Privacy Policy
Draft for review. This document is a starting point, not legal advice.
Have it reviewed by a qualified professional and fill in the bracketed
[PLACEHOLDERS] before publishing.
This Privacy Policy explains how dishdeal (“dishdeal”, “we”, “us”) collects, uses, and shares information when you use the dishdeal mobile app and website (together, the “Service”). dishdeal is operated by [LEGAL ENTITY NAME], [REGISTERED ADDRESS].
By using the Service you agree to this Policy. If you don’t agree, please don’t use the Service.
Information we collect
Account information. When you sign in, our authentication provider creates an account for you. We receive an account identifier and the email address (and, if provided, the name) associated with your sign-in.
Content you submit. When you scan a flyer, we collect the photos/images you capture or upload, along with the products and prices extracted from them and any metadata you add (such as the store and region).
Approximate location. If you grant location permission, we use your approximate location to suggest nearby regions and relevant deals. You can use the Service without this — region selection also works manually — and you can revoke the permission anytime in your device settings.
Subscription and payment information. If you subscribe to Premium, payment is processed by the app store (Apple App Store or Google Play) and/or our payment processor. We receive subscription status and limited billing metadata. We do not receive or store your full payment-card details.
Usage and device information. We collect basic technical and usage data needed to run and improve the Service — for example app interactions, device type and operating system, language, and diagnostic logs.
How we use information
- Provide the Service: read flyers, index deals, and generate recipe suggestions for your region.
- Maintain your account, settings, and selected regions.
- Process and manage your subscription.
- Keep the shared deal data accurate, including moderating submitted flyers.
- Diagnose problems, prevent abuse, and improve features.
- Communicate with you about the Service (for example, support replies and important notices).
Legal bases (EEA/UK users)
Where the GDPR applies, we rely on: performance of a contract (to provide the Service you request), legitimate interests (to secure, maintain, and improve the Service), consent (for example, location access or optional communications — which you can withdraw at any time), and legal obligation (where required by law).
How information is shared
We do not sell your personal information. We share data with service providers (“processors”) who help us run the Service, under contracts that require them to protect it:
| Provider | Purpose | Data involved |
|---|---|---|
| Authentication provider (e.g. Auth0) | Secure sign-in and account management | Account identifier, email, name |
| Payment processor (e.g. Stripe) and app stores | Subscriptions and billing | Subscription status, billing metadata |
| AI provider (e.g. Anthropic) | Reading flyer images and generating recipe text | Flyer images and extracted text |
| Cloud hosting & storage | Running the Service and storing data | Service data as described above |
| Analytics/diagnostics | Reliability and product improvement | Usage and device data |
Provider names are indicative of our current setup; confirm and finalize this list before publishing.
We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users and the Service. If dishdeal is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction.
AI processing
dishdeal uses AI services to read the contents of flyer images and to generate recipe suggestions. Flyer images and extracted text are sent to our AI provider for these purposes. We do not use this processing to identify you.
Data retention
We keep personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize personal data associated with it, except where we must retain limited records to comply with legal obligations or resolve disputes. Deal data extracted from approved flyers may be retained in anonymized, aggregated form as part of a region’s shared catalog. See Delete your account & data.
Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. You can:
- Delete your account and data in the app, or follow the steps on the data-deletion page.
- Contact us (below) to exercise any other right.
We will respond within the timeframe required by applicable law. You also have the right to complain to your local data protection authority.
International transfers
We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.
Children
dishdeal is not directed to children and is not intended for use by anyone under the age of [16 / the minimum age in your country]. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we’ll delete it.
Security
We use reasonable technical and organizational measures to protect your data, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Changes to this Policy
We may update this Policy from time to time. When we make material changes, we’ll update the “Last updated” date above and, where appropriate, notify you in the app.
Contact us
Questions about privacy? Email [support@dishdeal.io] or write to [LEGAL ENTITY NAME], [REGISTERED ADDRESS].