What we collect. And what we don't.

This Privacy Policy describes how Servd LLC (“SERVD,” “we,” or “us”) collects, uses, shares, and protects personal information when you use servdchefs.com and our related services (the “Platform”).

We aim to collect only what we need to operate the Platform — run bookings, process payments, send transactional emails, prevent fraud, and improve the product. We don’t sell your personal information to advertisers, and we don’t track you across the internet.

Information you provide directly:

• Account information — name, email, password (hashed by Clerk; we never see it), phone number, and profile preferences.
• Booking information — service address, party size, dietary needs and allergens for each guest, event date and time, optional notes to the Chef.
• Payment information — your card or bank account, collected and stored by Stripe. SERVD does not see or store your full card number.
• Identity information (Chefs) — government ID, Social Security number (for background checks via Checkr), business name, EIN, ServSafe certificate, and insurance documentation.
• Communications — messages you send to other users through the Platform, support emails, and reviews you post.

Information we collect automatically:

• Device and usage data — IP address, browser type, operating system, the pages you visit, the actions you take, and timestamps. Collected to operate the Platform and detect fraud.
• Cookies — strictly necessary only. See /cookies for the full list and what each one does.

We use your information to:

• Create and operate your account.
• Process bookings, match Diners with Chefs, hold deposits in escrow, and release Chef payouts.
• Verify Chef identities, run background checks, and confirm insurance + food handler credentials.
• Send transactional email and SMS (booking confirmations, policy changes, security alerts).
• Provide customer support and resolve disputes.
• Detect, investigate, and prevent fraud or abuse.
• Comply with legal obligations (tax reporting, lawful requests, court orders).
• Improve the Platform — diagnose bugs, monitor performance, and develop new features. Where we look at usage patterns, we use aggregate or anonymized data wherever possible.

We may send occasional non-marketing announcements (a major product change, a new city launch). You can opt out of those without losing transactional emails by writing privacy@servdchefs.com.

We use a small number of trusted vendors to operate the Platform. Each one has a data processing agreement with us, processes only the data we send them, and uses it only for the purpose listed below.

• Stripe — payment processing, escrowed deposits, Connect payouts to Chefs.
• Clerk — authentication, password storage, session management.
• Supabase — primary database hosting (your account, booking history, messages). Encrypted at rest.
• Vercel — web application hosting and content delivery.
• Resend — transactional email delivery.
• Twilio — transactional SMS delivery and phone-number verification.
• Plaid — bank account verification for ACH payments (Diners) and Stripe Connect onboarding (Chefs).
• Checkr — background checks for Chef applicants.
• Thimble / Next Insurance — insurance verification for Chefs.

We publish updates to this list within 30 days of adding or changing a sub-processor.

We share information only in the limited circumstances below. We do not sell personal information to advertisers and we do not share it with data brokers.

• With other users to facilitate the booking. Diners and their Chefs see each other’s first name, profile photo, contact phone, and the service address. Chefs see dietary information for each guest.
• With our service providers as described in Section 04.
• For legal reasons. We may disclose information when required by a subpoena, court order, or applicable law, or when we believe disclosure is necessary to protect the rights, safety, or property of any user or the public.
• In a business transfer. If SERVD is acquired or merges with another company, we may transfer information as part of that transaction. We’ll notify you in advance and give you the option to delete your account first.
• With your consent for anything else.

Regardless of where you live, you can do the following directly from your account settings or by emailing privacy@servdchefs.com:

• Access — request a copy of the personal information we hold about you.
• Correct — update or fix inaccurate information.
• Delete — close your account and request deletion of your personal information. We may retain certain records (completed bookings, tax records) where the law requires.
• Export — receive a machine-readable copy of your data.

California residents: the California Consumer Privacy Act gives you additional rights, including the right to know what personal information we’ve collected, the right to delete, the right to correct, and the right to opt out of “sale” or “sharing” of personal information. SERVD does not sell or share personal information as those terms are defined under the CCPA.

European Economic Area and UK residents: SERVD does not currently operate in the EEA or UK. If you reach the Platform from one of those jurisdictions, please don’t submit personal information; we cannot guarantee GDPR-grade handling at this time.

We respond to verifiable requests within 30 days.

We keep your personal information for as long as your account is active, plus the periods below:

• Account deletion: within 30 days of your request, we delete your account and most personal information.
• Completed bookings: retained for 7 years for tax, accounting, and dispute resolution purposes.
• Background check records (Chefs): retained as required by the Fair Credit Reporting Act and Checkr’s retention policy.
• Payment records (Stripe): retained per Stripe’s policies for financial regulatory compliance.
• Aggregate / anonymized data: retained indefinitely for product improvement.

We use technical and organizational measures designed to protect your personal information from unauthorized access, alteration, and disclosure:

• Data in transit is encrypted via TLS.
• Data at rest in our primary database is encrypted at the storage layer.
• Payment data is processed and stored by Stripe (PCI-DSS Level 1 certified). SERVD never sees full card numbers.
• Authentication is handled by Clerk (SOC 2 Type II) with password hashing, optional MFA, and session management we don’t roll ourselves.
• Access to production systems is limited to staff who need it, with logging and review.

No system is perfectly secure. If you believe your account has been compromised, write security@servdchefs.com immediately.

The Platform is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a child under 18, we delete it promptly.

We may update this Privacy Policy from time to time. For material changes, we’ll email you and post a notice at the top of this page at least 30 days before the change takes effect. The “Effective” and “Last updated” dates above will always reflect the version currently in force.

Privacy questions, data requests, or anything else covered in this policy:

privacy@servdchefs.com

For general support, use /contact.