Privacy Policy

Last updated: 2026-05-20

Homecook("we") respects your privacy. This policy explains what personal data we collect, why, and your rights.

1. Data we collect

• Account data: name, email, phone (if provided), hashed password.
• Profile data: city, pin code, address line, apartment/complex name, FSSAI number, UPI ID, profile and kitchen video.
• Activity data: dishes listed, orders placed, reviews written, follows.
• Technical data: IP address, browser/device info, session cookies, basic analytics.

2. Why we collect it

• To operate the Platform and process your transactions.
• To verify Cook identity / FSSAI compliance (required by the FSS Act, 2006).
• To send transactional emails (order events, password resets).
• To prevent fraud and protect food safety.
• To comply with applicable law.

3. What we share & with whom

• Cooks see: your name, contact info for orders you place from them, your delivery address if you provide one.
• Buyers see: your Cook profile, name, city, FSSAI number, dishes, reviews of you, and your kitchen video if you uploaded one.
• Service providers: hosting (Vercel), database (Neon Postgres), file hosting (UploadThing), email delivery (Resend). These providers process data on our behalf under their own privacy policies.
• Legal disclosure: if required by law, court order, or to defend our rights or user safety.

We do not sell your personal data to third parties.

4. Data retention

Account, order, and review data is retained while your account is active and for up to 7 years after deletion to comply with Indian tax and consumer-protection record-keeping rules. Aggregated, anonymised analytics may be retained indefinitely.

5. Cookies

We use first-party session cookies to keep you logged in (NextAuth JWT). No third-party advertising cookies. No cross-site tracking.

6. Your rights

Under the Digital Personal Data Protection Act, 2023 you may request access to, correction of, or deletion of your personal data. Email monika.mallada@gmail.com with the subject line "Data request" and we will respond within 30 days.

7. Security

Passwords are hashed with bcrypt (cost 10). Connections use HTTPS. Reset tokens are SHA-256-hashed in the database. We do not store payment card data — payments today flow directly via UPI between Buyer and Cook.

8. Children

Homecookis not intended for users under 18. If we learn we've collected data from a child, we will delete it.

9. Contact

Email monika.mallada@gmail.com for any privacy-related question.