SpoonSeal

Trust Center

Your compliance data, handled with care.

SpoonSeal holds sensitive documents restaurants rely on to stay open. This page explains, in plain language, how we secure that data, how we use AI responsibly, who we work with, and the rights and choices you have.

Last updated July 1, 2026

Information SecurityEncryption, isolation, and access control.Data Privacy & OwnershipYou own your data. We never sell it.Responsible AI & AI RisksHow Spoon works — and its limits.Privacy PreferencesCookies, email, and your choices.SubprocessorsThe vendors that help run SpoonSeal.Your Data & RightsAccess, export, and deletion.AvailabilityHosting, backups, and reliability.Report a ConcernResponsible disclosure.
Privacy Policy →Terms of Use →

Information security

We build on managed, reputable cloud infrastructure and apply industry-standard safeguards:

  • Encryption everywhere. All traffic is encrypted in transit with TLS, and data and uploaded documents are encrypted at rest.
  • Tenant isolation. Each organization’s data is separated at the data layer; documents are namespaced per organization, and one customer can never read another’s records.
  • Role-based access. Owners, managers, staff, and vendors get only the access they need. Vendors see only the locations and requests assigned to them.
  • Managed authentication. Sign-in, password hashing, and reset flows are handled by our authentication provider; service credentials are server-side only and never exposed to the browser.
  • Scoped AI. The Spoon assistant is limited to the data of the location you are signed in to; cross-tenant access is blocked and abuse is rate-limited.
  • Backups. Our managed database is backed up automatically to support recovery.

No online service is perfectly secure, but we work to protect your data and to improve continuously.

Data privacy & ownership

Your data is yours. The documents and records you upload belong to you. We use them only to provide the Service — readiness scoring, reminders, vendor requests, and inspection packets.

We never sell your data, and we do not share it with advertisers or use it to train AI models. We share data only with the subprocessors that run the Service, with vendors you choose to engage, or where required by law. Full details are in our Privacy Policy.

Responsible AI & AI risks

SpoonSeal includes an AI assistant (“Spoon”) that answers compliance questions in context. AI is powerful but imperfect, so we are direct about how it works and where it can fall short:

  • It can be wrong. Spoon can produce inaccurate or incomplete answers. Always verify important compliance details with your local health department, fire marshal, or a qualified professional. Spoon is not legal or professional advice.
  • Your context stays yours. Only the data for the location you’re signed in to is sent to the AI to answer your question — never another customer’s data.
  • No model training on your data. Your content is not used to train AI models.
  • Guardrails. Spoon stays on-topic (restaurant compliance and using SpoonSeal), enforces per-tenant scope, validates input against prompt-injection, and is rate-limited.
  • You stay in control. Spoon suggests; you decide and act. Every AI answer carries a reminder to verify with official sources.

Privacy preferences

You have control over your data and communications:

  • Cookies. We use only essential cookies to keep you signed in and to secure the Service — no advertising or cross-site tracking cookies. You can manage cookies in your browser; blocking essential cookies may break sign-in.
  • Email preferences. Manage in-app notifications from your Account, and unsubscribe from optional summaries at any time. Transactional messages (e.g. a vendor request you triggered) are part of the Service.
  • Data requests. To access, export, or delete your personal data, email support@spoonseal.com.
  • Close your account. You can close your account from Account → Close account. It’s a reversible soft-close — your data is retained and can be reopened by contacting support.

Subprocessors

We use a small set of trusted providers to run SpoonSeal. Each processes data only to deliver its part of the Service:

ProviderPurposeRegion
VercelApplication hosting and content deliveryUnited States
SupabaseDatabase, authentication, and document/file storageUnited States
ResendTransactional and notification email deliveryUnited States
AnthropicAI responses for the Spoon assistantUnited States

This list may change as the Service evolves; we’ll keep it current here.

Your data & rights

Depending on your location, you may have rights to access, correct, export, delete, or object to the processing of your personal data, including under the GDPR and California’s CCPA/CPRA (we do not sell personal information).

  • Access & export — email support@spoonseal.com and we’ll provide a copy of your data.
  • Correct — edit your profile, locations, and documents directly in the app.
  • Delete — close your account in-app (reversible), or request permanent deletion by email.

See the Privacy Policy for the full details.

Availability & reliability

SpoonSeal runs on redundant cloud infrastructure with a managed database and automated backups. We aim for high availability and monitor for issues. If you experience an outage or data problem, email support@spoonseal.com and we’ll investigate.

Report a security concern

If you believe you’ve found a security vulnerability or a privacy issue, please tell us so we can fix it. Email support@spoonseal.com with “Security” in the subject and enough detail to reproduce the issue. Please don’t publicly disclose it until we’ve had a reasonable chance to respond.

SpoonSeal provides informational compliance guidance, not legal advice, and does not guarantee any inspection outcome. This Trust Center is a summary; your use of SpoonSeal is governed by our Privacy Policy and Terms of Use.