Privacy Policy

Last updated 2026-05-13 · Jurisdiction: State of Florida, USA

DRAFT LEGAL TEXT. This is placeholder boilerplate. Replace with attorney-reviewed copy before public launch.

1. What we collect

When you create an account we store your email address, an optional display name, and (if you provide one) your ZIP code and approximate location derived from it. Vendors additionally provide a business name, optional tagline, and listings (titles, descriptions, photos, prices, pickup windows). All messages between buyers and vendors are stored encrypted at rest.

2. How we use it

Your data powers the marketplace experience: showing you cooks within your radius, routing orders to the right vendor, sending transactional emails (order placed, order confirmed, pickup-ready), and helping vendors track their sales for cottage-food compliance. We do not sell your data.

3. Third parties we share with

We rely on a small number of vendors to operate Moudena:

Supabase — auth + database hosting
Vercel — application hosting + CDN
Resend — transactional email delivery
Stripe (when card payments are enabled) — payment processing + vendor payouts
OneSignal (when push notifications launch) — web push delivery

These vendors process your data on our behalf under data processing agreements. Your full address is never shared with a vendor until you place an order with them, and even then, only after they accept the order.

4. Your rights

You can access your data, edit it from your profile page, or export a copy by emailing privacy@moudena.com. You can delete your account from /profile/delete; on deletion we scrub personal identifiers (email, display name, location) while retaining order/transaction history for the period required by IRS recordkeeping rules (7 years for monetary transactions).

5. Cookies

We use cookies for two purposes:

NEXT_LOCALE — remembers your language choice (English / Spanish)
Supabase auth session cookies — keep you logged in between visits
visitor_zip — temporary cookie storing the ZIP you entered to browse cooks before signing up

We do not use third-party advertising cookies or tracking pixels.

6. Children

Moudena is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, email privacy@moudena.com and we will delete it.

7. Security

We use industry-standard encryption (HTTPS in transit, at-rest encryption for all database tables) and store passwords as salted hashes via Supabase Auth. We never see or store your plaintext password.

8. Changes

When we update this policy we'll change the "Last updated" date at the top and, for material changes, send you an in-app notification or email.

9. Contact

Questions about your privacy? Email privacy@moudena.com.