Privacy Policy.
This policy explains what information Lighthearted Kitchen (“Lighthearted Kitchen,” “we,” “us”) collects, how we use it, who we share it with, how we protect it, and how you can access or delete it. It applies to our website and to the Lighthearted Kitchen platform at app.lightheartedkitchen.com.
What we collect
When you submit an inquiry or chef application, we collect what you give us — name, email, phone, city, and the details about your event or your cooking. When you create an account, we collect your email and basic profile information. When you book a chef, we use Stripe to process payments and we never store your card information ourselves.
What we do with it
We use it to match you with a chef (or vice versa), run the booking, send you transactional updates, operate and secure the platform, and improve the network. We do not sell your data, and we do not use it for advertising.
How we use Google user data
Lighthearted Kitchen offers two optional features that use Google: signing in with your Google account, and connecting your Google Calendar (for chefs) so we can keep your booking availability accurate. Both are opt-in — you choose whether to use them, and you can disconnect at any time. This section describes, specifically, how we handle data we receive from Google.
Data we access
Sign in with Google. If you choose to sign in with Google, we receive your basic Google profile information through the openid, email, and profile scopes — namely your email address and name — solely to create and authenticate your Lighthearted Kitchen account.
Google Calendar connection (chefs only). If a chef connects their Google Calendar, we use the https://www.googleapis.com/auth/calendar.events scope together with openid, email, and profile. From the chef's primary Google Calendar we read only the timing and busy/free status of events — start time, end time, an opaque event identifier, and whether the event is marked busy. We use the identity scopes only to record which Google account was connected. We do not read or store event titles, descriptions, locations, attendees, attachments, or any other event content.
How we use that data
Google user data is used only to provide the feature you enabled. Sign-in data is used to authenticate you. Calendar data is used to calculate when a chef is already busy so we can block those times in the chef's Lighthearted Kitchen availability and prevent double-booking. We import busy windows for a rolling period (roughly the past week through the next year) and refresh them when the chef syncs. We do not use Google user data for advertising, we do not sell it, and we do not use it to train generalized artificial intelligence or machine-learning models.
How we share that data
We do not sell Google user data and we do not share it with third parties for their own purposes. It is processed only by the infrastructure providers that run our service on our behalf — Supabase (database and storage) and Vercel (application hosting) — under their data-processing terms, and only to operate the features above.
How we store and protect that data
Google OAuth tokens (the access and refresh tokens that let us sync a connected calendar) are encrypted at rest before they are stored in our database, and are only ever used by server-side code — never exposed to your browser. All data is transmitted over encrypted connections (HTTPS/TLS). Access to the underlying database is restricted by row-level security so that a chef's data is only accessible to that chef and to our server-side service role. The calendar data we retain is limited to busy time windows, not event content.
How long we keep it, and how to delete it
Imported calendar busy windows are replaced on each sync and are not kept as a running history. When you disconnect a calendar in your Lighthearted Kitchen settings, we immediately delete the stored OAuth tokens for that connection and the busy windows imported from it. You can also revoke Lighthearted Kitchen's access at any time from your Google Account permissions page. To request deletion of any remaining Google user data, email privacy@lightheartedkitchen.com and we will complete it within 30 days.
Limited Use
Lighthearted Kitchen's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Payments
We use Stripe to process payments and chef payouts. Card details go directly to Stripe; we never store your full card number. Stripe processes this data as described in its own privacy policy.
Mobile messages (SMS)
If you opt in to text messages, we send transactional and event-related notifications — for example booking confirmations, proposal updates, event reminders, address releases, cancellations, and payout alerts — to the mobile number you provide, through our messaging provider Twilio. Opt-in is always explicit: we never text you without your consent, and consenting to texts is never a condition of booking or purchase. Message frequency varies based on your activity. Message & data rates may apply. Reply STOP to unsubscribe at any time, or HELP for help. Your mobile opt-in information and consent are not shared with third parties or affiliates for marketing purposes.
Who else we share data with
Beyond Google data (covered above), we share only what's necessary to deliver the service: your name and event details with the chef we match you with; payment data with Stripe; transactional email with Resend; and SMS (when you opt in) with Twilio. We do not sell your personal information. We do not share your mobile opt-in information or SMS consent with any third parties or affiliates for marketing or promotional purposes.
The Lighthearted Kitchen iOS app
Our iOS app is the same Lighthearted Kitchen service in a native shell, and this policy applies to it in full. A few things are specific to the app:
Push notifications. If you turn on notifications, Apple issues your device a push token, which we store against your account and use solely to deliver the booking, message, and event updates you choose in your notification settings. We never send marketing pushes without your explicit opt-in. Turning notifications off (in the app or in iOS Settings) deactivates the token, and deleting your account deactivates it permanently.
Device permissions. The app asks for camera, photo library, or microphone access only when you choose to add a photo or video — to your profile, a listing, or a message. Media you select is uploaded to your account; we never access your camera roll beyond what you pick.
No tracking. The app does not track you across other companies' apps or websites and contains no advertising or tracking SDKs.
Your rights
Email privacy@lightheartedkitchen.com to access or correct your data, including any data we received from Google — we'll respond within 30 days. Account deletion is self-serve: Settings → Privacy & Sharing → Delete my account, effective immediately. Booking and payment records required for tax and dispute purposes are retained for the legally required period (IRS standard: 7 years), tied to the anonymized account, never to your name.
Last updated: 2026-06-08

