Privacy Policy
Last updated: March 2026
1. Information We Collect
Account information: When you register, we collect your email address, display name, and password (stored as a secure hash). You may optionally provide a profile photo, bio, city, and dietary preferences.
Usage data: We collect search queries, restaurant interactions, geolocation data (with your permission), and browsing activity on the platform.
User content: Reviews, ratings, and photos you submit.
Usage data: We collect search queries, restaurant interactions, geolocation data (with your permission), and browsing activity on the platform.
User content: Reviews, ratings, and photos you submit.
2. How We Use Your Information
We use your information to: provide and improve the Service; personalize restaurant recommendations using AI; send transactional emails (verification, password reset); send optional notification emails (review replies, weekly digests); detect and prevent fraudulent reviews.
3. Data Sharing with Third Parties
We share limited data with third-party services to provide our features:
• Google Places API — location and restaurant data
• Yelp Fusion API — restaurant reviews and details
• Foursquare API — venue information
• LLM providers (Google, Anthropic, OpenAI) — menu text is sent for AI extraction (no personal data is included)
• Mapbox — map tiles and geocoding
We do not sell your personal information to third parties.
• Google Places API — location and restaurant data
• Yelp Fusion API — restaurant reviews and details
• Foursquare API — venue information
• LLM providers (Google, Anthropic, OpenAI) — menu text is sent for AI extraction (no personal data is included)
• Mapbox — map tiles and geocoding
We do not sell your personal information to third parties.
4. Cookies and Tracking
We use essential cookies for authentication (JWT tokens stored in httpOnly cookies) and session management. See our Cookie Policy for details.
5. Data Retention
We retain your account data for as long as your account is active. You may delete your account at any time, after which your personal data will be removed within 30 days. Anonymized review content may be retained for platform integrity.
6. Your Rights
You have the right to: access your personal data; correct inaccurate data; delete your account and associated data; export your data; opt out of non-essential emails. You can exercise these rights through your profile settings or by contacting us.
7. Security
We protect your data using industry-standard measures including encrypted passwords (bcrypt), HTTPS, httpOnly cookies, CSRF protection, and rate limiting. However, no method of transmission over the Internet is 100% secure.
8. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service.
10. Contact
For privacy-related questions, contact us at privacy@ai-resto.app.