Privacy Policy

Pantry to Fork Pty Ltd · Effective 26 June 2026 · Version 2026-06-26

User Agreement · Privacy Policy · Copyright & Takedown Policy

This Privacy Policy explains how Pantry to Fork Pty Ltd (ABN 63 281 974 991) ("Pantry to Fork", "we", "us") collects, uses, discloses and protects your personal information when you use the Pantry to Fork website and application (the "Service"). It should be read with our User Agreement.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because the Service is available globally, additional rights may apply to you under laws such as the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA) — see "Your rights" below.

Privacy laws protect the personal information of individuals. Where an Account is a Business Account (held by a company or other legal entity — see the User Agreement), the personal information described in this Policy is the information of the individuals connected with that Account, such as its authorised representative, the personnel it permits to use the Account, and (for payouts) its beneficial owners. References to "you" should be read accordingly.

1. The information we collect

  • Account information — your email address, username, and a securely hashed password. We never store your password in plain text. For a Business Account, this includes the contact details of the authorised representative and any personnel who use the Account, and the business or brand name shown as the username.
  • Profile and preferences — for example, your unit preference and default servings, and your subscription tier.
  • Content you submit — recipes, descriptions, ingredients, instructions, images, ratings and comments (see the User Agreement for how Content is licensed and shared).
  • Payment information — when you subscribe, payments are processed by Stripe. We do not receive or store your full card number. We store a Stripe customer reference and subscription status.
  • Payout and verification information — if you become a Creator and onboard for payouts, Stripe (Stripe Connect) collects and holds the identity and verification information it needs (KYC/AML, and for a Business Account, business verification (KYB) of the entity, its beneficial owners and an authorised representative). We do not store your identity documents; we store only a reference to your connected account and Stripe's verdict on your payout status.
  • Usage and impression data — to operate features and calculate Creator payouts fairly, we record limited technical information when recipes are viewed, including IP address, browser/device information (user agent) and timestamps.
  • Security and authentication data — session records (with IP and device information) and, if you enable multi-factor authentication, an encrypted authenticator secret and hashed backup codes.
  • Records of agreement and consent — when you accept our Terms or consent to publish a recipe, we record the version you accepted and the date, time, IP address and device information of that acceptance, as proof of agreement.
  • Communications — messages you send us (for example, support requests).

2. How we use your information

  • to create and manage your Account and provide the Service and its features;
  • to process Subscriptions and (for Creators) calculate and make payouts;
  • to display and distribute Content you choose to make public;
  • to secure the Service, authenticate you, and detect and prevent fraud, abuse and impression manipulation;
  • to communicate with you about your Account, transactions, security and important changes (including billing and payout emails);
  • to improve the Service, including through aggregated or de-identified analysis; and
  • to comply with our legal obligations and enforce our Terms.

Where the GDPR applies, our legal bases are: performance of our contract with you (providing the Service, billing, payouts); our legitimate interests (securing and improving the Service, preventing fraud, calculating payouts); your consent (where we ask for it, such as certain communications); and compliance with legal obligations.

3. When we disclose information

We do not sell your personal information. We disclose it only as needed to run the Service:

  • Payments and payouts — Stripe, to process Subscriptions and Creator payouts.
  • Hosting and storage — our cloud hosting and file-storage providers, which host the application and store recipe images.
  • Email delivery — our transactional email provider, to send confirmation, security, billing and payout emails.
  • Error monitoring — our error-monitoring provider, configured to minimise personal information (we disable sending of request bodies, cookies, headers and similar data).
  • Other users and the public — Content you make public, and your username, are visible to other users and visitors.
  • Legal and safety — authorities or others where we reasonably believe disclosure is required by law or necessary to protect rights, safety or the integrity of the Service.
  • Business transfers — a successor entity if our business is sold or reorganised, subject to this Policy.

4. Overseas disclosure

Some of our service providers (including Stripe and our hosting, storage, email and error-monitoring providers) are located, or store data, outside Australia — for example in the United States and other countries. Where we disclose personal information overseas we take reasonable steps to ensure it is handled consistently with the APPs and applicable law. Where required, transfers of data from the EU/UK rely on appropriate safeguards such as standard contractual clauses.

5. Cookies and similar technologies

We use a small number of strictly necessary cookies to keep you signed in and to keep the Service secure (for example, a signed, HTTP-only session cookie). These are essential to the Service and cannot be turned off through the Service. We do not use the session cookie for advertising.

6. How we protect your information

We take reasonable steps to protect personal information, including: hashing passwords; encrypting sensitive fields (such as authenticator secrets) at rest; offering multi-factor authentication; signed, HTTP-only session cookies with absolute session timeouts; transport encryption (HTTPS); and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. How long we keep information

We keep personal information for as long as your Account is active and as needed to provide the Service, and afterwards as required to meet legal, tax, accounting, payout and dispute obligations, or to prevent fraud. When you delete your Account, we remove or de-identify your personal information, except where we are required or permitted to retain certain records (for example, transaction and payout records, and records of agreement). Some information may persist in limited forms — for example, a public recipe you shared may remain available to a user who saved it to their basket until they remove it (see the User Agreement), and impression records used for past payout calculations are retained but no longer linked to you.

8. Your rights and choices

Subject to applicable law, you may:

  • Access and correct your personal information (much of it is available in your preferences; otherwise contact us);
  • Delete your Account and request erasure of your personal information;
  • Object to or restrict certain processing, and (where the GDPR applies) request portability of information you provided to us;
  • Withdraw consent where we rely on it (without affecting prior processing); and
  • if you are a California resident, exercise your CCPA/CPRA rights to know, delete, correct and opt out — note we do not sell or "share" personal information for cross-context behavioural advertising.

To exercise a right, contact us at contact@pantrytofork.app. We will verify your request and respond within the time required by law. There is usually no charge.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it. (See the User Agreement for age eligibility.)

10. Complaints

If you have a privacy concern, please contact us first at contact@pantrytofork.app and we will investigate. If you are not satisfied, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au), or, where applicable, to your local data-protection authority.

11. Changes to this Policy

We may update this Policy from time to time. When we make a material change we will update the version and effective date above and, where appropriate, notify you. Your continued use of the Service after a change takes effect means you accept the updated Policy.

12. Contact us

Pantry to Fork Pty Ltd (ABN 63 281 974 991)
275 Hunter Street Newcastle NSW 2300 Australia
Privacy enquiries: contact@pantrytofork.app