Privacy Policy
Last updated: June 23, 2026 · Effective: June 11, 2026
Hotpot Club (“Hotpot Club,” “we,” “us,” or “our”) operates the Hotpot Club mobile application and this website (together, the “Service”). This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it. By using the Service, you agree to the practices described here.
We have written this policy to be plain. If anything is unclear, write to us at privacy@joinhotpot.com and we will explain.
1. Who this policy applies to
This policy applies to anyone who uses Hotpot Club, including people who create an account, people whose phone numbers are used to verify identity, and people who appear in another user's posts (for example, because someone tagged them as having cooked with or for them).
2. Information we collect
2.1 Information you provide directly
- Phone number. We use your phone number to verify your identity at sign-up and sign-in via an SMS one-time passcode (OTP). Your phone number is stored with your account in normalized international format (E.164). It is never shown publicly on your profile or in search results.
- Username, display name, bio. These are public. Anyone who can find your profile can see them.
- Profile photo (avatar). Optional. If you upload one, it is stored on our servers and may be visible to other users of the Service.
- Privacy preference. Whether your account is public or private.
- Email address. Optional. If you choose to attach an email to your account in the future, we will use it only for account-related communication.
2.2 Content you create on the Service
- Dish posts. Photos, dish names, notes, and the date the dish was made.
- Rankings. The order in which you've placed your own dishes.
- Tags. When you tag another user as having cooked with you or for whom you cooked, we associate that user's account with your post and store the display name they had at that time alongside the tag. The tagged user is notified and can remove the tag at any time. If the tagged user later deletes their account, that stored display name may remain visible in your post as described in Section 7.
- Comments and reactions. Text comments and likes you leave on dish posts.
- Saved dishes. A private list of dishes you've saved. Only you can see this list.
- Photo metadata. When you post a photo from your library, we read the photo's creation date so the dish can be archived on the correct day (this is the EXIF
DateTimeOriginalfield). Photos you upload may retain other metadata embedded by your camera. We do not display this metadata, but we recommend disabling location data in your phone's camera settings if you do not want any location information embedded in photos you post.
2.3 Social graph data
- Who you follow and who follows you, including follow requests that are pending or accepted.
- Users you have blocked.
- Reports you file about a post or another user, including the reason you choose and any details you add. Reports are visible only to our moderators, not to the person reported.
- In-app notifications generated by other users' actions toward you, plus automated reminders we send you (for example, when your weekly streak is about to reset).
2.4 Device and technical data
- Device identifiers and push tokens. If you enable push notifications, we store a device token so we can deliver them. You can disable notifications at any time in your operating system settings.
- Camera and photo library access. Used only when you choose to post a dish, set a profile photo, or save a shareable dish image to your library. We do not access your camera or photo library in the background.
- Device time zone. We store your device's time zone (for example "America/New_York") so weekly streaks reset at midnight on Monday in your local time rather than a fixed global time. It is not precise location: a time zone covers a large region and is never shown to other users.
- Log data. Our servers automatically receive standard log information when the app contacts them — including IP address, approximate region inferred from IP, request timestamps, app version, and device operating system. We use this to keep the Service running and to investigate abuse or errors.
- Crash and diagnostic data. When the app crashes or hits an unexpected error, we record a stack trace, your app version, device model, and operating system version so we can diagnose and fix the problem. See Section 2.5 for the providers involved.
- Product analytics. We record a small set of in-app actions (sign-in, posting a dish, saving a dish, ranking a dish, posting a comment, sending a reaction, sharing a dish or profile, following or blocking someone, searching, viewing a profile, and opening a notification) so we can understand which features are useful and where people get stuck. When you search — for dishes or for people — we record the words you type, including the names you look up, so we can learn what people search for and improve results. We attach your account ID and username to these events after you sign in; before that, events are tied to a random per-install identifier. See Section 2.5 for the providers involved.
- Session replays. A subset of in-app sessions are recorded so we can see how the interface actually behaves on real devices. In these replays, the text you type is always masked — phone numbers, OTP codes, usernames mid-typing, and comment text never appear in one. Dish photos are visible in replays because they are the point of the product.
2.5 Crash reporting and analytics providers
- Sentry (Functional Software, Inc.) — receives crash stack traces, app version, device model, and the username and account ID of the signed-in user. Sentry never receives your phone number, your photos, the contents of your dish posts, or the contents of your comments.
- PostHog Inc. — receives the in-app product-analytics events described above, along with a random per-install identifier and (after sign-in) your username and account ID. PostHog also receives masked session replays as described above. PostHog never receives your phone number or OTP codes.
