Privacy Policy

Last updated: May 26, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use The Bar Book and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access the Service or parts of the Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

AI Integration refers to optional features that allow You to connect third-party AI assistants (such as Claude or ChatGPT) to Your Bar Book account via secure authorization (OAuth 2.1), enabling those assistants to read and modify Your data on Your behalf.

Application refers to The Bar Book, the software program provided by the Company, accessible at https://barbook.manmeetsoven.com and through mobile applications where available.

Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information.

CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").

Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Man Meets Oven LLC, located in Arizona, United States. For the purpose of the GDPR, the Company is the Data Controller.

Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: Arizona, United States.

Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

GDPR refers to EU General Data Protection Regulation.

House means a shared workspace within the Application that allows multiple users to collaborate on a shared bar cabinet, shared custom recipes, and other shared content. House owners can invite members; member contributions to a House remain with the House when a member leaves (see "Data Ownership in Houses" in this Policy).

House-Contributed Data means data added to a House by any member while they are a member of that House, including cabinet items, custom recipes, recipe photos, and other contributions to shared collections. Such data remains with the House when a member leaves.

Personal Data is any information that relates to an identified or identifiable individual.

For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

For the purposes of the CCPA/CPRA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

Personal User Data means data tied to Your individual account that travels with You across Houses, including but not limited to Your favorites, Your account preferences (such as theme selection), Your account profile information, and Your AI Integration authorizations and conversation history.

Service refers to the Application and any related services provided by the Company under The Bar Book brand.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.

Subscription refers to a paid plan that grants access to premium features of the Service, including but not limited to the "The Regular," "It's on the House," "Open Bar," and "Night Out" tiers, as well as one-time purchase offers such as the "Founding Member" offer.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit or how often a feature is used).

Website refers to The Bar Book, accessible from https://barbook.manmeetsoven.com.

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You can be referred to as the Data Subject or as the User.

Age Requirement

You must be at least 18 years of age to use the Service. The Service contains content about alcoholic beverages, cocktails, and bartending techniques.

The Service does not sell, serve, or facilitate the purchase of alcohol. All content is informational and educational. Consumption of alcohol is subject to the laws of Your jurisdiction, including but not limited to minimum legal drinking age requirements.

In the United States, the legal minimum age for purchase and consumption of alcohol is 21. While the Service is available to individuals 18 years of age and older for informational and educational purposes, You agree that You will not consume alcohol unless You are of legal drinking age in Your jurisdiction.

By using the Service, You represent and warrant that:

• You are at least 18 years of age
• You have the legal capacity to enter into this Privacy Policy and the Terms of Service
• You will only consume alcohol in compliance with the laws of Your jurisdiction
• You will not provide alcohol-related content from the Service, or assist in providing alcohol, to any person under the legal drinking age in their jurisdiction
• You will not use the Service to facilitate underage drinking in any way

We reserve the right to terminate accounts that We have reasonable cause to believe violate these requirements.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name (or display name)
• Account password (stored only as a cryptographic hash; never in plain text)
• Date of birth or age verification (to confirm You meet the 18+ requirement)
• Payment information (collected and processed by Our payment processor; see "Payment Processing" in Part 3 of this Policy)
• Photos that You voluntarily upload to the Service
• Custom recipes, tasting notes, and other content You voluntarily create
• Usage Data (described below)

Bar Cabinet and Recipe Data

When You use the Service, You may add items to Your Bar Cabinet (descriptions of spirits, mixers, glassware, and other items You own), create custom cocktail recipes, mark recipes as favorites, and add personal notes. This information is associated with Your account and, where applicable, Your House.

The legal status of this data depends on whether it is Personal User Data or House-Contributed Data (see definitions earlier, and "Data Ownership in Houses" later in this Policy).

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of the Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit the Service or when You access the Service by or through a mobile device.

Information from AI Integration

If You choose to enable AI Integration (connecting third-party AI assistants such as Claude or ChatGPT to Your Bar Book account), the third-party AI provider will have access to data that You explicitly authorize, which may include:

• Your recipes (both Bar Book content and Your Creations)
• Your Bar Cabinet contents
• Your House membership and the contents of Houses You belong to
• Your favorites
• Conversation history related to Your use of the AI assistant with the Service

Your interactions with these third-party AI assistants are governed by the privacy policies of those providers (such as Anthropic for Claude, OpenAI for ChatGPT). We strongly encourage You to review their privacy policies before enabling AI Integration. The Company is not responsible for how third-party AI providers handle data they receive from You through the Service.

