Privacy Notice

Last updated: 18 June 2026

This Privacy Notice explains how whisk-ai ("we", "us", "our"), trading as Whisk.ai, collects, uses and protects your personal data when you use our website and services (the "Service").

1. Who we are

whisk-ai is the data controller responsible for your personal data in connection with the Service. You can contact us at admin@whisk-ai.ai.

2. Personal data we collect

• Account data: name, email address, password (hashed), and authentication identifiers.
• Profile and preference data: dietary preferences, favourite cuisines, cooking habits, and saved recipes you create or favourite.
• Usage data: pages visited, recipes generated, chat messages with our AI sous-chef, device and browser information, and IP address.
• Support data: messages you send to us when requesting help.
• Payment data: handled by our Merchant of Record, Paddle. We receive transaction status and a transaction reference but never your full card details.

3. How we use your data

• To create and maintain your account (contract performance).
• To personalise recipe recommendations and AI responses (contract performance).
• To process payments via Paddle (contract performance, legal obligation).
• To prevent fraud, abuse and security incidents (legitimate interests).
• To respond to support enquiries (legitimate interests).
• To improve the Service and develop new features (legitimate interests).
• To comply with legal obligations (legal obligation).

4. Who we share data with

• Paddle — our Merchant of Record, who processes all payments, manages subscriptions, handles tax compliance and issues invoices.
• Hosting and infrastructure providers who host the application and database on our behalf.
• AI model providers who process prompts to generate recipes and chat responses.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

5. International transfers

Some of our service providers are located outside your country of residence. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations and resolve disputes. When data is no longer needed, it is deleted or anonymised.

7. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability. You may withdraw consent at any time where processing is based on consent, and you have the right to complain to your local supervisory authority. To exercise these rights, contact us at admin@whisk-ai.ai. We aim to respond within one month.

8. Security

We use appropriate technical and organisational measures, including encryption in transit, access controls and authentication, to protect your personal data.

9. Cookies

We use essential cookies and local storage to keep you signed in and to remember your preferences. We do not use third-party advertising cookies.

10. Changes

We may update this Privacy Notice from time to time. Material changes will be notified through the Service.