Privacy Policy

1. Introduction

Orcaas.ai ("Company," "we," "us," or "our") operates EatEit (the "Service"), accessible at eateit.com. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using EatEit, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

• Email address
• Display name and username
• Google profile information (name, email, profile photo) when you authenticate via Google OAuth

2.2 User-Generated Content

• Recipes you create (ingredients, instructions, notes, tags)
• Cook logs (timestamps, notes, ratings, modifications)
• Photos and media uploaded with recipes and cook logs
• Voice transcriptions from cook log voice input
• Collections and saved recipes
• Reactions, follows, and social interactions

2.3 Usage Data

• Pages visited, features used, and interaction patterns
• Device type, browser type, and operating system
• IP address and approximate location
• Referring URLs and access timestamps

3. How We Collect Information

3.1 Directly From You

When you create an account, build recipes, log cooks, upload photos, or use voice input features.

3.2 From Third-Party Authentication

When you sign in using Google OAuth, we receive your name, email address, and profile photo from Google. We do not receive your Google password.

3.3 Automatically

We collect usage data automatically through server logs and analytics when you interact with the Service.

4. Voice Data

EatEit offers voice input for cook logs. Voice data is processed entirely client-side using the Web Speech API built into your browser. Raw audio is never transmitted to our servers. Only the final transcribed text is stored as part of your cook log. We do not retain, process, or share any raw voice recordings.

5. How We Use Your Information

• Provide, maintain, and improve the Service
• Create and manage your account
• Display your public profile, recipes, and cook logs to other users
• Enable social features (following, reactions, remixing)
• Send transactional emails (magic link authentication, account notifications)
• Analyze usage patterns to improve the Service
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations

6. Social Features and Public Information

EatEit includes social features. The following information may be visible to other users:

• Your public profile (display name, username, profile photo, cooking stats)
• Recipes and cook logs you make public
• Follow relationships (who you follow and who follows you)
• Reactions you leave on other users' cook logs
• Recipe remixes and attribution chains

You may control the visibility of individual recipes and cook logs through the Service's privacy settings.

7. Photo and Media Storage

Photos and media you upload are stored in Supabase Storage, hosted in the US-West region. Photos associated with public recipes or cook logs may be visible to other users. You may delete your uploaded media at any time through the Service.

8. Third-Party Services

We use the following third-party services to operate EatEit:

• Supabase — Database, authentication, and file storage. Data is stored in the US-West region. See Supabase Privacy Policy.
• Vercel — Web hosting and serverless functions. See Vercel Privacy Policy.
• Google — OAuth authentication. When you sign in with Google, your authentication is governed by Google's Privacy Policy.

9. Cookies and Similar Technologies

EatEit uses only essential cookies required for authentication and session management. These are set by Supabase Auth to maintain your login session. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

10. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• With your consent
• With the third-party service providers listed above, as necessary to operate the Service
• To comply with legal obligations, court orders, or governmental requests
• To protect our rights, safety, or property, or that of our users
• In connection with a merger, acquisition, or sale of assets (you will be notified)

11. Data Retention

We retain your account data and user-generated content for as long as your account is active. When you request account deletion, we will delete your personal information and content within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

12. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including encryption in transit (HTTPS/TLS), secure authentication via Supabase Auth, and access controls on data storage. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children's Privacy

EatEit is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

14. Your California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. As such, we do not offer an opt-out of sale mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Data Portability: You may request a copy of your personal information in a portable, machine-readable format.

To exercise any of these rights, please contact us using the information provided below. We will respond to verifiable requests within 45 days.

Categories of Personal Information Collected

• Identifiers (email, username, display name, IP address)
• Internet activity (usage data, pages visited, features used)
• Sensory data (photos uploaded by users)
• Other information you provide (recipes, cook logs, voice transcription text)

We Do Not

• Sell personal information
• Share personal information for cross-context behavioral advertising
• Use or disclose sensitive personal information for purposes other than providing the Service

15. Your Rights and Choices

• Access: You may access and download your personal data through your account settings.
• Correction: You may update your account information at any time.
• Deletion: You may request deletion of your account and associated data by contacting us.
• Portability: You may request an export of your data in a machine-readable format.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: