Privacy Policy
Effective 10 May 2026
This Privacy Policy explains what TasteProof collects when you use the TasteProof mobile app, why we collect it, and the rights you have under UK GDPR and the Data Protection Act 2018. We have written this policy in plain English on purpose. If anything is unclear, email admin@tasteproof.co.uk.
1. Who we are
TasteProof is a London restaurant discovery and booking concierge app, operated as a sole-trader venture in the United Kingdom. The data controller is TasteProof (UK). You can reach the controller at admin@tasteproof.co.uk. We are registered with the UK Information Commissioner's Office under reference ZC143325.
2. What we collect
When you create an account we hold an email address; if you sign in with Apple or Google, your provider may share a name and profile picture. Most of the data we hold (queries, taps, ratings) is tied to an anonymous device identifier rather than to you personally.
2.1 Account credentials
If you create an account by email and password, we store your email address and a hashed (not plain-text) password via our authentication provider Supabase (EU-Frankfurt region). If you choose Sign in with Apple, we receive an Apple-supplied identifier and (optionally) an Apple private-relay email; we never see your real Apple email if you choose to hide it. If you choose Sign in with Google, we receive your name, email address and profile picture from Google.
2.2 Anonymous device identifier
When you first open the app, we generate a random UUID and store it on your device. We send it as a request header (X-Device-ID) so the backend can apply your free-tier quotas, rotate recently shown restaurants, and link your push notification token to the right device. The UUID is not derived from any hardware identifier, IDFA, IDFV, or advertising ID. If you continue as a guest without an account, this device identifier is the only thing tying your activity together.
2.3 Approximate location
If you grant location permission, we use your approximate location (city-level, not a continuous track) to find restaurants near you and to estimate travel time using OSRM. We do not store a history of your GPS coordinates. Each request sends the latest position; older positions are not retained.
2.4 Push notification token
If you opt in to notifications, Apple Push (APNs) or Google Firebase Cloud Messaging (FCM) issues a token via Expo Push. We store that token alongside your device identifier so we can deliver prime-night picks and cancellation-watch alerts.
2.5 Concierge search queries
The messages you type into the concierge ("best Italian in Soho on Saturday", "anniversary dinner near Marylebone") are sent to our backend so we can answer them. We retain queries to improve recommendations and to detect personalisation signals such as cuisine, vibe, and area preferences.
2.6 Booking-link taps
When you tap a booking slot, we record which restaurant, time, and party size you tapped. We use that record to personalise future recommendations (similar venues you have engaged with).
2.7 Ratings
If you rate a booking after the visit, we store that rating. Ratings of 7 or higher boost similar venues for your device. Ratings under 5 suppress those venues for your device.
2.8 Swipe direction and dwell time
On the discovery feed, we record whether you swiped left or right and how long you lingered on each card (3-8 seconds = weak signal, 8-15 seconds = strong, 15 seconds or more = very strong). These signals tune the recommendations shown to you.
2.9 Saved or favourited restaurants
If you save a restaurant, we store its slug against your device.
2.10 Cancellation watch requests
If you ask us to watch a fully booked restaurant for cancellations, we store the venue, party size, and date window so the watcher cron can poll the booking site.
2.11 Subscription status
RevenueCat tells our backend whether your device has an active subscription so we can unlock paid features. We do not see your card details: Apple or Google handle billing.
3. What we do not collect
- Your real name (unless you put it in the sign-up form, in an Apple/Google account, or in an email to us).
- Your phone number.
- Your payment card details. The App Store and Play Store handle that and do not share it with us.
- An exact location history. We never persist GPS traces.
- Your activity outside TasteProof. We do not embed advertising SDKs and do not track you across other apps or websites.
- Contacts, photos, microphone, or HealthKit data.
4. Why we collect it (legal basis)
- Legitimate interests (UK GDPR Art 6(1)(f)): running the recommendation engine, applying free-tier quotas, fraud and abuse prevention.
