Privacy Policy

AllergEats ("we," "us," or "our") operates allergeats.com. This Privacy Policy explains what information we collect, how we use it, and the choices you have. AllergEats is a decision-support tool — not a medical service. Always confirm allergen information with restaurant staff before ordering.

When you create an account, we collect your email address and, optionally, your first and last name. If you sign in with Google, we receive your name and email from Google.The allergens you select are stored locally on your device and, if you are signed in, synced to our secure database so your profile is available across devices.Menu scans you save and orders you save are stored locally on your device and, if you are signed in, associated with your account.We use Vercel Analytics to collect anonymized, aggregated data about page views and navigation. No personal identifiers are included.If you grant location permission, we use your device's GPS coordinates solely to show nearby restaurants. We do not store your precise location on our servers.

• To provide and personalize the AllergEats service
• To sync your allergen profile and saved data across devices
• To send transactional emails (account confirmation, password reset)
• To improve the service through aggregated, anonymized analytics

We do not sell your personal information to third parties. We do not use your allergen data for advertising.

User accounts and synced data are stored using Supabase, which is hosted on AWS infrastructure with encryption at rest and in transit. We use industry-standard security practices, but no system is completely secure — please use a strong, unique password.

• Supabase — authentication and database
• Google OAuth — optional sign-in
• Vercel Analytics — anonymized usage analytics
• OpenStreetMap / Overpass API — restaurant location data

Each third party has its own privacy policy. We encourage you to review them.

We retain your account data for as long as your account is active. You may delete your account at any time by contacting us (see Section 9). Upon deletion, your personal data is removed within 30 days, except where retention is required by law.

AllergEats is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it promptly.

Depending on your location, you may have the right to access, correct, or delete your personal data, or to object to or restrict certain processing. To exercise these rights, contact us at the address below. We will respond within 30 days.

If you have questions about this Privacy Policy or your data:

AllergEats
Email: privacy@allergeats.com

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of AllergEats after changes constitutes acceptance of the updated policy.