Kitchen Toolkit documentation
Kitchen Toolkit — Legal Summary for Customers
docs/legal/legal-summary.md
# Kitchen Toolkit — Legal Summary for Customers - Kitchen Toolkit is a hosted service on Vercel (private GitHub source) with default Upstash KV in AWS N. Virginia; usage is limited to the Dashboard/APIs (no self-hosting) under a non-transferable license. [source: docs/legal/terms-of-service.md][source: docs/reference/data-and-privacy.md] - Customer Data stays yours. Exports cover logs, equipment, alerts, profiles, and masked secrets; deletions remove tenant restaurant content but do not rewrite Git history. [source: docs/legal/data-export-deletion-policy.md] - Tenants can point telemetry to their own KV endpoints and set retention windows or delete data at any time; KT product-side deletes apply to the live stores it controls, but do not override any separate backups/history maintained by customer-managed providers or Git history. [source: docs/legal/environment-variables-policy.md][source: docs/legal/data-export-deletion-policy.md][source: docs/reference/retention-policy.md] - KT does not maintain separate backups of tenant KV data; deletes and TTLs apply to the configured KV endpoint. [source: docs/legal/data-export-deletion-policy.md][source: docs/reference/data-and-privacy.md] - Passwords are stored as PBKDF2 hashes; password resets use 15-minute links emailed to the tenant contact, while initial setup normally uses emailed setup links and may fall back to an inline secure setup link if email delivery is unavailable. Customers are responsible for rotating secrets and passwords after suspected compromise. [source: lib/tenant/adminAuth.js][source: pages/api/tenant/signup.js][source: pages/api/tenant/requestPasswordReset.js][source: pages/api/tenant/resetPassword.js] - Admin access is gated by signed cookies, CSRF checks, and tenant scoping; device access requires per-device HMAC signatures; non-default tenant bundle access also requires admin or provisioned-device context. [source: docs/legal/security-and-infrastructure.md] - Environment variables and secrets are AES-256-GCM encrypted and returned masked; updates are sanitized and audit-logged when KV auditing is configured. [source: docs/legal/environment-variables-policy.md] - Subprocessors: see the published Subprocessor Schedule for the maintained list covering Vercel, Upstash, GitHub, Stripe, customer-selected SMTP/webhooks, KT-managed Google/Gmail-hosted outbound email paths, and the configured `/help` AI-provider stack. Material changes will still be emailed when practical. [source: docs/legal/subprocessor-schedule.md][source: docs/legal/terms-of-service.md][source: docs/legal/privacy-notice.md] - Standard product email flows are account, security, operational, and customer-directed reporting flows; KT is not offering a general-purpose marketing email platform through normal tenant product features. [source: docs/legal/privacy-notice.md][source: docs/legal/terms-of-service.md] - If you use `/help`, prompts and supported attachments may be processed by the configured AI provider stack and cached temporarily in Upstash-backed support storage. Avoid uploading highly sensitive material that KT does not request. [source: docs/legal/privacy-notice.md][source: pages/help.jsx] - Data transfers occur in Canada/US (Vercel, Upstash) or your configured KV, with optional `/help` processing also following the configured AI provider regions. A standard DPA, transfer addendum/SCC packet, and subprocessor schedule are now published as the starting point for customer reviews, with signatures and customer-specific terms handled through the legal contact path. [source: docs/legal/terms-of-service.md][source: docs/legal/privacy-notice.md][source: docs/legal/data-processing-requests.md][source: docs/legal/data-processing-addendum.md][source: docs/legal/transfer-addendum-scc.md][source: docs/legal/subprocessor-schedule.md] - Support target is email acknowledgement in 3-5 business days (target only; no SLA/credits unless separately agreed); no uptime SLA is offered by default. [source: docs/legal/terms-of-service.md] - Standard tenant signup and admin flows are for commercial, institutional, and professional kitchen operations; if non-waivable consumer rights apply to a particular offering, those rights prevail to that extent. [source: docs/legal/terms-of-service.md] - KT is assistive tooling only and is not an insurer, guarantor, or substitute for manual food-safety programs, manual checks, calibration duties, escalation procedures, backup systems, or regulatory judgment by customer teams. Customers remain responsible for hold/discard/serve decisions and product protection. [source: docs/legal/terms-of-service.md] - KT is offered “as is,” “as available,” and with all faults; the terms disclaim warranties that the platform, hardware, alerts, exports, or support will be uninterrupted, error-free, or sufficient to prevent equipment failures, missed alerts, spoilage, contamination, or compliance issues. [source: docs/legal/terms-of-service.md] - Liability is capped at the amount paid for the affected service or hardware in the prior six months, or CAD $100 if none was paid for the affected service or hardware during that period, and the terms exclude spoilage, product loss, contamination, downtime, lost profits, and similar consequential losses to the maximum extent permitted by law. [source: docs/legal/terms-of-service.md] - KT may change the service, pricing, terms, and related policies by posting updates or giving notice; continued use after the effective date constitutes acceptance, subject to any notice or other rights that the law does not allow KT to waive. [source: docs/legal/terms-of-service.md] - Pilot, beta, evaluation, pre-production, or pre-certification hardware/features may be offered only for supervised indoor evaluation until expressly released otherwise; public marketing material is informational and does not override the signed contract or current legal docs. [source: docs/legal/terms-of-service.md][source: docs/leadership/reference/fcc-plan.md] - Hardware: one-year defect warranty; RMAs must be initiated within 30 days, customer pays return shipping unless DOA, required by law, or KT approves prepaid return shipping in writing; refunds follow Stripe timelines and require valid cause. [source: docs/legal/terms-of-service.md] - Governing law/venue: Province of Ontario (courts serving Kitchener-Waterloo). Legal notices or support questions should be sent to liam@liambendix.com. [source: docs/legal/terms-of-service.md] - Security incidents will be emailed to tenant contacts without undue delay after confirmation or reasonable suspicion, in accordance with applicable law and law-enforcement constraints. [source: docs/legal/terms-of-service.md] - Key policies: [Terms of Service](terms-of-service.md), [Privacy Notice](privacy-notice.md), [Security & Infrastructure](security-and-infrastructure.md), [Data Export & Deletion](data-export-deletion-policy.md), [Environment Variables Policy](environment-variables-policy.md), [Data Processing & Transfer Requests](data-processing-requests.md), [Standard DPA](data-processing-addendum.md), [Transfer Addendum / SCC Packet](transfer-addendum-scc.md), [Subprocessor Schedule](subprocessor-schedule.md), and [Third-Party Notices](third-party-notices.md). [source: docs/legal/terms-of-service.md][source: docs/legal/privacy-notice.md][source: docs/legal/security-and-infrastructure.md][source: docs/legal/data-export-deletion-policy.md][source: docs/legal/environment-variables-policy.md][source: docs/legal/data-processing-requests.md][source: docs/legal/data-processing-addendum.md][source: docs/legal/transfer-addendum-scc.md][source: docs/legal/subprocessor-schedule.md][source: docs/legal/third-party-notices.md] --- audience: legal scope: legal tenantId: global version: production status: current rag.importance: normal rag.preferredPaths: ["/pages/**", "/pages/api/**", "/public/js/restaurantLoader.js", "/public/sw.js", "/firmware/**"] last_verified: 2026-03-22 ---