Kosher Connect

Legal

Privacy Policy

Last updated: April 10, 2026

1. Introduction

Kosher Connect (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit kosherconnect.app or use any related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide Directly

  • Account registration: name (optional), email address, phone number, and password (stored as a one-way hash)
  • Waitlist signup: email, first name, last name, city, interests, and any message you include
  • Reviews: star rating, review title, review body, and photos you upload (up to 3 per review)
  • Business listings and events: business name, address, contact information, hours, and photos you submit
  • Business ownership claims: your business email, phone, role, and proof notes submitted during the claim process
  • Saved listings: bookmarks and optional personal notes you attach to them
  • Payment information: when you make a purchase (e.g. the Founding Member offer), your payment is processed by Stripe. We store only your Stripe Customer ID and transaction records. We never see your full card number. See Section 5.
  • Contact form submissions: your message and contact details

Information Collected Automatically

  • Usage data: pages visited, features used, clicks, and interaction patterns (via PostHog analytics, with your consent)
  • Device and browser: device type, operating system, browser type and version
  • IP address: used to derive approximate city-level location and for security purposes
  • Cookies and local storage: see Section 7 for full details

Location Data

When you add a listing or event, we store the address, city, state, postal code, and GPS coordinates (derived via Google Maps geocoding). We do not continuously track your device location.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your identity
  • Provide, maintain, and improve the Service
  • Display your reviews, listings, and events to other users
  • Send transactional emails: account verification, OTP codes, city alert notifications, and review digest emails (when you own a claimed listing)
  • Send marketing emails to contacts who have given explicit consent
  • Credit referrals and operate the referral program
  • Personalize your experience with locally relevant kosher listings and events
  • Respond to your support requests and contact form submissions
  • Monitor usage patterns to improve features and fix bugs (analytics, with consent)
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service providers: Third-party vendors listed in Section 6 who help us operate the Service. They process your data only as instructed by us and for the purposes described in this Policy.
  • Public content: Reviews, listing details, and events you publish are visible to all visitors of the Service. Your display name appears on your published reviews.
  • Shared saved lists: If you choose to generate a public share link for your saved list, anyone with that link can view it. You may revoke the link at any time from your account settings.
  • Legal requirements: When required by applicable law, regulation, court order, or government request.
  • Safety: To protect the rights, property, or safety of Kosher Connect, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of substantially all of our assets, with prior notice to you.

5. Payments & Stripe

When you make a purchase on Kosher Connect (such as the Founding Member offer), your payment is processed by Stripe, Inc. (“Stripe”), a third-party payment processor. We do not collect, store, or have access to your full credit card number, CVV, or bank account details. Stripe processes this information directly under its own privacy policy.

What we store

  • Your Stripe Customer ID (a unique identifier assigned by Stripe)
  • Transaction records: amount, date, product purchased, and payment status
  • Your email address (shared with Stripe so you receive a receipt)

What Stripe stores

  • Card number, expiration, and billing address (for payment processing)
  • Transaction history and fraud prevention data

Stripe is PCI DSS Level 1 certified. For details on how Stripe handles your payment data, see Stripe's Privacy Policy.

6. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy.

  • Google (Sign-In, Maps, Places): We use Google OAuth for sign-in, Google Maps to display interactive maps and geocode addresses, and Google Places to retrieve business photos and details. Google's privacy policy governs data processed by Google.
  • Stripe: Payment processing for purchases (see Section 5).
  • Twilio: We use Twilio to send one-time passcode (OTP) SMS messages for phone-based sign-in. Your phone number is transmitted to Twilio solely for OTP delivery.
  • Resend: We use Resend to send transactional and marketing emails (city alerts, review digests, outreach campaigns). Your email address is transmitted to Resend for delivery purposes.
  • Vercel: Our website is hosted on Vercel. User-uploaded images (review photos, listing photos) are stored in Vercel Blob storage. Vercel processes usage logs and request data as part of hosting.
  • PostHog: We use PostHog (US region) for product analytics. PostHog collects usage events, page views, and device information. Analytics tracking is only activated after you accept cookies via our consent banner. You may opt out at any time.

7. Cookies & Tracking

We use the following cookies and local storage entries:

  • Authentication session cookie (set by NextAuth): Required to keep you signed in. This is a strictly necessary cookie; it is set when you sign in and expires after 30 days or when you sign out.
  • kc_ref (referral attribution): Set when you visit a referral link (kosherconnect.app/r/[code]). Records the referring user's ID so that referral credit is applied if you sign up. Expires after 7 days.
  • Anonymous vote cookie (httpOnly): A random UUID stored in an httpOnly cookie that lets you vote on review helpfulness once per device without signing in. Contains no personal information.
  • kc_consent (cookie consent preference): Stores your accepted or declined choice for analytics cookies. Persists for 1 year.
  • PostHog analytics (localStorage + cookie): Set only after you accept analytics in our cookie consent banner. Tracks page views, feature usage, and interactions to help us improve the Service. You may withdraw consent at any time by clearing site data or contacting us.

You can control non-essential cookies via our consent banner, which appears on your first visit. Strictly necessary cookies (authentication, anonymous vote) cannot be disabled without affecting core functionality.

8. Data Retention

We retain your personal information for as long as your account is active. Specifically:

  • Account data: Retained until you delete your account. You can delete your account at any time from your account settings page. Deletion permanently removes your profile, reviews, saved listings, city alert subscriptions, and uploaded photos.
  • Waitlist data: Retained until you request removal or the waitlist program ends.
  • Business claim data: Retained for up to 2 years after claim resolution to support dispute resolution.
  • Email campaign records: Send records (email address, sent/open/click timestamps) are retained for up to 3 years for compliance and reporting purposes.
  • Server logs: Vercel access logs are retained per Vercel's standard data retention policy (typically 30 days).

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate information. You can update your display name directly in account settings.
  • Deletion: Delete your account and all associated data via your account settings page, or by contacting us.
  • Opt out of marketing: Unsubscribe from marketing emails via the unsubscribe link in any email, or by contacting us.
  • Data portability: Request a portable copy of your data by contacting us.
  • Withdraw analytics consent: Decline or withdraw consent for analytics cookies via our consent banner or by contacting us.

California residents (CCPA/CPRA): You have the right to know what personal information is collected, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, contact us at hello@kosherconnect.app. We will respond within 45 calendar days.

EU/UK residents (GDPR/UK GDPR): Our lawful bases for processing include: contract performance (account management, delivering the Service), legitimate interests (security, fraud prevention, product improvement), and consent (analytics cookies, marketing emails). You have the right to lodge a complaint with your local supervisory authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including password hashing (bcrypt), encrypted connections (TLS), and access controls. However, no method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

11. Children's Privacy

The Service is intended for users who are at least 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@kosherconnect.app and we will promptly delete it.

12. International Data Transfers

Kosher Connect is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from those in your jurisdiction. By using the Service, you acknowledge this transfer. We use service providers (see Section 6) that maintain appropriate safeguards for international data transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will notify you by email (if you have an account) or via a prominent notice on the Service. We encourage you to review this page periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact us at hello@kosherconnect.app.