1. Who we are Fit Healthy Chef provides prepared meals, custom meals, meal plans, subscriptions, gift cards, customer credit, promotions, delivery coordination and customer support through this website and related administration tools. This Privacy Policy explains how personal information is collected, used, stored and shared when customers browse, create an account, place an order, manage a subscription, contact support or opt in to marketing. 2. Information we collect We collect the information needed to provide the service, including name, email address, phone number, account credentials, billing and delivery address, city or suburb, postcode, delivery type, delivery instructions, order history, subscription details, cart contents, selected products, custom-meal choices, gift card and credit activity, promo-code usage, support messages and account preferences. We also store operational records such as payment status, Stripe checkout session IDs, Stripe payment intent IDs, Stripe subscription IDs, invoice links, delivery provider status, delivery tracking references, admin notes, support actions, impersonation/support-session activity, login activity, MFA status, trusted-device records and security events. 3. Payments and billing Payments, subscription billing, invoices, card handling and billing portal sessions are processed by Stripe. Fit Healthy Chef does not store raw card numbers or card security codes. The platform stores Stripe references, invoice links, payment status, refund status and billing metadata needed to operate orders, subscriptions, receipts, refunds, support and financial records. 4. Delivery and address services Delivery availability is calculated from the address, city or suburb, postcode, delivery date, delivery type and the delivery-zone rules configured by the business. Some orders may be delivered by Fit Healthy Chef directly, while other orders may be sent to BeCool Couriers/BCRC or another configured delivery provider. When a delivery provider is used, we share the information needed to deliver the order, such as recipient name, address, suburb, postcode, phone number, email, delivery instructions, order reference, tracking reference and box/tag information. If Google Places/Google Maps address autocomplete is configured, the browser may load Google services to help customers enter addresses. Google may receive technical information from the browser when that feature is used. 5. Marketing communications Customers may choose whether to receive marketing emails during checkout or account flows where this option is shown. When Klaviyo is configured and the customer opts in, Fit Healthy Chef may send the customer email address and relevant subscription/list information to Klaviyo so marketing emails, offers and menu updates can be managed. Customers can unsubscribe from marketing emails. Transactional messages about orders, payments, deliveries, accounts and security may still be sent where needed to provide the service. 6. Website, cookies and local storage The website uses essential cookies, tokens and browser storage for login sessions, cart behavior, checkout security, MFA challenges, trusted-device MFA and normal site operation. These are required for the service to work. The current platform does not require advertising or analytics tracking cookies for core operation. If non-essential analytics, advertising pixels or tracking tools are added later, the business should update this policy and add the required consent flow before enabling them. 7. Media, hosting and storage providers Product and catalogue images may be stored through an S3-compatible storage provider and served through a public CDN. Customer account, order and operational data is stored in the backend database and processed by the hosting infrastructure used by the business. Operational logs may be kept to troubleshoot errors, security events, payment issues, delivery issues and support requests. 8. How we use information We use personal information to create and manage accounts, authenticate users, protect staff areas with MFA, process orders, calculate pricing and delivery fees, prepare meals, manage custom meals and meal plans, process payments and refunds, manage subscriptions, dispatch deliveries, provide invoices, apply promotions and credits, operate gift cards, provide customer support, investigate issues, prevent fraud, improve the service, produce operational reports and comply with legal, tax and accounting obligations. 9. Who we share information with We share information only where needed to operate the service. Current or planned provider categories include payment processors such as Stripe, delivery providers such as BeCool/BCRC, email marketing providers such as Klaviyo when enabled and consented, address autocomplete providers such as Google Maps when configured, hosting/database/storage/CDN providers, and professional advisers or authorities where required by law. 10. Data retention We keep personal information only for as long as needed for service operation, tax, accounting, fraud prevention, dispute handling, customer support, legal compliance and business reporting. Order, invoice, payment, delivery and financial records may need to be retained even if an account is closed or anonymised. 11. Account deletion and anonymisation Customers may request account deactivation or deletion through the account area or by contacting support. The platform may deactivate the account immediately and anonymise personal profile information after the configured waiting period. Some records, including orders, invoices, payment references, delivery records, support records and audit logs, may be retained where legally or operationally required. 12. Security The platform uses access controls, password hashing, staff MFA, encrypted authenticator secrets when configured, protected cookies, token controls, admin permissions and operational logging to help protect information. No online service is risk free. Customers should use strong passwords and keep account access secure. 13. Access and correction Customers can request access to, correction of or deletion of their personal information by contacting Fit Healthy Chef. Identity verification may be required before a request is processed. 14. Changes to this policy Fit Healthy Chef may update this policy when the website, providers, business processes or legal requirements change. The latest version published on this page applies from the time it is made available.