1. Introduction
ChefBear ("we", "us", "our") is an AI-powered mobile application that helps users scan restaurant menus, discover dishes, and make informed dining decisions. This Privacy Policy describes how we collect, use, disclose, and protect your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (including amendments under Law 25).
ChefBear (« nous », « notre ») est une application mobile propulsée par l’IA qui aide les utilisateurs à numériser les menus de restaurants, découvrir des plats et prendre des décisions éclairées. La présente politique de confidentialité décrit la façon dont nous recueillons, utilisons, divulguons et protégeons vos renseignements personnels conformément à la Loi sur la protection des renseignements personnels et les documents électroniques (LPRPDE) et à la Loi sur la protection des renseignements personnels dans le secteur privé du Québec (y compris la Loi 25).
2. Privacy Officer
Our Privacy Officer is responsible for our compliance with this policy and applicable Canadian privacy legislation. You may contact our Privacy Officer at any time:
Privacy Officer / Responsable de la protection des renseignements personnels
Email: chefbearsupport@icloud.com
Notre responsable de la protection des renseignements personnels veille au respect de la présente politique et des lois canadiennes applicables. Vous pouvez le contacter en tout temps à : chefbearsupport@icloud.com
3. The 10 PIPEDA Fair Information Principles
We are committed to each of the 10 Fair Information Principles set out in Schedule 1 of PIPEDA:
Accountability — Our Privacy Officer is accountable for personal information under our control. We maintain internal policies and practices to give effect to these principles, including training staff and implementing procedures to protect personal information.
Identifying Purposes — We identify the purposes for which personal information is collected at or before the time of collection. See Section 4 below for a detailed description of our purposes.
Consent — We obtain your meaningful consent for the collection, use, and disclosure of your personal information, except where permitted or required by law. See Section 5 below.
Limiting Collection — We limit the collection of personal information to that which is necessary for the identified purposes. We collect information by fair and lawful means.
Limiting Use, Disclosure, and Retention — Personal information is not used or disclosed for purposes other than those for which it was collected, except with your consent or as required by law. We retain personal information only as long as necessary. See Section 10.
Accuracy — We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used. You may request corrections at any time.
Safeguards — We protect personal information with security safeguards appropriate to the sensitivity of the information, including encryption in transit and at rest, access controls, and regular security assessments.
Openness — We make information about our policies and practices relating to the management of personal information readily available through this policy and via our Privacy Officer.
Individual Access — Upon request, we will inform you of the existence, use, and disclosure of your personal information and give you access to that information. You may challenge the accuracy and completeness of the information and have it amended as appropriate.
Challenging Compliance — You may challenge our compliance with these principles by contacting our Privacy Officer. We will investigate all complaints and take appropriate measures. See Section 14.
Nous respectons les 10 principes relatifs à l’équité dans le traitement de l’information de la LPRPDE : responsabilité, détermination des fins, consentement, limitation de la collecte, limitation de l’utilisation, de la communication et de la conservation, exactitude, mesures de sécurité, transparence, accès individuel et possibilité de porter plainte.
4. Information We Collect
4.1 Information You Provide
- Account information: email address, display name, profile preferences (dietary restrictions, allergies).
- User content: photographs of menus you scan, saved dishes, favourites, and notes.
- Support communications: messages you send to our support team.
4.2 Information Collected Automatically
- Device information: device model, operating system version, app version, language settings.
- Usage data: features used, scan frequency, session duration, crash logs.
- Subscription data: subscription status and entitlements (managed by RevenueCat; we do not store payment card details).
4.3 Information We Do Not Collect
- We do not collect precise geolocation data.
- We do not access your contacts, microphone, or files beyond camera images you choose to capture within the app.
5. Meaningful Consent
We rely on your meaningful consent for the collection, use, and disclosure of your personal information. Meaningful consent means:
- We clearly explain what information we collect and why.
- We describe the foreseeable consequences of collection, use, and disclosure.
- We present consent options in a manner that is easy to understand, not buried in lengthy terms.
- You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide certain features.
Express consent is obtained for sensitive uses (e.g., camera access). Implied consent may be relied upon for less sensitive purposes where appropriate under PIPEDA.
Consentement valable : Nous obtenons votre consentement éclairé pour la collecte, l’utilisation et la communication de vos renseignements personnels. Vous pouvez retirer votre consentement en tout temps, sous réserve de restrictions légales ou contractuelles. Le retrait du consentement peut affecter certaines fonctionnalités.
6. Default Privacy Settings (Quebec Law 25)
In compliance with Quebec Law 25, all privacy settings in ChefBear are configured to the highest level of confidentiality by default. This means:
- Analytics and non-essential data collection are off by default until you opt in.
- Your scanned menus and dish data are private by default and not shared with other users.
- Personalization features using your data require your explicit activation.
You do not need to take any action to benefit from the highest privacy protection. Any feature that would lower your privacy level requires your affirmative opt-in.
Paramètres de confidentialité par défaut (Loi 25) : Conformément à la Loi 25 du Québec, tous les paramètres de confidentialité de ChefBear sont configurés au plus haut niveau de confidentialité par défaut. Vous n’avez aucune action à entreprendre pour bénéficier de la protection maximale.
7. How We Use Your Information
- To provide, maintain, and improve the ChefBear service, including AI-powered menu scanning and dish recognition.
- To process your subscription and manage entitlements.
- To personalize your experience (dietary preferences, favourites) when you opt in.
- To communicate with you about your account, updates, and support requests.
- To detect, prevent, and address technical issues, fraud, and security incidents.
- To comply with legal obligations.
8. AI and Automated Decision-Making
ChefBear uses artificial intelligence and automated processing to:
- Recognize and translate dish names from menu images.
