Privacy Policy

Introduction

Welcome to SupperSwipe ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect your information when you use our mobile application and related services (collectively, the "Service").

Information We Collect

Personal Information

When you use SupperSwipe, we may collect the following types of personal information:

• Account Information: When you sign up, we collect your email address, phone number, username, display name, and profile photo.
• Email Address: Used for sign-in and account recovery. We currently do not send marketing emails, but in the future, we may send occasional product updates or tips. You can opt out at any time via account settings or by contacting us.
• Social Connections: Friend lists, friend requests, and session participant IDs.
• Session Data: Session preferences (e.g., location name, radius, filters), swipes, matches, and planned date/time.
• Device Information: Device ID, OS version, and IP address for security and analytics.
• Location Information: With your permission, we access your device's location to discover nearby restaurants. Precise latitude/longitude coordinates are never stored or transmitted to our servers. They are used only in real-time to query the Google Places API during session setup and are immediately discarded. We retain only a general area name (e.g., "Royal Oak, MI") for display and anonymized analytics.
• Reservation Data: If you create reservations, we store party size, time, and notes. This data is shared with the group but not with third parties (unless required by law).
• Chat Messages: We collect, transmit, and store the content of messages you send and receive within sessions. This allows us to deliver your messages and enables us to investigate reports of abuse or violations of our terms, ensuring a safer community.

Non-Personal Information

We also collect anonymized usage data, such as:

• App interactions (e.g., swipes, matches).
• Analytics on session creation, duration, and outcomes (all anonymized).

How We Use Your Information

We use your information to:

• Provide and improve the Service (e.g., matching restaurants, facilitating group swiping).
• Moderate content (e.g., profile photos via Google Cloud Vision API). This moderation may also apply to other user-submitted content, such as chat messages, in response to user reports or to enforce our community guidelines.
• Send notifications (e.g., session invites, matches, reservation updates).
• Analyze usage for product improvement (anonymized).
• Comply with legal obligations and prevent fraud.
• Enable calendar integration (with your permission).
• Enforce our data retention policies, including the automated deletion of inactive accounts.

Data Security

We implement industry-standard security measures to protect your data. This includes:

• Encryption in Transit: All communication between your device and our servers is encrypted using HTTPS (TLS).
• Encryption at Rest: All of your data, including chat messages and profile information, is encrypted on Google's servers before it is written to disk.
• Secure Access Control: We use Firebase Security Rules to prevent users from accessing data that does not belong to them.

While we take strong measures to protect your data, no system is 100% secure. We cannot guarantee absolute security.

Analytics and Aggregated Data

We use anonymized, aggregated data for internal analytics, such as tracking number of sessions, matches, and swipes per location. This data does not identify individual users and helps us improve the Service. We may share aggregated statistics with partners or for marketing purposes, but never in a way that could identify you.

We do not attempt to re-identify anonymized analytics data or combine it with other datasets that could identify you.

Sharing Your Information

We do not sell your personal data. We may share it in these limited cases:

• With Other Users: In sessions, your username, display name, profile photo, swipes, and reservations are visible to other participants.
• Service Providers: With trusted third-party providers who assist in operating the Service, such as: - Firebase (Google) for authentication, database, storage, and notifications. - Google Places API for restaurant data. - Google Cloud Vision for photo moderation. These providers are contractually bound to use your data only for providing services to us and to protect your privacy.
• Legal Requirements: If required by law, such as in response to a subpoena, court order, or to protect our rights, safety, or property. We will comply with valid legal requests for any data we store, including your profile information, session data, and chat messages.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred, but we will notify you and provide choices where required by law.
• Aggregated Data: We may share anonymized, aggregated statistical data (which does not identify you) with partners or for business purposes, as described in the "Analytics and Aggregated Data" section.

Your Rights and Choices

Depending on your location (e.g., GDPR in Europe, CCPA in California), you may have certain rights regarding your personal data:

• Access: Request access to the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: You can delete your account at any time through the app's Profile settings. This will permanently delete your personal information in accordance with our retention policy. You can also contact us to request deletion.
• Portability: Request a copy of your data in a machine-readable format.
• Withdraw Consent: Withdraw consent where processing is based on consent (e.g., location permissions).
• Object/Restrict Processing: Object to or request restriction of certain data processing activities.

You can typically manage your profile information directly within the app. To exercise other rights or for deletion requests, please contact us using the information below.

Location Data

SupperSwipe uses location data to help you discover nearby restaurants for your swiping sessions. Here's how we handle it:

• Permission Required: We only access your device's location if you explicitly grant permission through the operating system prompt.
• Purpose Limitation: We use your location (either precise coordinates when using "Current Location" or coordinates derived from a selected city) only during session setup to query the Google Places API for relevant restaurants.
• Ephemeral Use of Coordinates: Your precise geographical coordinates (latitude/longitude) are used temporarily for the restaurant search and are not stored on our servers or within the session data.
• General Area Name: We derive and may store a general area name (e.g., "Royal Oak, MI") associated with the session for display purposes and anonymized analytics (as described above).
• Control: You can enable or disable location services for SupperSwipe at any time through your device's settings. Disabling location will limit functionality requiring nearby restaurant discovery.

Children's Privacy

Our Service is not directed to individuals under the age of 13 (or a higher age threshold if required by applicable law). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. We have two processes for account deletion:

• User-Initiated Deletion: You can delete your account at any time from your Profile settings. When you request deletion, we will permanently delete your personal information, typically within 30 days, unless we are required by law to retain it longer.
• Automated Deletion of Inactive Accounts: To protect your privacy and comply with data minimization principles, we automatically delete accounts that have been inactive for a period of 24 months (2 years). Inactivity is defined as not signing into the app within this period. We may attempt to notify you via your provided email address before this deletion occurs.

When an account is deleted (either by you or through our automated process), we create a log of the event. This log includes the user's ID, username, display name, and the reason for deletion (e.g., "user_deleted" or "automated_cleanup"). We retain this internal log for a limited period for auditing, security, and to ensure compliance with our processes.

Session data is automatically deleted based on the following retention policy:

• Active sessions: Deleted after 90 days of inactivity (from creation date) if no match is found.
• Matched sessions with a future planned date: Retained until 30 days after the planned date.
• Matched sessions with no or past planned date: Deleted 30 days after the match date.
• Completed sessions: Deleted 30 days after completion (when all participants have acknowledged the match).

Anonymized and aggregated data, which no longer constitutes personal data, may be retained indefinitely for statistical analysis and service improvement.

Data Storage & International Transfers

Our Service is operated globally, primarily using servers located in the United States (via Firebase). Your data is stored in US data centers.

We rely on the following legal mechanisms to ensure your data is protected when transferred to or processed in the US:

• EU-US Data Privacy Framework (DPF): Google (Firebase) is certified under the DPF, which the EU recognizes as providing adequate protection for personal data.
• Standard Contractual Clauses (SCCs): We have a Data Processing Agreement with Firebase that includes SCCs for any data transfers.

Firebase acts as our data processor under a signed Data Processing Agreement. You can view Firebase’s privacy policy here.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the new policy in the app, sending an email, or using other appropriate communication channels. We encourage you to review this policy regularly. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.