Skip to main content
ChefExpenses LogoChefExpenses

Privacy Policy

Last updated: April 28, 2026

1. Data Controller

The data controller for your personal data is ALMACÉN NUEVA COCINA RÚSTICA, S.L.

  • Responsible: Raimon Moreno Pedralva
  • Tax ID: B98600422
  • Calle Sueca, 41 - 46006 - Valencia - Spain
  • info@chefexpenses.com

We strictly comply with GDPR and Spanish regulations.

2. What data

We process the following data:

  • Identification data: name, surname.
  • Contact data: email, phone.
  • Professional data: position, restaurant name.
  • Usage data: IP, access logs.
  • Billing data: Tax ID, billing address.

We do not process special categories of data.

3. Purposes

Purposes of processing:

  • Manage your registration and access to the platform.
  • Provide the costing and cost management service.
  • Send technical support communications.
  • Manage subscriptions and payments.
  • Send newsletters (only with consent).
4. Legal Basis

Legal bases for processing:

  • Execution of the service contract.
  • Consent of the data subject.
  • Legitimate interest for security and fraud prevention.
  • Compliance with legal obligations.

You can withdraw your consent at any time.

5. Mandatory Character

Data marked with an asterisk in forms are mandatory to provide the requested service.

6. Recipients

Your data may be communicated to:

  • Technological service providers (Google Cloud/Firebase).
  • Payment platforms.
  • Public administrations by legal obligation.

We do not sell or transfer your data to third parties for commercial purposes.

7. Processors

Our data processors (sub-processors) operate under contracts that guarantee the security of your data. Current sub-processors:

  • Google Firebase (Google LLC / Google Ireland Ltd.) — Hosting, Firestore database, authentication and file storage. EU servers (europe-west4). Google DPA signed under SCCs.
  • Google reCAPTCHA Enterprise (Google LLC / Google Ireland Ltd.) — Anti-abuse and anti-bot protection via Firebase App Check. Processes browser signals (IP, user-agent, interaction events) to issue validation tokens. US transfer under SCCs.
  • Google Analytics 4 (Google Ireland Ltd.) — Traffic and usage event measurement. IP anonymized by configuration. Activated only after analytical cookie consent.
  • Stripe Payments Europe Ltd. — Payment processing, subscriptions and invoicing. Standard DPA.
  • Calendly LLC (United States) — Booking of free "Master Class" tutoring sessions for new users. Processes name, email and any information you provide in the booking form. Associated video calls take place over Google Meet (Google Ireland Ltd.). US transfer under SCCs.
  • Sentry (Functional Software Inc.) — Error and performance monitoring. Anonymized session data.
  • Resend (or equivalent provider via Firebase Extensions) — Transactional email delivery.

Any change to this list will be published in this policy with 30 days notice. The current list can be requested at any time from the contact indicated in section 1.

7 bis. Access by administration personnel

Specific members of ChefExpenses's technical and administration team, duly authorized, may access the data associated with your account and the information stored in the restaurants you manage (ingredients, suppliers, recipes, menus, reports and other content) only in the following situations:

  • Technical support: when you expressly request our help to resolve an incident.
  • Audit and security: to detect misuse, fraud, service abuse, or vulnerabilities that may affect other users or the integrity of the platform.
  • Operational advisory: when you have contracted or requested advisory services that require reviewing your data.
  • Platform maintenance: to diagnose and fix technical errors whose resolution requires temporary access to real data.
  • Legal compliance: when required by a competent authority or by a legal obligation.

This access is strictly limited to the minimum necessary for the specific purpose pursued and is not used for purposes other than those listed above. Authorized personnel are bound by confidentiality duties, both during and after their employment or contractual relationship with the data controller.

The legal bases for this processing are the controller's legitimate interest in providing, securing and improving the service (art. 6.1.f GDPR), performance of the service contract (art. 6.1.b GDPR) and, where applicable, compliance with legal obligations (art. 6.1.c GDPR).

In any case, you fully retain your rights of access, rectification, erasure, objection, restriction and portability over your data, exercisable by writing to info@chefexpenses.com.

8. International transfers

Data is stored in the EU, although some technical services may involve transfers to the US under certified security frameworks.

9. Conservation Period

We will keep your data as long as the account remains active.

After cancellation, data will be kept blocked during legal prescription periods.

10. Rights

You have the right to access, rectify, delete and object to processing.

Write to info@chefexpenses.com to exercise your rights.

11. Security

We apply SSL encryption, firewalls and strict access controls.

12. Third-party data

If you invite collaborators, you declare to have their permission to provide their emails.

13. Minors

ChefExpenses is directed at professionals and does not allow registration of minors under 18.

14. Cookies

Consult our Cookie Policy for tracking details.

15. Changes

Any modification will be published on this same page.

16. Contact

Privacy concerns: info@chefexpenses.com

OK