- Generate dish descriptions, images, and dietary information.
- Provide personalized dish recommendations based on your stated preferences.
Important / Important : AI-generated content (descriptions, images, dietary labels) is provided for informational purposes only and may not be fully accurate. Always verify allergen and dietary information with restaurant staff before ordering.
8.1 Quebec Law 25 — Right to Human Review
Under Quebec Law 25, if an automated decision is made based solely on automated processing of your personal information and produces legal effects or significantly affects you, you have the right to:
- Be informed that such a decision has been made using automated processing.
- Request information about the personal information used to render the decision, the reasons and principal factors leading to the decision, and your right to have the information corrected.
- Request a human review of the decision by contacting our Privacy Officer at chefbearsupport@icloud.com.
Décisions automatisées (Loi 25) : Si une décision est rendue exclusivement par un traitement automatisé de vos renseignements personnels et qu’elle produit des effets juridiques ou vous touche significativement, vous avez le droit d’être informé(e) de cette décision, d’obtenir les renseignements utilisés, les raisons et facteurs principaux ayant mené à la décision, et de demander une révision humaine en communiquant avec notre responsable de la protection des renseignements personnels à chefbearsupport@icloud.com.
9. Third-Party Services
We use the following third-party service providers to operate ChefBear:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, cloud database, crash reporting, analytics | Account info, usage data, crash logs |
| RevenueCat | Subscription management and entitlements | Anonymous user ID, subscription status |
| AI Providers (e.g., OpenAI, Google AI) | Menu text recognition, dish descriptions, image generation | Menu images/text (without personal identifiers) |
Each third-party provider is contractually required to protect your information in accordance with applicable law. We encourage you to review their respective privacy policies.
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| Scanned menus & saved dishes | Duration of account; deleted upon account deletion |
| Usage analytics | 14 months (aggregated/anonymized thereafter) |
| Crash logs | 90 days |
| Support correspondence | 2 years after resolution, or as required by law |
| Subscription records | As required by tax and commercial law (up to 7 years) |
Conservation : Vos renseignements personnels sont conservés uniquement aussi longtemps que nécessaire aux fins identifiées. Les données de compte sont supprimées dans les 30 jours suivant votre demande de suppression.
11. Cross-Border Data Transfers
Your personal information may be transferred to and processed in countries outside Canada, including the United States, where our third-party service providers operate. When personal information is transferred outside Canada or Quebec:
- We conduct a Privacy Impact Assessment (PIA) to ensure the receiving jurisdiction provides an adequate level of protection, or we implement appropriate contractual safeguards.
- We ensure that our service providers are contractually bound to protect your information to a standard comparable to Canadian privacy law.
- Under Quebec Law 25, before transferring personal information outside Quebec, we assess whether the information will receive adequate protection under the law of the receiving jurisdiction.
Transferts transfrontaliers : Vos renseignements peuvent être transférés à l’extérieur du Canada. Avant tout transfert, nous effectuons une évaluation des facteurs relatifs à la vie privée (EFVP) et nous nous assurons que des mesures de protection adéquates sont en place.
12. Data Breach Notification
In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm to individuals, we will:
- Notify affected individuals as soon as feasible.
- Report the breach to the Office of the Privacy Commissioner of Canada (OPC) as required under PIPEDA.
- Report the breach to the Commission d'accès à l'information du Québec (CAI) where applicable under Quebec law.
- Maintain a record of all breaches of security safeguards.
Notification d’atteinte : En cas d’atteinte aux mesures de sécurité présentant un risque réel de préjudice grave, nous aviserons les personnes touchées dans les meilleurs délais et signalerons l’incident au Commissariat à la protection de la vie privée du Canada (CPVP) et, le cas échéant, à la Commission d’accès à l’information du Québec (CAI).
13. Children's Privacy
ChefBear is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact our Privacy Officer.
Enfants : ChefBear ne s’adresse pas aux enfants de moins de 13 ans. Nous ne recueillons pas sciemment de renseignements personnels auprès d’enfants de moins de 13 ans.
14. Your Rights & How to Complain
You have the right to:
- Access your personal information held by us.
- Correct any inaccurate or incomplete information.
- Withdraw consent for specific uses of your data.
- Request deletion of your personal information (subject to legal retention requirements).
- Request de-indexation of information linked to your name (Quebec Law 25).
- Request human review of automated decisions (Quebec Law 25; see Section 8).
- Obtain portability of your personal information in a structured, commonly used format (Quebec Law 25).
To exercise any of these rights, contact our Privacy Officer at chefbearsupport@icloud.com. We will respond within 30 days.
Complaints / Plaintes
If you are not satisfied with our response, you have the right to file a complaint with:
- Office of the Privacy Commissioner of Canada (OPC)
Website: www.priv.gc.ca | Phone: 1-800-282-1376 - Commission d'accès à l'information du Québec (CAI)
Website: www.cai.gouv.qc.ca | Phone: 1-888-528-7741
Vos droits : Vous avez le droit d’accéder à vos renseignements personnels, de les faire rectifier, de retirer votre consentement, de demander leur suppression, la désindexation, la portabilité et la révision humaine des décisions automatisées. Contactez notre responsable à chefbearsupport@icloud.com. Si vous n’êtes pas satisfait(e), vous pouvez déposer une plainte auprès du Commissariat à la protection de la vie privée du Canada ou de la Commission d’accès à l’information du Québec.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy within the app and updating the "Effective Date" above. We encourage you to review this policy periodically.
16. Contact Us
Privacy Officer / Responsable de la protection des renseignements personnels
ChefBear — chefbearsupport@icloud.com