.1 We may disclose personal information to:

• (a)Chefs: Customer order details (name, phone, address, Order Notes) shared with the relevant Chef for order fulfilment;
• (b)Stripe: Payment information for transaction processing (Stripe's privacy policy applies);
• (c)Supabase: Data stored on Supabase infrastructure (Supabase's security and privacy policies apply);
• (d)Analytics providers: Aggregated or de-identified usage data;
• (e)Professional advisers: Lawyers, accountants, or auditors where necessary;
• (f)Regulators and authorities: Where required by law or regulatory direction; and
• (g)Acquiring entity: If Chef Next Door is acquired or merged.

5.2 We do not sell personal information to third parties.

5.3 Overseas disclosure: Supabase and Stripe may store or process data in servers located outside Australia. By using the platform, you acknowledge this. We take reasonable steps to ensure overseas recipients handle information consistently with the APPs.

6.1 Platform data is hosted on Supabase, which implements its own security measures including encryption, access controls, and infrastructure monitoring.

6.2 Payment data is processed and stored by Stripe in accordance with PCI DSS standards. We do not store full card numbers on our systems.

6.3 Chef Next Door's responsibility for data security: We take reasonable steps to select reputable service providers. However:

• (a)the security of data stored on Supabase is primarily the responsibility of Supabase;
• (b)the security of payment data is primarily the responsibility of Stripe; and
• (c)no data transmission or storage system is completely secure — we cannot guarantee absolute security.

6.4 Chef Next Door is not liable for data breaches, outages, or data loss caused by the infrastructure or systems of Supabase, Stripe, or other third-party service providers, provided we have taken reasonable steps in selecting and managing those providers.

6.5 Additional security measures implemented by Chef Next Door include:

• Encrypted connections (SSL/TLS)
• Access controls and role-based permissions
• Regular review of third-party provider security practices
• Incident response procedures

7.1 We retain personal information only for as long as necessary or as required by law.

7.2 When information is no longer required, it will be securely deleted or de-identified.

8.1 We may send marketing communications where you have consented or where we have an existing relationship and the communication relates to similar services.

8.2 You may opt out at any time by:

• (a)clicking unsubscribe in any marketing email;
• (b)updating account preferences; or
• (c)contacting us at the details below.

8.3 Opt-out requests are processed within 5 Business Days. Opting out does not affect transactional communications.

9.1 You have the right to request access to or correction of the personal information we hold about you.

9.2 Contact us at the details in clause 13. We will respond within 30 days.

9.3 We may refuse access in limited circumstances permitted by the APPs and will provide written reasons if so.

10.1 The platform is not directed at children under 16. We do not knowingly collect information from children under 16.

11.1 If you believe we have breached the APPs, contact us at the details below.

11.2 We will acknowledge your complaint within 7 days and respond within 30 days.

11.3 If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

12.1 Material changes will be notified at least 14 days before taking effect. The "Last Updated" date indicates the current version.

Privacy Officer
Chef Next Door Pty Ltd
Email: info@chef-next-door.com.au