Privacy Policy

1. Introduction

BiteMark (“BiteMark,” “we,” “us,” or “our”) operates the BiteMark mobile application and website (the “Service”). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide

When you create an account and use the Service, you may provide:

• Name, email address, and password (for account creation)
• Username (unique public identifier)
• Avatar photo, bio, city, Instagram handle, website URL
• Cuisine and dietary preferences
• Ratings, reviews, notes, photos, restaurant lists, and social connections

Information Collected Automatically

• Location data: If you grant permission, we collect your precise geolocation once during onboarding to detect your city. We do not continuously track your location.
• Authentication tokens: Managed by our infrastructure provider (Supabase) and stored securely on your device.
• Product analytics: We use PostHog to understand how people use BiteMark so we can improve it. PostHog records events such as which screens you view and which features you use. When you are signed in, these events are linked to your account via your user ID, name, email, username, and city. We do not use PostHog for advertising, and session replay is disabled.
• Crash and performance diagnostics: We use Sentry to detect and fix bugs. Sentry receives stack traces, device metadata (OS version, device model), and a sample of performance traces when something goes wrong. Diagnostic events are linked to your account when you are signed in so we can correlate reports with the problem you experienced.

Information We Do NOT Collect

We do not collect device identifiers used for cross-app advertising (IDFA, IDFV, Android Advertising ID), browsing history outside of the app, contacts, phone numbers, payment information, cookies, or push notification tokens.

3. How We Use Your Information

• Provide the Service: Display restaurants, show your reviews and ratings, manage your lists, and enable social features
• Personalize your experience: Recommend restaurants based on your preferences, city, and dining history
• Communicate with you: Send password reset emails and critical service updates (we do not send marketing emails)
• Enforce our Terms of Service: Prevent abuse, investigate violations, and maintain integrity
• Improve the Service: Analyze aggregate, anonymized usage patterns

We do not use your information for advertising, profiling, or automated decision-making.

4. How We Share Your Information

Information Visible to Other Users

Your username, name, avatar, bio, and city are visible on your profile. Ratings, reviews, photos, and lists you mark as “public” are visible to other users. You control visibility through public/private settings.

Service Providers

• Supabase: Database hosting, authentication, and file storage (US data centers)
• PostHog: Product analytics. We send anonymized and identified product events (screen views, feature interactions) and identify profile fields (user ID, email, name, username, city). Data is stored in PostHog’s US data centers. See PostHog Privacy Policy.
• Sentry: Crash reporting and performance monitoring. We send crash reports, device metadata, and sampled performance traces, linked to your account when you are signed in. Data is stored in Sentry’s US data centers. See Sentry Privacy Policy.
• Google Places API: Restaurant information (we do not send your personal information to Google)
• Apple and Google (OAuth): Sign-in authentication only

We Do NOT Share Your Data With

Advertising networks, data brokers, restaurants, or any third parties for their own marketing purposes.

5. Data Retention

We retain your personal information for as long as your account is active. When you delete your account, we permanently delete all of your data within 30 days, including your profile, ratings, reviews, photos, lists, and social connections. No personal data is retained after account deletion except as required by applicable law.

6. Data Security

• Authentication tokens stored in your device's secure enclave
• Database access controlled by row-level security policies
• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using bcrypt (never stored in plaintext)

7. Your Rights and Choices

You have the right to access, correct, and delete your personal information through your profile and settings. You can control the visibility of your content and revoke location permission at any time.

California Residents (CCPA/CPRA)

California residents have additional rights including the right to know, delete, and opt-out. BiteMark does not sell your personal information or share it for cross-context behavioral advertising. To exercise your rights, email support@bitemark.app. We will respond within 45 days. We extend the same privacy rights to residents of all US states.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at support@bitemark.app.

9. International Users

BiteMark is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. For EEA/UK users, we process data based on consent and legitimate interest. Contact support@bitemark.app to exercise your data protection rights.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you before the changes take effect. Your continued use constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at support@bitemark.app. For privacy-specific requests, include “Privacy Request” in the subject line.