Data Protection

Privacy Policy

Effective: January 3, 2026Version 2.0

🔒 Our Core Privacy Promise: No Model Training

We know your recipes and processes are your trade secrets. We strictly do NOT use your specific proprietary data to train, fine-tune, or improve our public proprietary models. Your data is isolated and used solely to generate your requested documents.

#1Data We Collect

We collect two types of information:

  • Account Data: Name, email, and billing history (handled via Stripe). We do not store credit card numbers.
  • Operational Data: The specific inputs you provide to the HACCP builder (ingredients, equipment, staff names, process flows).

Plain English SummaryWe collect your login info and the stuff you type into the builder. That's it.

#2How We Use Your Data

Your data is used for one primary purpose: to provide the Service. This includes:

  • Generating your HACCP plan via our technology providers (Groq/OpenAI).
  • Sending you transactional emails (receipts, password resets).
  • Improving the UX of the platform (analytics on how features are used, not what is written).

Plain English SummaryWe use your data to build your plan and keep the lights on. We don't sell it.

#3Technology & Third-Party Processing

To generate your HACCP plans, we securely transmit limited text prompts to our data processing partners. We currently utilize:

  • Groq Inc.: For high-speed inference. Groq Privacy Policy.
  • OpenAI: For advanced reasoning tasks. Data is processed via their API Platform which is distinct from ChatGPT and does not use data for training. OpenAI Enterprise Privacy.

Zero-Training Guarantee: Both partners are contractually prohibited from using data sent via our API integrations for model training or improvement. Your operational secrets remain yours.

Plain English SummaryWe use Groq and OpenAI to process your data. They are under strict contract NOT to learn from your inputs.

#4Data Retention Policy

We retain your personal information and generated plans for as long as your account is active or as needed to provide you the Service.

  • Active Accounts: Plans are stored indefinitely to allow for editing and re-downloading.
  • Deleted Accounts: Upon request, your account data is logically deleted immediately and permanently purged from our backups within 30 days.
  • Inactive Accounts: Accounts inactive for over 24 months may be subject to automated deletion after email notification.

Plain English SummaryWe keep your plans while you need them. If you delete your account, they're gone from our servers within 30 days.

#5Your Rights (GDPR & CCPA)

We are committed to full compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You have the right to:

  • Access: Request a copy of all personal data we hold about you (Subject Access Request).
  • Rectification: Correct any inaccurate or incomplete data in your profile.
  • Erasure: Request the permanent deletion of your account and data ("Right to be Forgotten").
  • Portability: Receive your data in a structured, machine-readable format (JSON/CSV).

To exercise any of these rights, please email our Data Protection Officer at support@ilovehaccp.com with the subject line "Privacy Request". We will respond to all valid requests within 30 days.

Plain English SummaryYou own your data. Email us to see it, fix it, or delete it. We'll handle it within a month.

#6Contact

Data Protection Officer (DPO): support@ilovehaccp.com