Potluck Privacy Policy
Effective date: 3 June 2026
Potluck is a free, social cooking community for home cooks. This policy explains what we collect, why, and the control you have over it. We wrote it to be read, not endured — but it means what it says.
The short version: Potluck is free, we show no ads, we sell nothing, and we are supplier-neutral — we never rank or recommend grocery stores or brands. We only log behavioural data when you've given a live, specific consent.
1. Who we are
Potluck ("Potluck", "we", "us") operates the Potluck mobile app. For privacy questions: privacy@potluck.family.
2. What we collect, and why
| Category | What | Why |
|---|---|---|
| Account & profile | Email (for sign-in), handle, display name, optional avatar, bio | To create your account and let other chefs find and follow you |
| Recipes | Titles, ingredients, steps, photos, source links you add | To store and display the recipes you create or import |
| Cooks ("I made this") | Effort rating, difficulty felt, active minutes, would-make-again, notes, photos, timestamp | To build your cooking history, show it on your profile and in the feed, and — with your consent — to understand how home cooks experience effort in the kitchen |
| Basket & grocery lists | Item names, quantities, units, categories, free-text store names you type, purchased state | To power your shopping basket and shared lists |
| Photos | Recipe cover images and cook photos | To display your recipes and cooks |
| Behavioural events | In-app actions (e.g. "cooked logged", "recipe created") with a session id and app version | Only with your behavioural_analytics consent — to understand cooking effort and grocery purchase decisions in aggregate |
| Device/technical | App version, basic session identifier | Reliability and debugging |
We do not collect precise location, contacts, or device advertising IDs.
3. Consent comes first
You cannot be silently tracked. Potluck uses a versioned, append-only consent ledger:
- Data processing — required to use the app at all (we can't run your account without it).
- Behavioural analytics — optional. If you decline, we send no analytics events — not even to our server; the app short-circuits before any network call.
- Transfer on acquisition — optional (see §5).
You can review and change these any time in Settings → Privacy. Withdrawing a consent stops the corresponding processing going forward; we record the change as a new ledger entry (we never silently rewrite history).
4. Our business model (so the data purpose is clear)
Potluck is free with no ads, no subscriptions, and no grocery or supplier commissions. Our long-term value is an aggregated, consented understanding of home cooking — specifically how much effort people put into cooking and how they make grocery purchase decisions. That's why the cook log captures effort, and why store names are free text you control. We never use this to push you toward any store or brand.
5. Who we share with
- No third-party advertisers. No data brokers. We do not sell your data.
- Supplier-neutral: we never rank, recommend, auto-suggest, or hardcode any grocery store or brand. The store name on a grocery item is plain text you type, for your own reference.
- Service providers: we use Supabase (database, auth, storage) and Anthropic (to auto-categorize ingredients and assist recipe import) strictly to operate the app, under their data terms.
- Other chefs: content you choose to make public (public recipes, your cooks, profile) is visible to other users by design. Baskets are visible only to members you invite.
- Change of control: if Potluck is ever acquired or merged, your data may transfer to the successor — but the behavioural analytics dataset transfers only for users who granted transfer-on-acquisition consent. Any successor is bound by commitments at least as protective as this policy.
- Legal: we may disclose if required by law.
6. Your rights
Regardless of where you live, you can:
- Access / export your data (Settings → Privacy → export).
- Delete your account and associated content (Settings → Privacy → delete account, or email privacy@potluck.family). Deletion is processed through our erasure queue and removes your profile, recipes, cooks, baskets, and photos (some records may persist briefly in backups, then age out — see §8).
- Withdraw consent at any time.
- Object / restrict / rectify — contact us and we'll act on it.
EU/EEA users (GDPR) and Singapore users (PDPA) have these rights as a matter of law; we extend them to everyone.
7. Legal bases (GDPR) & PDPA
- Contract — processing needed to provide the app (your account, recipes, baskets).
- Consent — behavioural analytics and acquisition transfer.
- Legitimate interests — security, abuse prevention, basic reliability, kept proportionate. Under Singapore's PDPA we collect, use, and disclose personal data only for purposes a reasonable person would consider appropriate, with consent.
8. Retention
We keep your data while your account is active. When you delete your account, we remove your personal data from live systems promptly and from routine backups as they cycle out (typically within 30 days). Aggregated, de-identified insights that cannot be linked back to you may be retained.
9. Children
Potluck is for cooks 13 and older. We don't knowingly collect data from anyone under 13; if we learn we have, we delete it.
10. Security
Access to your data is enforced at the database level (row-level security), photos are stored with per-user access controls, and analytics events can only be written through a consent-checked server function — never directly by the app.
11. Changes to this policy
If we make material changes, we'll notify you in-app and update the effective date. Continued use after a change means you accept the updated policy.
12. Contact
Privacy questions, requests, or complaints: privacy@potluck.family.