← Back

Privacy Notice

Last updated: 1 May 2026

1. Who we are

KitchenSync is operated by Caelan Verkuijl. We are the data controller for the personal data described in this notice. You can contact us through the support contact listed on this site.

2. Data we collect and why

CategoryPurposeLegal basis
Email & account credentialsCreate your account, sign you in, secure accessContract performance
Grocery lists & kitchen membershipProvide and sync the Service across household membersContract performance
Purchase records (Paddle transaction ID, status)Unlock paid features, handle refundsContract performance
Device, IP & basic usage dataSecurity, fraud prevention, debuggingLegitimate interests
Support messagesRespond to your enquiriesLegitimate interests / contract

We do not collect payment card details. Card data and billing details are collected and processed directly by Paddle as Merchant of Record.

3. Who we share data with

  • Paddle — our Merchant of Record, for sale of the product, subscription/purchase management, payments, tax compliance, invoicing, and refunds.
  • Hosting & infrastructure providers — to operate the database, authentication, and serverless functions that power the Service.
  • Professional advisers — legal and accounting advisers when necessary.
  • Authorities — where we are required to do so by law.

We do not sell your personal data.

4. International transfers

Our service providers may process data outside your country, including outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep account and list data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within a reasonable period, except where we must keep records (for example, financial records linked to purchases) to meet legal obligations.

6. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request correction or deletion;
  • restrict or object to certain processing;
  • request portability of data you provided;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data protection authority.

We aim to respond to verified requests within one month.

7. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, and authentication safeguards to protect your data. No system is perfectly secure, and we cannot guarantee absolute security.

8. Cookies & local storage

We use a small number of essential cookies and local storage entries to keep you signed in and remember your list state. We do not use advertising cookies.

9. Changes

We may update this notice from time to time. Material changes will be communicated through the Service.

See also our Terms & Conditions and Refund Policy.