Kharleonphod
As of

Legal · data stewardship

Privacy Policy

What we collect when you plan meals with us, how long we keep it, which rights you can exercise, and how to reach the Pittsburgh team responsible for oversight.

Controller and scope

Kharleonphod, with its principal place of business at 411 Smithfield St, Pittsburgh, PA 15222, United States, is the controller for personal data described in this Privacy Policy when you interact with kharleonphod.world, email our team, call the studio line, or receive services tied to a written order. If you engage us only through a third-party marketplace, that platform may also process data under its own notice.

Regional focus: we apply GDPR-aligned practices for visitors from the European Economic Area and UK, and supplement with California-specific disclosures where the California Consumer Privacy Act as amended applies.

Categories of data

Depending on how you interact with us, we may process identifiers (name, email address, phone number), commercial information (order history, service preferences), internet or electronic activity (browser type, approximate location derived from IP, pages viewed), audio or visual information when you join a video consult, and professional or employment information when you represent a business client.

We do not intentionally collect sensitive categories such as precise health diagnoses through the website. If you voluntarily share dietary notes, we treat them as service instructions rather than medical records.

Purposes and legal bases

We process data to operate the site, fulfill contracts, comply with legal obligations, detect fraud, and pursue legitimate interests such as improving navigation flows—provided those interests are not overridden by your rights. Where consent is required, particularly for optional marketing cookies or promotional emails, we will obtain it separately and document it with a timestamp.

  • Service delivery — coordinating schedules, packaging, and delivery windows you select.
  • Support — responding to inquiries and maintaining correspondence history.
  • Compliance — tax, accounting, and food-safety traceability where applicable.
  • Analytics — aggregated statistics about site performance when you enable analytics cookies.

Sharing and subprocessors

We share data with hosting providers, email delivery services, and payment processors when you complete a purchase. Each category receives the minimum data necessary to perform its function. We maintain written agreements that require confidentiality, security measures, and assistance with data subject requests.

When you enable marketing cookies or when we run paid advertising on platforms such as Google, those vendors may receive limited technical and device data to measure impressions, clicks, and conversions. Their use of data is governed by their policies and your opt-out choices where available. See our Cookies Policy and Transparency & advertising page for context.

We may disclose information if required by law, court order, or regulatory inquiry, or to protect the rights, property, or safety of our customers, staff, or the public.

International transfers

If personal data moves outside your country of residence, we rely on appropriate safeguards such as the European Commission’s standard contractual clauses, the UK International Data Transfer Addendum, or comparable mechanisms recognized in your jurisdiction. Copies of relevant transfer documentation are available upon request subject to confidentiality considerations.

Retention

Contact form submissions are retained for up to twenty-four months unless a longer period is needed to document an ongoing transaction or dispute. Order and billing records may be kept for seven years where tax law requires. Marketing consents are refreshed on a regular cycle and suppressed if you unsubscribe. Logs with IP addresses may roll off on a ninety-day rotation unless a security investigation requires retention.

Security measures

We implement transport-layer encryption where supported, role-based access controls, multi-factor authentication for administrative accounts, and vendor review before new tools connect to production. Staff access personal data only when needed for a legitimate job function. No system is perfectly secure; we monitor anomalies and notify affected individuals where required by law.

Your rights

Subject to applicable law, you may request access, correction, deletion, restriction of processing, or portability of your personal data. You may object to certain processing grounded in legitimate interests and withdraw consent where processing was consent-based. We will verify your identity before fulfilling requests and respond within statutory timelines.

If you are in the EEA or UK, you may lodge a complaint with your supervisory authority. If you are a California resident, you may designate an authorized agent; we may require proof of authorization.

Children

This site is not directed to children under sixteen, and we do not knowingly collect personal information from children without verifiable parental consent where such consent is mandated. If you believe we have collected information from a child, please contact us so we can delete it promptly.

Automated decisions

We do not use automated profiling that produces legal or similarly significant effects about you without human review. Routing suggestions inside your account are informational and can be overridden manually.

Changes

We update this Privacy Policy when our practices evolve or when regulators issue new guidance. The hero section reflects the date you are viewing; substantive edits will be noted here with a short summary of what changed.

Contact

For privacy requests or questions, email ask@kharleonphod.world, call +1 412-527-6536, or write to 411 Smithfield St, Pittsburgh, PA 15222, USA. Please describe your request with enough detail for us to locate relevant records without excessive follow-up.