Chef7 Security & GDPR

Where your data is hosted

Chef7 stores all customer data on Supabase in the West EU region (Ireland). Supabase is a managed Postgres provider with SOC 2 Type II compliance. The static site is delivered through Cloudflare Pages globally, but every database read and write hits the EU region. AI inference for recipe generation uses Google Gemini 2.5 Flash; prompts and outputs are not used to train Google models (per Vertex AI terms).

Payment data

Chef7 never sees credit-card data. Billing is handled by Paddle as Merchant of Record. This means Paddle is the legal seller for tax and consumer-rights purposes, calculates and remits VAT correctly per country, and stores all card information under PCI DSS Level 1 compliance. Chef7 only receives a customer ID, a plan code and a webhook telling it whether the subscription is active.

Customer personal data — automatic wipe

Restaurants using Chef7 collect customer phone numbers for takeaway tickets and table reservations. To minimise data retention under GDPR Article 5(1)(e):

• Takeaway tickets — after the order is delivered, the customer name and phone number are wiped. The operational record (ticket number, items, timestamps, total) is kept for accounting.
• Table reservations — after the mesa closes, the reservation name and phone are wiped. The operational record (table, party size, time, total) is kept.
• Waitlist — when the customer is seated or after a 12-hour timeout, the phone is wiped. Only the seated_at timestamp is kept for the average wait calculation.

Database access controls

Postgres uses row-level security (RLS) with 129 active policies as of April 2026. Each authenticated user can only read and write rows that belong to their own restaurant or account. Service-role access is used only by the backend Edge Functions, never exposed to the browser. Audit logs record who changed what (prices, refunds, schedule overrides) with timestamp and user ID.

Backups and recovery

Database backups run daily and are kept for 30 days on Supabase's Point-in-Time Recovery. A separate full schema + data dump is retained on demand for resurrection in case of total platform failure. The latest schema (46 tables, 129 RLS policies, 233 functions) is kept versioned in the source repository.

Authentication

Login uses Supabase Auth with email + password and optional magic-link via email. Passwords are stored hashed (bcrypt). Sessions are issued as JWTs with a 1-hour expiry and silent refresh. The browser never stores the password.

Subprocessors

• Supabase — database, authentication, edge functions, storage (West EU)
• Cloudflare — static delivery, DNS, DDoS protection (global)
• Paddle — payment processing, VAT calculation, invoicing (UK/EU)
• Google Cloud (Gemini) — AI inference for recipe generation

Right to access, export, delete

Per GDPR Articles 15, 20 and 17, any user can request a full copy of their data or its deletion at any time by emailing [email protected]. Requests are honoured within 30 days. Account self-deletion from inside the app is being added.

Reporting a vulnerability

If you find a security issue, please email [email protected] with details. We do not currently run a paid bug-bounty programme but acknowledge responsible disclosure publicly.