ChefCaveau
← Back to Home

Privacy Policy

Last updated: June 30, 2026

1. Introduction

Caveau Digital LLC, a Wyoming limited liability company with registered office at 30 N Gould St, Ste N, Sheridan, WY 82801, United States, operating the ChefCaveau brand ("ChefCaveau", "we", "us", "our"), is the Data Controller of personal data processed in connection with the ChefCaveau Dashboard application and website. This Privacy Policy explains how we collect, use, store, and protect your information.

We are committed to protecting your privacy and handling your data with transparency. By using ChefCaveau, you agree to the practices described in this policy.

2. What We Collect

ChefCaveau is designed with privacy at its core. The vast majority of your data never leaves your device.

2.1 Data stored locally on your device (we never access this):

  • Recipes, menus, banquet plans, and all culinary content you create
  • Ingredient lists, costs, allergen data, and photos
  • Staff roster data (Week Roster feature): staff names, roles, shift preferences, preferred off-days, and vacation dates you enter for your employees
  • Application preferences (language, theme, custom sections)
  • Backup files you export

This data is stored in your browser's local storage (IndexedDB and localStorage) and never transmitted to any server. We have no access to it.

2.1.1 Staff data in the Week Roster — your GDPR/data-protection responsibility:

If you use the Week Roster feature, you may enter personal data of third parties (your employees, such as names, shift preferences, and vacation dates). Because this data stays exclusively on your own device and is never transmitted to us, the following applies:

  • You act as the sole Data Controller of the staff personal data under GDPR, UK GDPR, UAE Federal Decree-Law No. 45 of 2021, or any equivalent data-protection law applicable in your jurisdiction.
  • ChefCaveau does not act as a Data Processor for staff data, because we do not receive, store, or access it.
  • You are solely responsible for informing your employees about the collection and use of their data, obtaining any required consent, honouring their access/rectification/erasure requests, and securing your device to prevent unauthorised access to staff data.
  • You are responsible for exporting, rotating, and deleting staff data backups according to your retention policy and the applicable law.

2.2 Data we receive on our servers:

  • Licence key & device identifier — when you activate ChefCaveau and when you use AI features, your browser sends your licence key and a device identifier to our backend (api.chefcaveau.com) to validate your licence, enforce a per-licence device limit, and meter AI credits.
  • AI request content — when you use an AI feature (recipe generation or menu translation), the text you submit (such as a dish name or the menu items to translate) is sent to our backend, which forwards it to our AI provider (see Section 4). We do not store the source text; for menu translation we cache the translated output for up to 90 days so you are not charged twice for the same translation (see Section 5).
  • Email address (purchase) — when you buy ChefCaveau, Paddle (our payment provider) passes us the email address you used at checkout. We store it in your licence record on our backend to deliver your licence key, let you recover it later, and send you purchase-related transactional emails (via Resend). We never use it for marketing without your separate consent.
  • Email address (waitlist) — only if you voluntarily submit it through a form on our site. This is processed by Formspree (our form processing service).

2.3 Data we do NOT collect:

  • No cookies, no tracking pixels, no analytics
  • No device fingerprinting or behavioral tracking
  • No usage statistics or telemetry
  • No third-party advertising or retargeting scripts

3. How We Use Your Data

We may process your email address in two cases: (a) if you submit it voluntarily through the waitlist form, and (b) if you purchase ChefCaveau, in which case we receive it from Paddle and store it in your licence record. We use it to:

  • Deliver your licence key and let you recover it later (purchase email)
  • Send you purchase-related transactional emails (purchase email)
  • Notify you about AI Chef Pro availability and updates (waitlist email)
  • Send you product-related communications

We will never sell, rent, or share your email address with third parties for marketing purposes.

4. AI Module and Third-Party Services

When you use the AI Chef Pro module, the text you submit is sent from your browser to our backend (api.chefcaveau.com, hosted on Cloudflare), which forwards it to our AI provider using our own API credentials. You do not need, and we do not ask for, your own AI provider key. The provider we use is:

  • Anthropic — recipe generation and menu translation. Anthropic Privacy Policy

We send these providers only the content required to fulfil your request. We do not send them your identity, email, or licence key.

5. Data Storage and Security

Your working data — recipes, menus, set menus, banquets, costs, photos, and staff roster — is stored locally on your device using browser-native storage (IndexedDB and localStorage). This data never reaches our servers, so your recipes and business information remain under your full control and we cannot experience a data breach affecting it.

The limited data that does reach our servers is described in Section 2.2. Specifically, on our backend (Cloudflare Workers, with KV and R2 storage) we hold:

  • Your licence record (the email address used at purchase, licence key, plan, remaining AI credits, and the device identifier(s) bound to your licence).
  • A cache of AI menu translations, stored per licence for up to 90 days and then automatically deleted. We do not store the source text of your menus — only its hash and the translated output.
  • An operational audit log of AI translation requests that records a hashed licence reference and metadata, but not the source text of your menus.

You are responsible for backing up your local data using the built-in export feature. We strongly recommend exporting a backup regularly and storing it in a secure location (cloud storage, USB drive, etc.).

5.1 Sub-processors. We rely on the following service providers to operate ChefCaveau. Each processes data only as needed to provide its service:

  • Cloudflare, Inc. — backend hosting, licence validation, and storage of the translation cache and audit log (Workers, KV, R2).
  • Anthropic, PBC — AI processing of the content you submit to AI features (see Section 4).
  • Resend — transactional email (such as licence delivery and recovery).
  • Paddle.com — our payment provider and Merchant of Record. When you purchase ChefCaveau, Paddle processes your payment and billing information as the seller of record; we do not receive or store your full payment details. See the Paddle Privacy Policy.
  • Formspree, Inc. — processing of any web form you submit (see Section 6).

6. Form Processing (Formspree)

Email submissions through the AI waitlist are processed by Formspree, Inc. Formspree acts as a data processor on our behalf. For details on how Formspree handles data, see the Formspree Privacy Policy.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate personal data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, commonly used format
  • Objection — object to processing of your personal data
  • Withdraw consent — withdraw previously given consent at any time

The personal data we may hold is your email address — from the waitlist form and/or from your purchase (stored in your licence record). You can exercise any of these rights by contacting us at legal@chefcaveau.com. On request we will erase your purchase email and licence records, though we may retain minimal data where required to prevent fraud or to comply with legal or accounting obligations.

For data stored locally in your browser, you have full control: you can delete it at any time by clearing your browser data or using the application's built-in data management features.

8. Children's Privacy

ChefCaveau is a professional tool designed for use by adults in commercial kitchen environments. We do not knowingly collect personal information from children under the age of 16. If you believe a child has submitted personal information to us, please contact us and we will delete it promptly.

9. International Data Transfers

Some of our sub-processors (see Section 5.1) are based in the United States or process data there. By using ChefCaveau and its AI features, you acknowledge that the limited data described in Section 2.2 may be transferred to and processed in countries outside your own, including the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Caveau Digital LLC (Data Controller)
30 N Gould St, Ste N
Sheridan, WY 82801
United States

Email: legal@chefcaveau.com

© 2026 Caveau Digital LLC. ChefCaveau® is a trademark of Caveau Digital LLC. All rights reserved.
Privacy Policy Terms of Service Refund Policy License