Privacy Policy

FoodThoughts is a private, invite-only application designed for small groups of friends to share restaurant reviews and organise social plans.

This Privacy Policy explains what personal data is collected, how it is used, and what rights users have in relation to that data.

Data collection is limited to what is necessary for the app to function.

Data Controller
FoodThoughts is operated by its owner as a private, non-commercial service. For the purposes of data protection law, including the GDPR, the operator of FoodThoughts acts as the data controller.

For privacy questions or to exercise data protection rights, contact:

noreply@foodthoughts.app

What Data Is Collected
FoodThoughts collects only the data needed to provide the service:

Account information: Username, email address, and password stored securely in hashed form.

Profile data: Optional display name and avatar image.

User-generated content: Reviews, ratings, favourites, tags, and venue suggestions.

Social and group data: Group memberships, availability selections, and RSVPs.

Technical data: Limited server logs such as IP address, browser type, and timestamps, used for security and system integrity.

FoodThoughts does not collect sensitive personal data and does not use personal data for profiling or advertising.

How Data Is Used
Personal data is processed for the following purposes:

To provide access to the app and manage user accounts.

To display content and profile information within the app to other members.

To enable group coordination features such as availability sharing and event planning.

To send essential service communications, including account verification, password resets, and invitations.

To maintain the security, integrity, and performance of the platform.

FoodThoughts does not send marketing communications and does not use personal data for advertising.

Lawful Bases
Under the GDPR, personal data is processed on the following lawful bases:

Performance of a contract: For account creation, login, profile display, content sharing, and group coordination features.

Legitimate interests: For maintaining platform security, preventing abuse, and ensuring the service remains functional and reliable.

Who Can See the Data
Within the app:

Usernames, display names, avatars, reviews, ratings, and favourites are visible to other signed-in members.

Email addresses are not publicly visible.

Outside the app:

Personal data is not sold, rented, or shared with advertisers.

Data is shared only with limited service providers where necessary to operate the app.

These service providers include:

Resend: Transactional email delivery.

Cloudflare: Security and traffic routing.

Google Places: Venue data enrichment; personal data is not shared for this purpose.

Storage and Retention
Data is stored on access-controlled infrastructure.

Account and content data are retained for as long as the account remains active.

Server logs are retained only for a short period for security purposes and then deleted or overwritten.

Backups are kept on a limited rolling basis and are automatically overwritten.

If an account is deleted, associated personal data is removed within a reasonable timeframe, except where limited retention is necessary for security or legal reasons.

User Rights
Under the GDPR, users have the right to:

Access the personal data held about them.

Correct inaccurate or incomplete data.

Request deletion of their data.

Receive a copy of their data in a portable format.

Requests can be made using the contact email above. Responses will be provided within a reasonable timeframe.

Users also have the right to lodge a complaint with their local data protection authority.

Cookies
FoodThoughts uses only essential cookies:

A session cookie to keep users signed in.

A preference cookie, such as for light or dark mode.

FoodThoughts does not use tracking, analytics, or advertising cookies.

Changes to This Policy
This Privacy Policy may be updated from time to time. If material changes are made, the date at the top of this page will be updated and, where appropriate, users may be notified.

Continued use of the app after an update means the updated Privacy Policy applies.