Privacy Policy — DishPool
DRAFT — for attorney review before publication. Not legal advice. The product name “DishPool” supersedes “Potluck Planner” (rebrand pending). Items marked [USER ACTION] require a real value before publication.
1. Who we are and what the service does
DishPool is a web app for organising potluck (shared-meal) events: guests join an event, RSVP, and choose which dishes to bring so the meal has balanced category and quantity coverage. Event owners and managers run the event. The service is aimed primarily at residents of Israel, and this policy governs its use. The operator is the data controller of the personal data described here, within the meaning of Israel's Protection of Privacy Law, 5741-1981 (as amended by Amendment 13, in force 14 August 2025).
2. What data we collect
(a) Data you give us:
- Account details: you sign in using a one-time SMS code to your phone, or a Google account — these are the only sign-in options; there is no email-and-password login. Accordingly we collect your phone number (if you sign in by SMS code) or your email address and name from Google (if you sign in with Google). We also store a display name and language preference.
- Event-participation data: RSVP status (coming / maybe / not coming), number of adults and children in your household, household name, and a contact note.
- Contributions (dishes): dish name, notes, serving count, and the dietary and allergen tags you declare (e.g. vegetarian, vegan, kosher, nuts, sesame). Allergen information is a participant declaration only and is not a safety certification.
- Recipe data (optional feature): title, ingredients, and instructions. If you upload a recipe photo for automatic text extraction, that image is sent to a third-party provider (OpenAI) to extract the text — see section 4.
- Admin notes: event managers may enter management-related notes.
(b) Data collected automatically:
- IP address and basic server data, collected by our hosting and security infrastructure for operations and security. Under Amendment 13, an IP address is personal data.
- Error data: for fault and stability monitoring we use Sentry, which may collect the technical context of an error (including IP address). This is operational error/security monitoring — not marketing analytics. See section 9 (Cookies).
- We run no analytics, advertising, or marketing-tracking tools.
(c) Data from third-party sign-in:
- If you sign in with Google, we receive your email address and name from Google to create your account.
- If you sign in with a one-time code, your phone number is processed through Supabase Auth, and the SMS is delivered via Twilio.
3. How we use data and the legal basis
| Purpose | Legal basis |
|---|---|
| Creating an account and signing in (phone / Google) | Consent / necessary to provide the service you requested |
| Managing event RSVPs and contributions | Necessary to provide the service |
| Translating dish names and notes into the interface languages | Consent (data is sent to Google — section 4) |
| Extracting text from a recipe photo you upload | Consent (the image is sent to OpenAI — section 4) |
| Sending email reminders | Consent / legitimate interest in running the event |
| Error monitoring, security, and abuse prevention | Legitimate interest |
4. Who we share data with (service providers / processors)
We use third-party service providers that act on our behalf. Most are located outside Israel (mainly in the US) — see section 5 on international transfers.
| Provider | Used for | Data shared | Location |
|---|---|---|---|
| Supabase | Auth, database, storage | All personal data described above | [VERIFY: project region — EU or US] |
| Vercel | Website hosting | Network requests, IP address | US / global edge network |
| Cloudflare | DNS and web protection (WAF) | Request metadata, IP address | Global network |
| Google — Gemini | Translating dish names and notes | The dish text and notes you enter | US |
| Google — OAuth | Sign in with Google | Email and name | US |
| Google Maps / Places | Event-address autocomplete (manager side) | The address text typed | US |
| Twilio | Delivering the one-time SMS code (via Supabase Auth) | Your phone number | US |
| Resend | Sending email reminders | Email address and message content | US |
| OpenAI | Generating event cover images (manager) and extracting text from recipe photos | The manager's image description; the recipe photo you upload | US |
| Sentry | Error and stability monitoring | Technical error context, IP address | US |
We do not sell personal data and do not share it with third parties for marketing.
5. International transfers (outside Israel)
Some data is transferred and processed outside Israel, mainly in the US, via the providers above. The US is not on the Israeli adequacy list of countries recognised as providing adequate protection. Accordingly, by using the service and entering data, you consent to your data being transferred to and processed by our service providers outside Israel as described, and we work to ensure each processor is bound by a data-processing agreement providing adequate protection. [LEGAL REVIEW RECOMMENDED] [USER ACTION: ensure a signed DPA is in place with each processor]
6. Data retention
| Data type | Retention |
|---|---|
| Account and profile | While the account is active; deleted on request (see section 8) |
| RSVPs and contributions | For the event and a reasonable period after; deleted when the account is deleted |
| Email send logs | Per Resend's retention [VERIFY] |
| Error logs (Sentry) | Per Sentry's retention policy [VERIFY] |
| Security logs / IP addresses | A limited period needed for operations and security |
7. Data security
We apply reasonable technical and organisational measures to protect your data, consistent with the Protection of Privacy (Data Security) Regulations, 5777-2017: database access is restricted by row-level security, service secrets are kept server-side only, and connections are encrypted. No security method is perfect, but we work continuously to protect your data.
8. Your rights
Under the Protection of Privacy Law you have the right to:
- Access the personal data we hold about you (provided in Hebrew, English, or Arabic).
- Correct inaccurate or outdated data.
- Delete data that is no longer needed for the purpose it was collected for.
To exercise a right, contact [USER ACTION: privacy contact email]. We will verify your identity before acting and complete the request without undue delay and within 30 days. Requests are currently handled manually by the administrator.
9. Cookies and local storage
The site uses only essential / functional cookies and local storage:
- Sign-in tokens (Supabase) in local storage — to keep you signed in.
- A PKCE verifier — to secure the Google sign-in flow.
- A
NEXT_LOCALEcookie — to remember your chosen interface language.
We use no analytics, advertising, or marketing-tracking cookies. Our error-monitoring service (Sentry) is an operational/security tool; it does not continuously record sessions and does not set consent-gated third-party cookies. A cookie-consent banner is therefore not required, and we do not display one.
10. Children's privacy
The service is intended for adults organising private events and is not directed at children. If we learn that we have collected a minor's data without an appropriate basis, we will delete it. [LEGAL REVIEW RECOMMENDED: minimum age and parental-consent requirements if relevant.]
11. Changes to this policy
We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use after an update constitutes acceptance of the revised version.
12. Contact
For any privacy question or to exercise your rights: [USER ACTION: controller name + privacy contact email].