We use both providers solely to operate and improve the Service. We do not sell the data they receive, we do not use it for advertising, and we do not combine it with data from third parties.
2.6 Information we do not collect
- We do not collect precise GPS location.
- We do not use third-party advertising SDKs, and we do not share data with advertisers or data brokers.
- We do not buy data about you from data brokers.
- We do not access your contacts unless you explicitly share an individual contact with us.
3. How we use your information
We use your information to:
- Create and operate your account, including verifying your phone number with an SMS code.
- Show you a chronological feed of dishes from people you follow, plus your own profile, rankings, and saves.
- Deliver notifications you have asked for (in-app and, if enabled, push).
- Apply the account-level privacy settings and per-post visibility rules you've chosen.
- Enforce our Terms of Use, including detecting and preventing abuse, spam, harassment, and fraud.
- Diagnose problems, secure the Service, and improve the app.
- Comply with legal obligations and respond to lawful requests.
4. How we share your information
4.1 With other users of the Service
Hotpot Club is a social product, so some information is visible to other users by design:
- Your username, display name, bio, profile photo, and follower / following / dish counts are visible to anyone who can find your profile (this includes non-followers when your account is public, and even when it is private the basic header is visible so people can request to follow you).
- Your dish posts are either private (visible only to you) or non-private. A non-private post is visible according to your account-level privacy setting: a public account is visible to anyone, while a private account makes it visible only to accepted followers (plus anyone you tag and their followers — see below).
- When you tag another user, your post can appear in their followers' feeds (subject to the tag and follow rules described in the app). Tagged users can remove the tag at any time.
- Comments, reactions, and remakes you make on someone else's dish are visible to anyone who can see that dish.
- Sharing. You can share a link to a non-private dish or a public profile. Anyone with that link — including people without an account — can open a preview page on joinhotpot.com, and messaging apps may show the same as a link preview. The preview shows only information that is already public — for a dish, details such as its photo, name, and author handle; for a profile, the public profile details described above (such as the photo, display name, handle, and bio). Private dishes and private accounts are never shown this way; their links show only a generic "not available" page. You can also export a shareable image of a dish (the photo with an optional stats overlay) to your device's share sheet or photo library — that export happens on your device.
- Your weekly streak (consecutive weeks with at least one post) appears on your profile. If your account is private, only your accepted followers can see it. A friend streak you share with another user can appear on either of your profiles, including the other person's name and your shared week count — but only to people allowed to see both partners' streaks, so a private account's participation stays hidden from anyone who doesn't follow it. Your partner also sees whether you have posted in the current week.
4.2 With service providers (sub-processors)
We use a small number of independent companies that process data on our behalf, only to run the Service:
- Supabase, Inc. — our database, authentication, and file storage provider. Your account record, posts, photos, and social graph are stored on infrastructure operated by Supabase, which in turn runs on Amazon Web Services.
- Twilio Inc. — sends the SMS verification code to your phone when you sign in. Twilio receives your phone number and message content for this purpose.
- Expo (650 Industries, Inc.) — delivers push notifications. If you enable push, your device token is sent to Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) via Expo's push relay.
- Resend, Inc. — sends transactional and community email from this website. Resend processes your email address when you contact us or join our mailing list.
- Cloudflare, Inc. (Turnstile) — provides bot protection on our website's forms. Cloudflare receives a short-lived verification token and your IP address.
- Vercel Inc. — hosts this website. Vercel receives standard request logs.
- Apple App Store and Google Play. When you install or update the app, these stores collect installation and crash data subject to their own privacy policies.
- hCaptcha (Intuition Machines, Inc.) — when enabled, helps us prevent automated abuse of phone-OTP sign-up.
- Sentry (Functional Software, Inc.) — receives crash and error reports from the app, used solely to find and fix bugs. See Section 2.5.
- PostHog Inc. — receives product-analytics events and masked session replays from the app, used solely to understand product usage. See Section 2.5.
We require each of these providers to use your information only to perform the service we have contracted them for, and to protect it appropriately. We do not sell your personal information to anyone, and we do not share it with advertisers.
4.3 For legal and safety reasons
We may disclose information when we believe in good faith that disclosure is necessary to comply with a legal obligation, respond to a valid government request, enforce our Terms of Use, protect the rights, property, or safety of Hotpot Club, our users, or the public, or detect, prevent, or address fraud, security, or technical issues. Where permitted, we will attempt to notify the user whose information is requested.
4.4 In a business transfer
If Hotpot Club is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will give notice through the Service before your information becomes subject to a different privacy policy.
5. How long we keep your information
We keep your account information and content for as long as your account is active. When you delete your account, we delete your account record and the content associated with it as described in Section 7. We may retain a minimal amount of information for longer where we are required to by law, to resolve disputes, to enforce our agreements, or in backups that are deleted on a rolling schedule.