You may revoke AI Integration access at any time by visiting Settings → AI Integration in the Service. Revocation immediately invalidates the access tokens used by the third-party AI assistant; however, conversations and data already transmitted to the third-party provider before revocation are subject to that provider's data practices, not Ours.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. The technologies We use include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of Our Service.
• Local Storage. The Service uses Your browser's local storage to remember Your preferences (such as Your selected theme) and to maintain Your authenticated session between visits.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies on the TermsFeed website.

We use both Session and Persistent Cookies for the following purposes:

Necessary / Essential Cookies

• Type: Session Cookies
• Administered by: Us (via Supabase Auth)
• Purpose: These Cookies are essential to authenticate users and maintain Your session while You use the Service. Without these Cookies, the Service cannot function.

Functionality Cookies

• Type: Persistent Cookies
• Administered by: Us
• Purpose: These Cookies allow Us to remember choices You make when You use the Service, such as Your theme selection or remembered login. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter Your preferences every time You use the Service.

Notice Acceptance Cookies

• Type: Persistent Cookies
• Administered by: Us
• Purpose: These Cookies identify if users have accepted the use of cookies on the Service.

The Service does not use targeting/advertising cookies, tracking cookies for third-party advertising purposes, or third-party advertising networks.

For more information about the cookies We use and Your choices regarding cookies, please contact Us using the information at the end of this Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain the Service, including to monitor usage of the Service, store Your custom recipes and cabinet contents, sync data across Your devices, and enable collaboration within Houses.

To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service available to You as a registered user.

To process payments: for users who subscribe to a paid tier or purchase a one-time offer (such as the Founding Member offer), We use Your information (specifically Your email and the payment information You provide to Our payment processor) to manage Your subscription, process recurring payments, and provide receipts.

For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the Service or any other contract with Us through the Service.

To enable House collaboration: if You join or create a House, certain information You voluntarily contribute to a House is made available to other members of that House as necessary for the collaborative features of the Service. The information shared with other House members includes:

• Your display name and avatar (if You set one)
• Recipes and cabinet items You contribute to the House
• Photos You upload to the House
• Your activity within the House (e.g., when You added an item)

Information not specifically listed above as shared with House members is not intentionally shared with House members through the Service. The categories of information listed above are subject to the security measures described in the "Security of Your Personal Data" section of this Policy.

To contact You: to contact You by email regarding updates to Your account, security notices, billing matters, changes to this Privacy Policy or our Terms of Service, House invitations You receive or send, and other essential communications about Your use of the Service.

To provide You with optional communications about new features, special offers, and general information about the Service, unless You have opted not to receive such information.

To manage Your requests: to attend to and manage Your requests to Us, including support inquiries.

For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about Service users is among the assets transferred.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of new features, and evaluating and improving the Service.

How We Share Your Personal Data

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to operate the Service (database hosting, application hosting, payment processing, email delivery, AI integration providers when You enable that feature). Each Service Provider is identified in the "Detailed Information on the Processing of Your Personal Data" section of this Policy.
• With Other House Members: If You join or create a House, Your House-related activity and contributions are visible to other House members as described above under "To enable House collaboration."
• For Business Transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case We will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

We do not sell Your personal information in the conventional sense (We do not exchange Your data for money). See the CCPA/CPRA section of this Policy for technical detail on what "sale" means under California law and how the Service compares.

Data Ownership in Houses

The Service supports collaborative "Houses" — shared workspaces where multiple users can contribute to a shared Bar Cabinet, shared custom recipes, and other shared content. Because Houses involve data shared between multiple users, We apply specific rules to how that data is treated. This section explains those rules.

Personal User Data — travels with You

The following data is considered Personal User Data and belongs to You individually. It travels with Your account and is not affected by Your House membership:

• Your account profile (email, display name, avatar, theme preference)
• Your favorites (the recipes You have marked as favorites are personal to You; other House members cannot see Your favorites)
• Your personal notes on recipes (notes You add for Your own reference, separate from recipe contents)
• Your subscription tier and billing information
• Your AI Integration authorizations and conversation history
• Your password and authentication credentials

When You leave a House (whether voluntarily, by being removed by the House owner, or because a host's subscription ended), Your Personal User Data remains with Your account.

