Privacy Policy
Last updated: [DATE]
1. Introduction
TODO: Introduction paragraph about meal.photos, UK-based data controller, GDPR compliance.
2. Data We Collect
TODO: List of data collected — account info (email, display name, avatar), uploaded photos, ratings, location (city-level, quantised), device info.
3. How We Use Your Data
TODO: Purposes — providing the service, showing meals on the map, personalising the feed, analytics, communication.
4. Third-Party Services
TODO: Explain that we share data with the following third-party services only as needed to operate the platform:
- Supabase — Database and authentication (EU/UK region)
- Cloudflare Images — Image storage and CDN delivery
- Stripe — Payment processing (restaurant subscriptions only)
- Mapbox — Map rendering
- Resend — Transactional email delivery
- OneSignal — Web push notifications
- Upstash — Rate limiting
- PostHog — Analytics (only with consent)
- Google Cloud Vision — Content moderation
- Cloudflare Turnstile — Bot protection
- Vercel — Hosting and edge delivery
5. Cookies
TODO: Explain cookie categories — essential (auth session) and analytics (PostHog). Default to declining non-essential. How to manage preferences.
6. Location Data
TODO: Explain that coordinates are quantised to 2 decimal places (~1.1km), EXIF data is stripped from photos, exact location is never stored.
7. Your Rights (UK GDPR)
TODO: Right of access, right to rectification, right to erasure (account deletion), right to data portability (data export), right to restrict processing, right to object.
8. Data Retention
TODO: How long data is kept, what happens on account deletion.
9. Children
TODO: Service not intended for users under 13.
10. Changes to This Policy
TODO: How users will be notified of changes.
11. Contact
TODO: Contact email for data protection queries.