TasteProofTasteProof

Privacy Policy

Effective 10 May 2026

This Privacy Policy explains what TasteProof collects when you use the TasteProof mobile app, why we collect it, and the rights you have under UK GDPR and the Data Protection Act 2018. We have written this policy in plain English on purpose. If anything is unclear, email admin@tasteproof.co.uk.

Contents
  1. Who we are
  2. What we collect
  3. What we do not collect
  4. Why we collect it (legal basis)
  5. Third-party processors
  6. How long we keep it
  7. Your rights
  8. Children
  9. International transfers
  10. Security
  11. Cookies and trackers
  12. Changes to this policy
  13. Complaints

1. Who we are

TasteProof is a London restaurant discovery and booking concierge app, operated as a sole-trader venture in the United Kingdom. The data controller is TasteProof (UK). You can reach the controller at admin@tasteproof.co.uk. We are registered with the UK Information Commissioner's Office under reference ZC143325.

2. What we collect

When you create an account we hold an email address; if you sign in with Apple or Google, your provider may share a name and profile picture. Most of the data we hold (queries, taps, ratings) is tied to an anonymous device identifier rather than to you personally.

2.1 Account credentials

If you create an account by email and password, we store your email address and a hashed (not plain-text) password via our authentication provider Supabase (EU-Frankfurt region). If you choose Sign in with Apple, we receive an Apple-supplied identifier and (optionally) an Apple private-relay email; we never see your real Apple email if you choose to hide it. If you choose Sign in with Google, we receive your name, email address and profile picture from Google.

2.2 Anonymous device identifier

When you first open the app, we generate a random UUID and store it on your device. We send it as a request header (X-Device-ID) so the backend can apply your free-tier quotas, rotate recently shown restaurants, and link your push notification token to the right device. The UUID is not derived from any hardware identifier, IDFA, IDFV, or advertising ID. If you continue as a guest without an account, this device identifier is the only thing tying your activity together.

2.3 Approximate location

If you grant location permission, we use your approximate location (city-level, not a continuous track) to find restaurants near you and to estimate travel time using OSRM. We do not store a history of your GPS coordinates. Each request sends the latest position; older positions are not retained.

2.4 Push notification token

If you opt in to notifications, Apple Push (APNs) or Google Firebase Cloud Messaging (FCM) issues a token via Expo Push. We store that token alongside your device identifier so we can deliver prime-night picks and cancellation-watch alerts.

2.5 Concierge search queries

The messages you type into the concierge ("best Italian in Soho on Saturday", "anniversary dinner near Marylebone") are sent to our backend so we can answer them. We retain queries to improve recommendations and to detect personalisation signals such as cuisine, vibe, and area preferences.

2.6 Booking-link taps

When you tap a booking slot, we record which restaurant, time, and party size you tapped. We use that record to personalise future recommendations (similar venues you have engaged with).

2.7 Ratings

If you rate a booking after the visit, we store that rating. Ratings of 7 or higher boost similar venues for your device. Ratings under 5 suppress those venues for your device.

2.8 Swipe direction and dwell time

On the discovery feed, we record whether you swiped left or right and how long you lingered on each card (3-8 seconds = weak signal, 8-15 seconds = strong, 15 seconds or more = very strong). These signals tune the recommendations shown to you.

2.9 Saved or favourited restaurants

If you save a restaurant, we store its slug against your device.

2.10 Cancellation watch requests

If you ask us to watch a fully booked restaurant for cancellations, we store the venue, party size, and date window so the watcher cron can poll the booking site.

2.11 Subscription status

RevenueCat tells our backend whether your device has an active subscription so we can unlock paid features. We do not see your card details: Apple or Google handle billing.

3. What we do not collect

4. Why we collect it (legal basis)

5. Third-party processors

The following providers process data on our behalf. We share only what each one needs to do its job.

ProcessorPurposeWhat we send
Groq (api.groq.com, US)LLM inference for concierge repliesYour typed query plus restaurant context. No device ID, no location.
OpenRouter (US)LLM fallback when Groq is rate-limitedSame as Groq.
Google Gemini (US)LLM fallback chainSame as Groq.
Anthropic (US)LLM fallback chainSame as Groq.
Scrapfly (api.scrapfly.io, US)OpenTable live-availability lookupsRestaurant ID, date, party size. No device or user identifier.
Expo (expo.dev, US)Push notification delivery and over-the-air JS updatesPush token, app version. No query content.
RevenueCat (api.revenuecat.com, US)Subscription state for the paid tierAnonymous device ID and Apple or Google receipt.
Apple App Store / Google PlayBilling and refund handling for the paid tierReceipts only. We never see card details.
SevenRooms and OpenTableBooking flow when you tap a slotYou leave the app and arrive on their booking page. From that point their privacy policies apply.
Hetzner (hetzner.com, EU - Helsinki)Server hosting and Postgres databaseEverything described above.
Supabase (supabase.com, EU-Frankfurt)Authentication and password reset emailsEmail address, hashed password, and Apple/Google sign-in identifiers.

6. How long we keep it

7. Your rights

Under UK GDPR Articles 15 to 22 you have the right to:

To exercise any of these, email admin@tasteproof.co.uk or use the in-app Delete my data button (we are rolling this control out in a forthcoming release; until then email is the canonical channel). Because we do not collect your name or email, please send the request from a device the app is installed on, or include your anonymous device ID (visible in the app's About screen).

8. Children

TasteProof is intended for users aged 18 and over. We do not knowingly collect data from children under 13. If you believe a user under 18 has used the app, email us and we will delete any associated data.

9. International transfers

Our primary servers are in the EU (Hetzner, Helsinki). Several LLM and platform processors (Groq, OpenRouter, Gemini, Anthropic, Scrapfly, Expo, RevenueCat) are based in the United States. Where those transfers happen, they are covered by the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, as applicable.

10. Security

Traffic between the app and our backend is encrypted with TLS. Postgres data is encrypted at rest on the hosting volume. We do not store passwords, plain-text PII, or payment card details, because we do not collect them in the first place.

11. Cookies and trackers

The TasteProof app does not use cookies. We do not embed analytics SDKs, advertising SDKs, or cross-app trackers. If you tap a booking link and leave the app, the destination booking site (SevenRooms and OpenTable) may set cookies of its own under its own policy.

12. Changes to this policy

If we make a material change, we will post a notice in the app at least 14 days before it takes effect. Minor edits (typo fixes, new processor names that do not change purpose or scope) will be reflected here without notice.

13. Complaints

If you are not happy with how we handled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk or by phone on 0303 123 1113. We would prefer the chance to put it right first - email admin@tasteproof.co.uk.