House-Contributed Data — stays with the House

The following data is considered House-Contributed Data and belongs to the House, not to the individual member who contributed it:

• Cabinet items added to the shared Bar Cabinet
• Custom recipes written in the House's recipe library (sometimes called "Your Creations" within a House)
• Photos uploaded to shared recipes or cabinet items
• Tasting notes that are part of a shared recipe
• Other content contributed for collaborative purposes within the House

When You contribute House-Contributed Data to a House You are a member of, that data becomes part of the House's collection. If You later leave the House, House-Contributed Data remains with the House. This is analogous to bringing a bottle of wine to a friend's home — when You leave, the bottle stays.

Why we structure data this way

This design serves two purposes:

1. It respects shared ownership. A House is a collaborative space — a couple's shared bar, a friend group's collective library, a bartending team's recipe collection. The contents belong to the group, not to whoever happened to type them in.

2. It prevents data accumulation abuse. Without this rule, a user could join a House to gain temporary premium-tier benefits, accumulate a large library at no cost to themselves, then leave and keep the library indefinitely. The rule prevents this scenario while still allowing meaningful collaboration.

Your rights regarding House-Contributed Data

You retain the right under GDPR and CCPA/CPRA to request a copy of any data You have contributed to any House You have been a member of, even if You are no longer in that House. We can provide an export of Your contributions on request. Contact Us using the information at the end of this Policy.

You also retain the right to request deletion of specific items You contributed. However, please note that if You contributed an item to a shared House and other House members have come to rely on it, We may consult the House owner before deleting it. Where We can comply with a deletion request without significantly disrupting other users' legitimate use of the Service, We will do so.

If You delete Your account entirely, House-Contributed Data You contributed will remain with the relevant Houses unless You specifically request its removal as part of Your account deletion request.

When a House owner's subscription ends or their account is deleted

If the owner of a House You belong to cancels their subscription or deletes their account:

• A grace period applies during which You can continue to access the House
• After the grace period expires (typically 7 days for subscription cancellation, 30 days for account deletion), other members are removed from the House
• Your Personal User Data (favorites, account, preferences) remains with Your account
• House-Contributed Data that the House owner is permanently deleting may be lost if the House itself is deleted; however, in subscription-cancellation cases (not account-deletion cases), the data remains with the (now downgraded) owner's account and can be restored if they resubscribe
• You will receive notice of these events by email

We make reasonable efforts to preserve Your access to data You may have a legitimate interest in retaining, but cannot guarantee preservation of House-Contributed Data when a House owner deletes the House or their account entirely.

Payment Processing

If You subscribe to a paid tier of the Service, payment processing is handled by Stripe, Inc. ("Stripe"). Stripe is Our Service Provider for payment processing.

The Company does not store Your full credit card number, CVV, or other sensitive payment credentials on Our own systems. These are collected directly by Stripe and stored on Stripe's secure infrastructure in compliance with PCI-DSS requirements. We receive only limited information from Stripe to manage Your subscription, including:

• A Stripe customer identifier (used to identify You within Stripe's system)
• The last four digits of Your payment card (for display purposes only)
• Card brand (Visa, Mastercard, etc.)
• Card expiration month/year
• Billing zip/postal code
• Subscription status and billing history

Stripe's privacy policy is available at https://stripe.com/privacy and describes how Stripe processes payment information.

If You cancel Your subscription, We retain billing history records for tax and legal compliance purposes for a minimum of 7 years.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your data to comply with applicable tax or financial laws), resolve disputes, and enforce Our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Specific retention periods:

• Account data: Retained for as long as Your account is active. After You request account deletion, account data is retained for a 30-day grace period (during which deletion can be reversed), then permanently deleted from production systems within 30 days thereafter. Backup retention may extend this period by an additional 30-90 days.
• House-Contributed Data: Retained with the relevant House until either the House is deleted or You specifically request removal of Your contributions.
• Billing records: Retained for at least 7 years for tax and legal compliance.
• Usage Data: Generally retained for 24 months for analytics and Service improvement purposes.
• Logs (security, error, application): Retained for 90 days for diagnostic and security purposes.
• AI Integration tokens: Active tokens are stored until revoked. Revoked tokens are retained in audit logs for 90 days.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices in Arizona, United States, and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.

