Privacy Policy

Zibah Foods and More respects your privacy. This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have under the EU General Data Protection Regulation (GDPR).

The data controller for personal data collected through this website and our services is Zibah Foods and More, based in Amsterdam, Netherlands. You can contact us at hello@zibahfoods.com.

Contact details — name, email, phone number.

Order information — items ordered, delivery/pickup address, delivery date and time, allergens and dietary notes, order notes.

Quote requests — event details, guest count, inspiration photos and any other information you choose to share for cakes, catering, private chef, or consultation enquiries.

Account information — if you create an account: email, password (stored hashed), saved preferences and order history.

Payment information — handled directly by our payment provider (Stripe). We do not store full card details.

Technical data — IP address, browser type, device type, pages visited and time on site (used in aggregate for performance and security).

To fulfil your order or booking — legal basis: performance of a contract.

To respond to enquiries and quotes — legal basis: pre-contract steps at your request.

To send order updates and service notices — legal basis: performance of a contract.

To send marketing emails (offers, seasonal menus) — only with your consent; you may unsubscribe at any time.

To meet legal, tax, and accounting obligations — legal basis: legal obligation.

To protect, debug and improve our services — legal basis: legitimate interest.

We share data only with trusted processors who help us run the service:

Supabase — database, authentication and storage (EU region).

Stripe — payment processing.

Resend — transactional and marketing email delivery.

Delivery partners — only the details needed to deliver your order.

We do not sell your personal data or share it with third parties for their own marketing.

Our infrastructure is hosted within the European Union. Where a processor (e.g. Stripe, Resend) transfers data outside the EU, that transfer is covered by the European Commission's Standard Contractual Clauses and equivalent safeguards.

Order and invoice data: 7 years (Dutch tax law).

Quote requests and contact messages: up to 24 months from last contact.

Account data: until you delete your account.

Marketing consent: until you unsubscribe.

We use a minimal set of cookies and similar technologies to keep you signed in, remember your cart, and measure aggregate site usage. We do not use third-party advertising cookies.

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe a child has shared data with us, contact us and we will delete it.

We protect your data with industry-standard measures: encrypted transport (HTTPS), encrypted storage, role-based access control, row-level security on all customer tables, and audit logs for sensitive actions.

Under GDPR you have the right to: access your data, correct inaccurate data, request deletion ("right to be forgotten"), restrict or object to processing, data portability, and withdraw consent at any time. To exercise these rights, email hello@zibahfoods.com. You can also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

In the unlikely event of a personal data breach that risks your rights and freedoms, we will notify the Dutch Data Protection Authority within 72 hours and inform affected individuals where required.

We may update this policy from time to time. The current version is always shown on this page, with the "Last updated" date at the top.

Questions about your privacy? Email hello@zibahfoods.com.