- Consent (Art 6(1)(a)): push notifications and location access. You can withdraw consent at any time in your device settings.
- Contract (Art 6(1)(b)): delivering the paid tier when you subscribe, including unlocking premium features.
5. Third-party processors
The following providers process data on our behalf. We share only what each one needs to do its job.
| Processor | Purpose | What we send |
|---|---|---|
| Groq (api.groq.com, US) | LLM inference for concierge replies | Your typed query plus restaurant context. No device ID, no location. |
| OpenRouter (US) | LLM fallback when Groq is rate-limited | Same as Groq. |
| Google Gemini (US) | LLM fallback chain | Same as Groq. |
| Anthropic (US) | LLM fallback chain | Same as Groq. |
| Scrapfly (api.scrapfly.io, US) | OpenTable live-availability lookups | Restaurant ID, date, party size. No device or user identifier. |
| Expo (expo.dev, US) | Push notification delivery and over-the-air JS updates | Push token, app version. No query content. |
| RevenueCat (api.revenuecat.com, US) | Subscription state for the paid tier | Anonymous device ID and Apple or Google receipt. |
| Apple App Store / Google Play | Billing and refund handling for the paid tier | Receipts only. We never see card details. |
| SevenRooms and OpenTable | Booking flow when you tap a slot | You leave the app and arrive on their booking page. From that point their privacy policies apply. |
| Hetzner (hetzner.com, EU - Helsinki) | Server hosting and Postgres database | Everything described above. |
| Supabase (supabase.com, EU-Frankfurt) | Authentication and password reset emails | Email address, hashed password, and Apple/Google sign-in identifiers. |
6. How long we keep it
- Search queries, booking taps, ratings, swipes, dwell: retained until you ask us to delete, or 24 months after your device goes dormant, whichever is first.
- Push tokens: deleted when you uninstall (Expo invalidates the token), or after 6 months of no use.
- Anonymous device identifier: deleted when you ask us via the in-app "Delete my data" button or by email, or after 24 months dormant.
- Subscription receipts: retained for the period required by HMRC for tax records (currently 6 years).
7. Your rights
Under UK GDPR Articles 15 to 22 you have the right to:
- Access the data we hold about your device.
- Correct it if it is wrong.
- Erase it ("right to be forgotten").
- Receive it in a portable format.
- Object to processing based on legitimate interests.
- Restrict processing while a complaint is being resolved.
To exercise any of these, email admin@tasteproof.co.uk or use the in-app Delete my data button (we are rolling this control out in a forthcoming release; until then email is the canonical channel). Because we do not collect your name or email, please send the request from a device the app is installed on, or include your anonymous device ID (visible in the app's About screen).
8. Children
TasteProof is intended for users aged 18 and over. We do not knowingly collect data from children under 13. If you believe a user under 18 has used the app, email us and we will delete any associated data.
9. International transfers
Our primary servers are in the EU (Hetzner, Helsinki). Several LLM and platform processors (Groq, OpenRouter, Gemini, Anthropic, Scrapfly, Expo, RevenueCat) are based in the United States. Where those transfers happen, they are covered by the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, as applicable.
10. Security
Traffic between the app and our backend is encrypted with TLS. Postgres data is encrypted at rest on the hosting volume. We do not store passwords, plain-text PII, or payment card details, because we do not collect them in the first place.
11. Cookies and trackers
The TasteProof app does not use cookies. We do not embed analytics SDKs, advertising SDKs, or cross-app trackers. If you tap a booking link and leave the app, the destination booking site (SevenRooms and OpenTable) may set cookies of its own under its own policy.
12. Changes to this policy
If we make a material change, we will post a notice in the app at least 14 days before it takes effect. Minor edits (typo fixes, new processor names that do not change purpose or scope) will be reflected here without notice.
13. Complaints
If you are not happy with how we handled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk or by phone on 0303 123 1113. We would prefer the chance to put it right first - email admin@tasteproof.co.uk.
