Privacy Policy

Last updated: April 14, 2026

This Privacy Policy describes how SafeCheck (“we”, “us”) collects, uses, and protects information when you use our food safety compliance platform at safecheck.sbs (the “Service”).

1. Information we collect

Account information

When you register, we collect your email address, name, password (stored as a bcrypt hash, never in plaintext), and restaurant details you provide (name, location, team members).

Operational data

We store the checklists, temperature logs, receiving records, certifications, photos, and other compliance data you enter. This data belongs to you and is isolated from other customers via row-level security.

Payment information

Payments are processed by Stripe. We never see or store your full card number. Stripe sends us a customer identifier, subscription status, and the last four digits of your card for reference.

Technical data

We collect basic server logs (IP address, user agent, timestamps) and anonymous analytics via Vercel Analytics to understand aggregate usage. We do not use third-party advertising trackers.

2. How we use your data

  • To provide the Service (store and display your compliance records)
  • To send operational emails (alerts when temperatures are out of range, weekly digests, password resets)
  • To process payments through Stripe
  • To fix bugs and improve the product
  • To respond to your support requests

We do not sell your data. We do not use it to train AI models. We do not share it with advertisers.

3. Where your data is stored

Your data is stored on Supabase (PostgreSQL, AWS us-east-1 region). Photos are stored in Supabase Storage. Transactional emails are sent via Resend. Payment data is handled by Stripe.

4. Data retention

Active account data is retained as long as your subscription is active. Compliance records older than the retention window configured in your plan may be automatically archived or deleted to keep your account tidy. If you cancel, we retain a minimal record of the account for 30 days to handle refunds and disputes, then delete operational data. Financial records may be retained longer where required by law.

5. Your rights

Depending on your jurisdiction (GDPR for the EU/EEA/UK, CCPA for California, similar laws elsewhere), you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise these rights, email hello@safecheck.sbs. We respond within 30 days.

6. Cookies

We use essential cookies for authentication (session cookies set by Supabase Auth) and language preferences. We do not use advertising cookies. Vercel Analytics uses a first-party, privacy-preserving identifier that does not track users across sites.

7. Children

SafeCheck is a B2B product for restaurants and is not intended for anyone under 18. We do not knowingly collect data from children.

8. Changes

We may update this policy. Material changes will be announced via email to active customers and by updating the “Last updated” date above.

9. Contact

Privacy questions, data requests, complaints: hello@safecheck.sbs.