Our Service Providers operate in various jurisdictions:

• Supabase (database, authentication, file storage) — operations in the United States and other regions
• Vercel (application hosting) — operations in the United States and globally distributed edge locations
• Stripe (payment processing) — operations in the United States and globally
• Anthropic, OpenAI, and other AI providers (only if You enable AI Integration) — operations vary by provider; see their respective privacy policies

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

The Service gives You the ability to delete certain information about You from within the Service:

• You can delete individual favorites at any time
• You can delete individual custom recipes You have created
• You can delete items from Your Bar Cabinet
• You can delete photos You have uploaded
• You can edit Your profile information at any time in Settings

To delete Your entire account:

1. Sign in to the Service
2. Navigate to Settings → Account → Delete Account
3. Confirm deletion in the resulting dialog
4. Your account enters a 30-day grace period during which:
   • You can sign back in to reverse the deletion
   • Your House (if You own one) becomes inaccessible to other members
   • Other members are not yet evicted from Your House (in case the deletion is reversed)
5. After 30 days, Your account is permanently deleted from production systems, including:
   • Your account profile
   • Your favorites
   • Your personal recipes and content
   • Your House (if You own one), unless preserved per Your specific request
   • Your AI Integration authorizations
6. House-Contributed Data You contributed to other users' Houses remains with those Houses unless You specifically requested its deletion as part of Your account deletion request.
7. Billing records are retained for 7 years for tax and legal compliance.
8. Backup copies may be retained for 30-90 days after production deletion.

You may also update, amend, or delete Your information at any time by signing in to Your Account and visiting the account settings section that allows You to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us, including data You cannot delete via the in-app interface.

Please note, however, that We may need to retain certain information when We have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us. We use industry-standard practices including:

• Encryption in transit: All connections to the Service use HTTPS/TLS encryption
• Encryption at rest: Database storage uses encryption at rest provided by Our database Service Provider
• Password security: Account passwords are stored using one-way cryptographic hashing
• Row-Level Security: Database access policies are designed to limit each user's access to data appropriate to their account
• OAuth 2.1 for AI Integration: Third-party AI access uses industry-standard OAuth 2.1 with token rotation and revocation
• PCI-DSS for payments: Payment information is handled by Our payment processor, which is PCI-DSS compliant
• Access controls: Internal access to user data is limited to personnel who require access for Service operations, and such access is logged

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

If We become aware of a security incident affecting Your Personal Data, We will notify You and applicable regulators as required by applicable law.

Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on the Service in accordance with their Privacy Policies.

Database, Authentication, and Storage

Supabase

Supabase provides Our database, authentication, and file storage infrastructure. Supabase processes all data You create within the Service (account credentials, recipes, cabinet contents, photos, etc.) and is Our primary data processor.

For more information on Supabase's privacy practices, please visit: https://supabase.com/privacy

Application Hosting

Vercel

Vercel hosts the application servers for the Service. Vercel processes Your usage of the Service to deliver pages and handle Your interactions.

For more information on Vercel's privacy practices, please visit: https://vercel.com/legal/privacy-policy

Payment Processing

Stripe

When You subscribe to a paid tier or make a one-time purchase, Stripe processes Your payment information as described in the "Payment Processing" section above.

For more information on Stripe's privacy practices, please visit: https://stripe.com/privacy

AI Integration (Optional)

If You enable AI Integration, the following providers may receive data You authorize them to access:

Anthropic (Claude)

If You connect Claude.ai or Claude Desktop to The Bar Book, Anthropic will receive the data You request Claude to access (recipes, cabinet contents, House data) and Your conversations with Claude that reference the Service.

For more information on Anthropic's privacy practices, please visit: https://www.anthropic.com/legal/privacy

OpenAI (ChatGPT)

If You connect ChatGPT to The Bar Book, OpenAI will receive the data You request ChatGPT to access and Your conversations with ChatGPT that reference the Service.

For more information on OpenAI's privacy practices, please visit: https://openai.com/policies/privacy-policy

Other MCP-Compatible Clients

The Service supports the Model Context Protocol (MCP) standard, which allows other AI assistants and tools to connect with Your authorization. Each such provider has its own privacy practices; review them before enabling integration.

Email Communications

We may use a transactional email service provider to send essential account communications (welcome emails, password resets, billing notifications, House invitations, founder offer notifications, and other Service-related messages).

These providers process only Your email address and the contents of messages We send to You. They do not use Your data for advertising purposes. The specific email service provider in use is identified within the Service.

Analytics

We may use limited first-party analytics to understand how the Service is used and improve it. If We add third-party analytics services in the future, We will update this Privacy Policy and provide notice.

