Privacy policy

We collect the minimum we need to run a recipe subscription, we don't sell anyone's data, we never will, and you can ask us to delete everything we have on you at any time by emailing hello@wellfedclub.com.

The Well Fed Club is operated by Danica Dedic, a sole trader based in Melbourne, Victoria, Australia. For privacy matters, the data controller is Danica Dedic. Contact: hello@wellfedclub.com.

When you sign up for the newsletter or ebook waitlist: your email address, the page you signed up from, your IP address, and your browser user-agent.

When you join the membership: the above plus your name (if you provide it during Stripe Checkout), billing country, subscription status, and the Stripe customer / subscription IDs linking your account to its payment record. We never see or store your card details - those live with Stripe.

When you use the app:recipes you favourite, comments you leave, ingredient checklist state per recipe, and standard server-side logs (pages requested, response codes). When we ship the onboarding flow we'll also collect dietary preferences, household size, cooking time preferences, and motivations - all optional, all editable in your account settings.

When you contact us: the contents of your message and your email address so we can reply. Contact form submissions go to our inbox via Resend.

What we don't collect:we don't track weight, we don't store cards, we don't fingerprint devices, we don't buy or sell user lists. Period.

To run the service: deliver recipes to your account, process payments, send transactional emails (login links, receipts, subscription updates), respond when you contact us, and keep the app working (logs, error monitoring).

To send you what you signed up for: ebook waitlist updates, newsletter (only if you opted in), occasional product updates.

To detect and prevent fraud and abuse, in line with our legitimate interest in keeping the service running for honest members.

We use a small set of trusted third-party service providers, each contractually bound to handle your data only on our instructions:

• Stripe (payments) - your name, email, billing country, payment method. Stripe privacy policy.
• Supabase (database + authentication) - email, account state, app data. Hosted in Australia / Singapore region. Supabase privacy policy.
• Resend (transactional + marketing email) - email address, name, message contents. Resend privacy policy.
• Vercel (web hosting) - server logs, IP addresses for fraud prevention. Vercel privacy policy.
• Sentry (error monitoring) - minimal app telemetry, error stack traces. No personal data is sent deliberately, though stack traces may incidentally include references to your account ID. Sentry privacy policy.

We will not sell your personal information to advertisers, brokers, or anyone else. Ever.

Some of our service providers are based outside Australia. By using the service you consent to your information being processed in those countries (primarily United States and EU). Where applicable, we rely on the EU Standard Contractual Clauses or equivalent legal mechanisms to protect your data.

We use a small number of cookies that are strictly necessary for the service: an authentication session cookie (set after login), and Vercel's standard infrastructure cookies. We do not currently use third-party advertising or analytics cookies. When we add product analytics in a future release we will update this page and request consent where required.

Active members: for as long as your account exists.

Cancelled members: account data is retained for 12 months after cancellation in case you want to return, then deleted unless you ask us to delete it sooner.

Email lists (newsletter, waitlist): until you unsubscribe.

Billing records: 7 years, as required by Australian tax law.

Under the Australian Privacy Act and (where applicable) GDPR, you have the right to:

• Access the personal information we hold about you
• Have inaccurate information corrected
• Request deletion of your data (right to be forgotten)
• Receive a copy of your data in a portable format
• Object to processing for direct marketing
• Withdraw consent at any time

To exercise any of these rights, email hello@wellfedclub.com. We'll respond within 30 days, usually a lot sooner. We don't charge for these requests.

We use HTTPS everywhere, encryption at rest for the database, and access controls so only authorised systems can read or write your data. No service is bulletproof, but we take this seriously and run tight defaults across the stack.

The service is intended for adults. We don't knowingly collect information from anyone under 16. If you believe a child has signed up, email us and we'll delete the account.

If you believe we've mishandled your data, email hello@wellfedclub.com first and we'll try to resolve it directly. If you're unsatisfied, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. UK / EU residents may also contact their local data protection authority.

We may update this policy from time to time. The effective date at the top reflects the current version. Material changes will be communicated by email to active members at least 14 days before they take effect.