Best Bites ("we", "us", "the app") is a dish-rating app that lets you keep track of
the specific dishes you love at restaurants, share them with people you follow, and
discover top-rated dishes nearby. This page explains what information we collect,
how we use it, and the choices you have.
We try to collect as little as possible. We do not sell your data. We do not run ads.
1. Information you give us
Account information
Name and email address — used to create your account, sign you in, and let other users find you.
Password — stored only as a salted hash (bcrypt). We never see or store your raw password.
Home city (optional) — used to default the map and "Top Bites" to a useful starting region.
Content you create
Dish reviews and ratings (1-10), comments, and emoji reactions.
Photos of dishes you choose to attach to a review.
Social actions — who you follow, who you block, restaurants and dishes you've added.
Feedback you submit through the in-app feedback button. This is used internally to fix bugs and prioritize features. A copy is mirrored to a private Notion workspace owned by the app maintainer.
2. Information collected automatically
Approximate location — only when you tap "Near Me" or otherwise grant
location permission. Coordinates are sent to our server to look up nearby restaurants
and are not stored against your account.
Device and platform (iOS, Android, or web) and the app version —
attached to feedback submissions to help reproduce bugs.
Authentication tokens — a JWT is stored on your device (in iOS Keychain
via Expo SecureStore, or browser localStorage on the web) so you stay signed in.
3. Third-party services we use
To make Best Bites work, we send specific pieces of data to a small set of providers:
Foursquare Places API — used for restaurant search, autocomplete,
and city geocoding. We send the search text, the city you typed, and (when you use
"Near Me") your approximate coordinates. We do not send your name, email, or any
account identifier.
Yelp — used to enrich restaurant pages with dish lists and photos.
We send only the restaurant identifier or name; no personal data.
Uber Eats (via RapidAPI) — used to import menus when you add a
new restaurant. We send only the restaurant name and address.
Notion — feedback you submit through the in-app feedback button is
mirrored to a private Notion workspace owned by the app maintainer for triage.
The Notion entry contains your feedback text, the screen you were on, your platform,
and (if you were signed in) your name and email.
Replit / Neon Postgres — our application servers and database are
hosted by Replit; the database is operated by Neon. Your account data and reviews live there.
4. How we use your information
To create and operate your account.
To show you restaurants and dishes that are relevant to where you are.
To deliver the social features of the app — your followers see your reviews; you see theirs.
To respond to feedback or support requests.
To detect abuse, fix bugs, and improve the app.
We do not use your information for advertising, profiling for ads,
or sale to data brokers.
5. Sharing with other users
Your name, the reviews you write, the photos
you attach, and the list of people you follow are visible to other
signed-in users of Best Bites. Your email, password,
home city, and blocked-users list are private and never
shown to other users.
6. Data retention
We keep your account information and content for as long as your account is active.
When you delete your account from inside the app (Profile → Delete Account), we run a
transactional cleanup that removes your reviews, comments, follow relationships,
feedback rows, and authentication credentials. Backups may retain a copy for up to
30 days before they roll over.
7. Your choices and rights
Update your profile at any time from the Profile tab.
Delete your account from the Profile tab — this is irreversible.
Revoke location access in your device's Settings app. The rest of the app keeps working without it.
Email us for any other request, including data export or correction, at the address below.
If you are in the EU/UK, you have rights under GDPR to access, correct, delete, or
port your personal data. If you are in California, you have analogous rights under the
CCPA/CPRA. Email us and we will respond within 30 days.
8. Children
Best Bites is not directed at children under 13 (or under 16 in the EU/UK), and we do
not knowingly collect information from them. If you believe a child has created an
account, email us and we will delete it.
9. Security
Connections to our servers use HTTPS. Passwords are stored as bcrypt hashes.
Auth tokens on your device are stored in the iOS Keychain (via Expo SecureStore) on
native platforms and in localStorage on the web. No system is perfectly secure, but
we apply industry-standard practices to keep your data safe.
10. Changes to this policy
If we make a material change, we will update the date at the top of this page and
post the new version at this URL before it takes effect.
11. Contact
Questions, requests, or complaints about this policy or your data: jeffnabozna@me.com