Service Provider Updates

This list of Service Providers reflects the providers in use as of the "Last updated" date of this Privacy Policy. We may add, change, or remove Service Providers over time. Material changes to Our Service Providers that affect Your Personal Data will be reflected in updates to this Privacy Policy.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

• Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
• Performance of a Contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
• Legal Obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
• Vital Interests: Processing Personal Data is necessary in order to protect Your vital interests or those of another natural person.
• Public Interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
• Legitimate Interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, to:

• Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, You can access, update or request deletion of Your Personal Data directly within Your account settings section. If You are unable to perform these actions Yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.

• Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.

• Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to Our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.

• Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.

• Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.

• Withdraw Your consent. You have the right to withdraw Your consent on using Your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

Exercising Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that We may ask You to verify Your identity before responding to such requests. If You make a request, We will try Our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

CCPA/CPRA Privacy Notice (California Privacy Rights)

This Privacy Notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which We may collect or may have been collected from California residents within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects Our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been collected.

Category A: Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers. Collected: Yes.

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Collected: Yes.

Category C: Protected classification characteristics under California or federal law. Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Collected: No.

Category D: Commercial information. Examples: Records and history of products or services purchased or considered. Collected: Yes.

Category E: Biometric information. Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Collected: No.

Category F: Internet or other similar network activity. Examples: Interaction with Our Service or advertisement. Collected: Yes.

Category G: Geolocation data. Examples: Approximate physical location. Collected: No.

Category H: Sensory data. Examples: Audio, electronic, visual, thermal, olfactory, or similar information. Collected: Yes (only when You voluntarily upload photos to the Service).

Category I: Professional or employment-related information. Examples: Current or past job history or performance evaluations. Collected: No.

Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Collected: No.

Category K: Inferences drawn from other personal information. Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Collected: No.

Category L: Sensitive personal information. Examples: Account login and password information, geolocation data. Collected: Yes (account login credentials only; We do not collect geolocation data).

Under CCPA/CPRA, personal information does not include:

• Publicly available information from government records
• Deidentified or aggregated consumer information
• Information excluded from the CCPA/CPRA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from You. For example, from the forms You complete on Our Service, preferences You express or provide through Our Service, content You upload or create, and information You provide to authenticate Yourself.
• Indirectly from You. For example, from observing Your activity on Our Service.
• Automatically from You. For example, through cookies We or Our Service Providers set on Your Device as You navigate through Our Service.
• From Service Providers. For example, Our payment processor (Stripe) provides Us with limited information about Your payment status and billing history; Our database provider (Supabase) processes data You create within the Service on Our behalf.
• From other House members. If a House owner invites You to a House, We may receive Your email address or display name from the inviting user for the purpose of facilitating the invitation.

Use of Personal Information

We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the CCPA/CPRA), which may include the following examples:

• To operate Our Service and provide You with Our Service.
• To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve Our Service.
• To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about Our Service, We will use that personal information to respond to Your inquiry.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to You when collecting Your personal information or as otherwise set forth in the CCPA/CPRA.
• For internal administrative and auditing purposes.
• To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.
• To process payments and manage subscriptions.
• To enable collaborative features within Houses, as described elsewhere in this Privacy Policy.
• Other one-time uses.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how We use this information, please refer to the "Use of Your Personal Data" section of this Privacy Policy.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes, We will update this Privacy Policy.

Disclosure of Personal Information

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

• Category A: Identifiers
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category F: Internet or other similar network activity
• Category H: Sensory data (only photos You voluntarily upload)
• Category L: Sensitive personal information (account login credentials only)

Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects Our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been disclosed.

When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Share of Personal Information

We may share, and have shared in the last twelve (12) months, Your personal information identified in the above categories with the following categories of third parties:

• Service Providers (as identified above)
• Other members of any House You join or create (as described earlier)
• Third-party AI providers, only when You enable AI Integration
• Our affiliates
• Third-party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with services We provide to You

Sale of Personal Information

As defined in the CCPA/CPRA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information by the Business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.

We do not sell personal information as that term is commonly understood. We do not exchange Your data for money or other valuable consideration with third-party advertisers, data brokers, or marketing networks. The Service does not use targeting/advertising cookies or third-party advertising networks.

The Service Providers We use (such as Our database provider, hosting provider, and payment processor) process Your data on Our behalf to operate the Service, under contracts that prohibit them from using Your data for their own purposes.

