All payments made in the preview are in test mode. Read more
the Satin Spoon Home

Privacy Policy

Last updated: May 13, 2026

1. Who we are

the Satin Spoon ("we", "us", "our") is a meal-planning service operated online at thesatinspoon.com. Our business is based in Canada and we currently offer the service to residents of Canada, the United States, the United Kingdom, Australia, and New Zealand. For privacy questions or requests, contact privacy@thesatinspoon.com. For general support, contact support@thesatinspoon.com.

This policy explains what personal information we collect, why we collect it, how we use and share it, how long we keep it, and your rights — including under the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

2. What we collect

We try to collect only what we need to run the service. The data we collect falls into these categories:

  • Account information. Email address, password (stored only as a salted hash by our authentication provider), display name, date of birth (used to verify you are 13+), country selected at sign-up, and a record of your consent.
  • Profile and household information. Household name, members you invite, default servings, units, country, cuisine preference, and quick-meal settings.
  • Meal preferences. Allergies, disliked foods, safe foods, pantry staples, and the "taste profile" we learn from your recipe swaps to personalise suggestions.
  • Recipes, meal plans, and shopping lists you create, generate, or save.
  • Billing information. If you subscribe, our payments processor (Stripe) processes your card. We never see or store full card numbers — we only retain a customer/subscription identifier and basic billing status.
  • Usage and device data. Standard server logs, IP address, browser/device type, pages viewed, and basic interaction events (such as plan generation or recipe swaps) used to operate, secure, and improve the service.
  • Communications. Emails you send us, and transactional emails we send to you.

We do not collect special-category health data (such as medical diagnoses or biometric data). Allergies and dietary preferences you enter are used only to generate suitable meal suggestions; please do not enter clinical health information.

3. Why we collect it (lawful bases)

  • To provide the service (contract). Creating your account, generating meal plans, syncing households, and processing payments.
  • To keep the service safe and working (legitimate interests). Securing accounts, preventing abuse, debugging, and basic product analytics.
  • With your consent. Sending your inputs to AI providers to generate recipes and the taste profile, and any non-essential cookies you accept on the cookie banner.
  • To comply with the law. Tax, accounting, fraud-prevention, and responding to lawful requests.

4. Consent and how we record it

When you create an account you give explicit consent to our Terms of Service, this Privacy Policy, and to the use of AI to generate suggestions (including sending your inputs to third-party AI providers). We record the timestamp and version of that consent in our consent log so we can demonstrate it later.

You can withdraw consent at any time by deleting your account from Settings → Account. Withdrawing consent doesn't affect the lawfulness of processing we did before you withdrew.

5. AI-generated content and what we send to AI providers

To generate recipes, weekly meal plans, swaps, and your "taste profile", we send relevant inputs (such as dietary preferences, allergies, disliked foods, household size, and recent swap history) to third-party large language model providers (currently Google Gemini and OpenAI, via the Lovable AI Gateway). We do not send your name, email address, payment details, or anyone else's personal data to these providers. AI output is probabilistic and not medical or nutritional advice — see the AI disclaimer in our Terms of Service.

6. Children

You must be at least 13 years old to use the service, and we ask for date of birth at sign-up to verify this. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete the account and associated data promptly. If you believe a child under 13 has signed up, please email privacy@thesatinspoon.com.

7. Cookies and similar technologies

We use a small number of cookies and browser storage items to keep you signed in, remember your preferences (e.g. "remember me" on sign-in), and run the service. These are essential and do not require consent. If we add non-essential cookies (such as analytics) we will request your consent first via the cookie banner; you can change your choice by clearing the consent stored in your browser.

8. Who we share your data with (sub-processors)

We share personal information only with vetted service providers acting on our instructions:

  • Hosting, database, and authentication — Supabase (PostgreSQL hosting, auth, storage) and Cloudflare (edge runtime / CDN).
  • Authentication providers — Google (only if you choose "Continue with Google").
  • AI processing — Google (Gemini) and OpenAI, via the Lovable AI Gateway, for recipe and meal-plan generation.
  • Payments — Stripe processes subscriptions and card details on our behalf.
  • Transactional email — our email-sending provider delivers messages such as sign-up confirmation, billing receipts, and password resets.
  • Error monitoring and basic product analytics — used in aggregate to keep the service reliable.

Each provider is bound by its own privacy and data-processing terms; please review those if you'd like more detail. We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

9. International transfers

Our providers may process your data in Canada, the United States, the European Union, and the United Kingdom. Where required, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms in our providers' contracts.

10. How long we keep it

  • Account data — kept for as long as your account is active.
  • Recipes, plans, and household content — kept until you or another household member deletes them, or your account is deleted.
  • Billing records — kept for the period required by tax and accounting law (typically 6–7 years).
  • Consent log — kept for the lifetime of the account plus a reasonable period afterwards as proof of consent.
  • Server logs — kept for a short rolling window for security and debugging.

When you delete your account, we delete or anonymise your personal data, except for records we must keep for legal or accounting reasons.

11. Your privacy rights

Depending on where you live, you may have some or all of the following rights in respect of your personal information:

  • Access — ask for a copy of the personal information we hold about you.
  • Correction — ask us to fix data that is inaccurate or incomplete.
  • Deletion / "right to be forgotten" — ask us to delete your data; you can also delete your account yourself from Settings → Account.
  • Portability — ask for an export of your data in a machine-readable format.
  • Withdraw consent — for processing based on consent, including AI processing.
  • Object or restrict — ask us to stop or limit certain processing based on legitimate interests.
  • Lodge a complaint — with your local data-protection authority (for example, the UK ICO, your provincial privacy commissioner in Canada, or the California Attorney General).

California residents (CCPA/CPRA). You have the right to know what personal information we collect and how we use it, to request deletion, and to opt out of the "sale" or "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioural advertising. You may also designate an authorised agent to make a request on your behalf.

Canadian residents (PIPEDA). You can challenge the accuracy and completeness of your personal information and have it amended as appropriate. We protect your data with the safeguards described in section 12 below.

To exercise any of these rights, email privacy@thesatinspoon.com from the address on your account. We may need to verify your identity. We aim to respond within 30 days.

12. Security

  • All traffic is served over HTTPS.
  • Passwords are stored as salted hashes by our authentication provider — we never see your password.
  • Database access is restricted with row-level security so household members can only access their own data.
  • Service-role credentials and API keys are stored as server-side secrets, never exposed to browsers.
  • We follow reasonable administrative and technical safeguards appropriate to the sensitivity of the data.
  • If a breach occurs that is likely to result in a risk to your rights, we will notify you and the relevant regulator where the law requires it.

13. Marketing

We do not currently send marketing emails. If we ever do, we will obtain your separate opt-in first and every email will include a one-click unsubscribe link. Transactional emails (sign-up confirmation, password reset, billing receipts, important service notices) are not marketing and will continue while your account is active.

14. Changes to this policy

We may update this policy from time to time. If a change is material, we'll notify you by email or in the app before it takes effect, and we'll update the "Last updated" date above. Continued use of the service after changes means you accept the updated policy.

15. Contact us

Privacy requests: privacy@thesatinspoon.com
General support: support@thesatinspoon.com
Operating from: Canada

Read our Terms of Service →