Last updated: May 14, 2026
Kitchen Porter Costing ("KPC", "we", "us") is a food cost tracking platform operated as a Canadian business. This policy explains what personal and business information we collect, why we collect it, and your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), and — for users in the European Economic Area — the General Data Protection Regulation (GDPR).
Questions or requests can be directed to our Privacy Officer at [email protected].
We collect only what is necessary to operate the service:
| Account information | Your name (inferred from email), email address, and company name provided at registration. |
| Invoice files | PDF and image files you upload containing supplier invoices. These may include vendor names, pricing, and product descriptions. |
| Extracted invoice data | Structured line-item data (item name, quantity, unit price) extracted from your invoices and stored to power cost tracking. |
| Usage data | Basic server logs (IP address, timestamps, HTTP status codes) retained for security monitoring. If you consent, we also collect limited website analytics and advertising attribution data such as page views, demo-request events, referring campaign parameters, and browser/device metadata. |
| Billing information | If you subscribe to a paid plan, payment details are handled directly by Stripe. We never see or store your full card number. |
We do not collect sensitive personal information as defined under Law 25 (health data, biometrics, etc.).
| Providing the service | Account info and invoice data are required to operate the platform you signed up for. Without them the service cannot function. GDPR basis: Art. 6(1)(b) — performance of a contract. |
| AI invoice extraction | Invoice files are processed by an AI model to extract structured data. You consent to this at registration. See section 4 for details on the third-party processor used. GDPR basis: Art. 6(1)(a) — consent. |
| Security | Logs and rate-limiting data are retained to detect and prevent unauthorized access. GDPR basis: Art. 6(1)(f) — legitimate interests. |
| Billing | Payment processing data is used to manage your subscription. GDPR basis: Art. 6(1)(b) — contractual necessity. |
| Email notifications | We send transactional emails (account verification, price alerts you configure). No marketing emails are sent without separate consent. GDPR basis: Art. 6(1)(b) — contractual necessity; Art. 6(1)(a) — consent for optional alerts. |
| Marketing analytics and attribution | If you accept optional analytics cookies, we use website analytics and advertising attribution data to measure campaign performance, improve public pages, and understand demo-request quality. GDPR basis: Art. 6(1)(a) — consent. |
We share data with the following sub-processors. Each is bound by a data processing agreement and is required to protect your information to a standard comparable to Canadian law. Because these processors operate infrastructure outside Canada, transfers are made on the basis of contractual safeguards (Standard Contractual Clauses for EU users where applicable).
| Anthropic (USA) | Your uploaded invoice files are sent to Anthropic's Claude API to extract line-item data. Invoice content may temporarily reside on Anthropic's US servers during processing. Anthropic does not use your data to train models under their commercial API terms. See: anthropic.com/legal/privacy |
| Resend (USA) | Transactional emails (verification links, notifications) are delivered via Resend. Your email address is shared for this purpose only. |
| Stripe (USA) | Payment processing for Pro subscriptions. Stripe handles PCI-DSS compliance independently. Your invoice content is never shared with Stripe. |
| DigitalOcean (Canada — Toronto, ON) | Our servers and database run on DigitalOcean infrastructure in the Toronto, Ontario region. Your data at rest is stored in Canada. |
| Google Analytics / Google Ads (USA and global infrastructure) | If you consent, Google processes website analytics events and advertising attribution signals so we can measure campaign performance. We configure this for public marketing measurement only, not invoice content. |
| Meta Pixel (USA and global infrastructure) | If you consent, Meta processes advertising attribution and conversion events such as page views and demo requests. We configure this for public marketing measurement only, not invoice content. |
We do not sell or rent your data. We share limited marketing-event and attribution data with Google and Meta only if you consent to optional analytics/advertising cookies.
KPC processes supplier names and related data solely as part of Customer-provided content, including invoices and manually entered information.
Supplier-related data is not obtained from, provided by, or verified against any third-party supplier.
KPC does not establish or maintain any direct relationship with third-party suppliers through the processing of such data.
Supplier names are processed strictly to enable categorization, analytics, and reporting within the Service.
All data at rest is stored on DigitalOcean infrastructure located in Toronto, Ontario, Canada. Invoice files are stored in encrypted object storage. Passwords are hashed using bcrypt and are never stored in plain text. Access tokens are short-lived and stored in HTTP-only cookies to prevent client-side access. We enforce brute-force lockout, rate limiting, and token versioning to protect your account.
No system is perfectly secure. In the event of a breach that creates a real risk of significant harm we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA.
Your data is retained for as long as your account is active. When you delete your account, all personal information and business data associated with your account (invoices, extracted line items, recipes, vendors, price history) is permanently deleted within 30 days. Anonymized aggregate statistics (e.g. total invoice count across all users for internal reporting) may be retained.
Invoice image retention: If enabled for your company, invoice images (PDFs and photos) uploaded to KPC are stored for up to 30 days from the date of upload for processing and verification purposes, after which they are automatically deleted. You can opt out at sign-up or later in Settings. Invoice data extracted from those images — line items, prices, vendor names, dates — is retained for the life of your account and is not affected by the image deletion.
Server access logs are retained for 90 days for security purposes and then deleted.
KPC stores all data at rest in Canada (DigitalOcean Toronto). Canada holds an EU adequacy decision under GDPR for organizations subject to PIPEDA, meaning personal data transferred from the EEA to KPC does not require Standard Contractual Clauses for the Canada-to-Canada leg. Sub-processors located in the USA (Anthropic, Resend, Stripe) are covered by Standard Contractual Clauses in our agreements with them.
If you would like a copy of the relevant transfer safeguards, email [email protected].
Under PIPEDA, Quebec Law 25, and — for EEA residents — GDPR, you have the right to:
To exercise any right, email [email protected]. We will respond within 30 days (or within 72 hours for breach notifications as required under GDPR Art. 33).
We use a single HTTP-only session cookie (access_token) to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across other websites.
On public marketing pages, we may ask for your consent to use optional analytics and advertising measurement cookies or similar browser technologies. If you accept, Google Analytics / Google Ads and Meta Pixel may receive page-view, campaign-attribution, and conversion-event data such as demo-request activity. If you decline, those third-party analytics and advertising scripts are not loaded by KPC.
We will notify active users by email before making material changes to this policy. The "last updated" date at the top of this page will always reflect the current version.