Sale of Personal Information of Minors Under 16 Years of Age

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors under the age of 16 through Our Service. We do not sell the personal information of Consumers We actually know are less than 16 years of age.

If You have reason to believe that a child under the age of 16 has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.

Your Rights under the CCPA/CPRA

The CCPA/CPRA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:

• The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.

• The right to know/access. Under CCPA/CPRA, You have the right to request that We disclose information to You about Our collection, use, sale, disclosure for business purposes and share of personal information. Once We receive and confirm Your request, We will disclose to You:

  • The categories of personal information We collected about You
  • The categories of sources for the personal information We collected about You
  • Our business or commercial purposes for collecting or selling that personal information
  • The categories of third parties with whom We share that personal information
  • The specific pieces of personal information We collected about You
  • If We disclosed Your personal information for a business purpose, We will disclose to You:
    • The categories of personal information categories disclosed
    • The categories of third parties to whom the personal information categories were disclosed

• The right to say no to the sale or sharing of Personal Data (opt-out). You have the right to direct Us to not sell Your personal information. As noted above, We do not sell personal information as that term is commonly understood. If We change Our practices in the future, We will provide a mechanism to opt out of any such sale.

• The right to correct Personal Data. You have the right to correct or rectify any inaccurate personal information about You that We collected. Once We receive and confirm Your request, We will use commercially reasonable efforts to correct (and direct Our Service Providers to correct) Your personal information, unless an exception applies.

• The right to limit use and disclosure of sensitive Personal Data. You have the right to request to limit the use or disclosure of certain sensitive personal information We collected about You, unless an exception applies. We collect and use sensitive personal information (account login credentials) only for the purposes necessary to provide the Service.

• The right to delete Personal Data. You have the right to request the deletion of Your Personal Data under certain circumstances, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your personal information from Our records, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:

  • Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform Our contract with You.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer's rights, including by:

  • Denying goods or services to You
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to You
  • Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA/CPRA Data Protection Rights

In order to exercise any of Your rights under the CCPA/CPRA, and if You are a California resident, You can contact Us using the contact information provided at the end of this Privacy Policy.

Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.

Your request to Us must:

• Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
• Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it

We cannot respond to Your request or provide You with the required information if We cannot:

• Verify Your identity or authority to make the request
• And confirm that the personal information relates to You

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Any disclosures We provide will only cover the 12-month period preceding the verifiable request's receipt.

For data portability requests, We will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance.

Do Not Sell My Personal Information

As noted above, We do not sell personal information as that term is commonly understood. We do not engage in the practices described in CCPA/CPRA's definition of "sale" with respect to advertising, marketing, or data brokerage.

If We change Our practices in the future to include any activity that may be deemed a sale under CCPA/CPRA, We will:

• Update this Privacy Policy to disclose the change
• Provide a clear and conspicuous "Do Not Sell My Personal Information" link or equivalent mechanism
• Honor any opt-out requests submitted before the change

You may also opt out of receiving ads that are personalized as served by third-party advertising networks by following the instructions at:

• The NAI's opt-out platform: http://www.networkadvertising.org/choices/
• The EDAA's opt-out platform: http://www.youronlinechoices.com/
• The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

Please note that since the Service does not use third-party advertising networks, these opt-out platforms will not affect Your experience using the Service.

Limit the Use or Disclosure of My Sensitive Personal Information

If You are a California resident, You have the right to limit the use and disclosure of Your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average Consumer who requests such services or goods.

We collect and use sensitive personal information (specifically, account login credentials) only as necessary to provide the Service. For more information on how We use Your personal information, please see the "Use of Your Personal Data" section or contact Us using the information at the end of this Privacy Policy.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third-party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Your California Privacy Rights (California's Shine the Light Law)

Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.

If You'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided at the end of this Privacy Policy.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.

The Service requires users to be at least 18 years of age and is not directed to individuals under 18. However, if You believe You have publicly posted content while under the age of 18, You can contact Us using the contact information provided at the end of this Privacy Policy to request removal.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

The Service contains content related to alcoholic beverages, which is inappropriate for minors. We take seriously the responsibility of restricting this content to adults. By using the Service, You confirm that You meet the age requirements described earlier in this Privacy Policy.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective, and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, You can contact Us:

• By email: privacy@manmeetsoven.com
• By visiting this page on Our website: https://manmeetsoven.com/contact-me

Man Meets Oven LLC Arizona, United States