6. Your choices and controls
- Account privacy. Toggle a public or private account from the Profile tab.
- Per-post privacy. Mark any dish post private so only you can see it (private posts can't be tagged); otherwise it follows your account-level privacy setting.
- Tag removal. If someone tags you in a dish, you can remove the tag from your notification or the dish itself.
- Blocking. You can block any user from the kebab menu on their profile.
- Reporting. You can report a dish or a person from the “···” menu on a post or profile so our moderators can review it.
- Push notifications. Manage in your phone's system settings.
- Camera and photo library access. Manage in your phone's system settings.
- Community email unsubscribe. Every Hotpot Club community email contains a one-click unsubscribe link. We honor it immediately.
7. Deleting your account
You can permanently delete your Hotpot Club account at any time from inside the app: go to Profile → Settings → Delete Account. When you delete your account, we delete your account record and the personal information attached to it, including your dish posts, comments, reactions, saves, follows, blocks, and uploaded photos. One category of information is not erased by account deletion: if another user tagged you in one of their posts as having cooked with them or for them, the display name you used at the time of that tag remains visible as plain text within that other user's post. After your account is deleted that name is no longer linked to your account — it is not tappable, is not connected to your phone number or any other identifier, and cannot be used to find you on the Service — but the name itself is retained so the other user's record of who shared that meal stays intact. You can stop your name from appearing this way by removing the tag yourself (from the post or from your notifications) before you delete your account, and you may ask us to remove a specific retained tag at any time by writing to privacy@joinhotpot.com. Server backups containing your information are deleted on a rolling schedule, typically within 30 days. After deletion is complete the action cannot be reversed.
If you cannot reach the in-app delete option for any reason, email privacy@joinhotpot.com from the phone number or email associated with your account and we will process the deletion within 30 days.
8. Your rights
8.1 If you are in the European Economic Area, United Kingdom, or Switzerland
You have the right under applicable data-protection law (including the GDPR and the UK GDPR) to: access the personal information we hold about you; correct it if it is inaccurate; have it deleted (subject to the limited retention of participant tags described in Section 7); restrict or object to certain processing; receive a copy of it in a portable format; and withdraw consent where processing is based on consent. The lawful bases on which we process your information are the performance of our contract with you (operating your account and the Service), our legitimate interests (running the Service securely, preventing abuse, improving the product), your consent where required (for example, push notifications), and compliance with legal obligations. You also have the right to lodge a complaint with your local supervisory authority.
8.2 If you are a California resident
Under the California Consumer Privacy Act (as amended by the CPRA), you have the right to know what personal information we collect, to access and receive a copy of it, to request deletion, and to correct inaccurate information. You also have the right to opt out of the sale or sharing of personal information, and to limit the use of sensitive personal information. We do not sell or share personal information in the sense those terms are defined in the CCPA, and we do not knowingly process the personal information of minors under 16 for sale or sharing.
8.3 Exercising your rights
The fastest way to exercise most rights is from inside the app: view your profile to access your information, edit your profile to correct it, and use Delete Account to delete it. To make any other request, email privacy@joinhotpot.com from the phone number or email tied to your account so we can verify your identity. We will respond within the period required by applicable law (typically 30 days). You may also authorize an agent to make a request on your behalf. We will not discriminate against you for exercising any of these rights.
9. International transfers
Hotpot Club operates in the United States. The infrastructure we use to provide the Service (notably Supabase on AWS) is also located in the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States and possibly other countries whose data-protection laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
10. Children
Hotpot Club is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you live in the European Economic Area or the United Kingdom, you must be at least 16 (or the age of digital consent in your country) to use the Service. If we learn that we have collected information from a child under the applicable minimum age, we will delete it. If you believe a child has provided us information, please contact privacy@joinhotpot.com.
11. Security
We use reasonable technical and organizational measures designed to protect your information — including encryption in transit, encrypted storage at rest, scoped access controls inside our database, and access logging. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we ever become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.
12. Third-party links
The Service may include links to third-party websites or content (for example, when a user sets a dish's source to an external recipe URL, or when you open the original source of a discover recipe). We are not responsible for the privacy practices of those third parties; their policies govern their handling of your information.
13. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by other reasonable means before the changes take effect, and we will update the “Last updated” date at the top of this page. Your continued use of the Service after a change indicates that you accept the updated policy.
14. Contact us
For privacy questions, requests, or complaints, write to privacy@joinhotpot.com. We read every message and respond promptly. If you prefer postal mail, contact us by email first to request a mailing address.