← Back to home

Privacy Policy

Last updated: April 2026

1. Introduction

Crumb ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("the App") and website at crumbify.co.uk ("the Site"). Crumb is operated by Ali Bars, based in London, United Kingdom.

2. Information We Collect

When you use Crumb, we may collect:

  • Account information: Name, email address, username, and profile photo when you create an account via Apple Sign In, Google Sign In, or email/OTP.
  • Order data: When you connect a food delivery platform (Uber Eats, Just Eat), we access your order history including restaurant names, items ordered, order dates, and totals. This data is stored locally on your device in an encrypted SQLite database. Anonymised taste profiles and restaurant reviews are synced to our cloud database.
  • Restaurant reviews: Ratings and notes you write about restaurants. Notes are capped at 2,000 characters and synced to the cloud for social features.
  • Profile photo: If you upload an avatar, it is automatically scanned by Google Vision SafeSearch to detect inappropriate content before being stored.
  • Social data: Friend connections, group memberships, group feed posts, and food soulmate match percentages.
  • Usage analytics: Anonymous analytics about screens visited and features used, collected via Vercel Speed Insights on the website and standard app analytics.
  • Waitlist data: Email address, signup IP, country, and user agent when joining the waitlist. This data is used solely for launch notifications and bot prevention.

3. What We Do NOT Collect

  • We never access, store, or see your delivery platform passwords.
  • Your full order history and spending data never leave your device.
  • We never share your personal spending data with third parties.
  • We do not sell your data to advertisers or data brokers.
  • We do not track your location — restaurant maps use data from your order history only.

4. How We Use Your Information

  • Generate personalised food delivery statistics and insights.
  • Create your taste profile and food personality type.
  • Enable social features: friend comparisons, food soulmate matching, groups, and activity feeds.
  • Generate your annual Crumb Wrapped summary.
  • Compute global statistics (anonymised, aggregated across all users).
  • Send weekly recap notifications and achievement alerts.
  • Moderate uploaded content (avatars) for safety.
  • Process reports submitted by users about inappropriate content or behaviour.
  • Improve and maintain the App and Site.

5. Data Storage & Security

Your order data is stored locally on your device using encrypted SQLite storage. Cloud features use Supabase (hosted in the EU) with row-level security (RLS) policies enforcing per-user data isolation. All API communication uses HTTPS with TLS 1.3.

  • OAuth tokens are encrypted and stored on-device only.
  • Passwords are never stored — authentication uses Apple/Google Sign In or email OTP.
  • Avatar moderation logs are automatically deleted after 30 days.
  • Waitlist audit logs and places search logs are automatically purged on schedule.
  • Account deletion removes all cloud data immediately via a secure Edge Function.

6. Third-Party Services

  • Uber Eats & Just Eat: Connected via official OAuth 2.0 APIs. Read-only access — we cannot place orders or modify your account.
  • Supabase: Cloud database and authentication provider (EU-hosted).
  • Google Places API: Used to fetch restaurant details (photos, ratings, addresses). Rate-limited per user.
  • Google Vision API: SafeSearch moderation for uploaded avatar images. Rate-limited per user.
  • RevenueCat: Manages in-app subscriptions. Receives your anonymous user ID only.
  • Google AdMob: Displays ads to free-tier users. May use device identifiers for ad personalisation. Opt out via device settings.
  • Cloudflare Turnstile: Bot protection on the waitlist form. No personal data is collected.
  • Stripe: Processes founding member payments on the website only. We never see or store your card details.
  • Vercel: Hosts the website with speed insights analytics.

7. Social Features & Visibility

Crumb includes social features with the following visibility controls:

  • You can set your profile to private, hiding your stats from non-friends.
  • Friend requests require mutual acceptance.
  • You can block or report any user. Blocked users cannot see your profile or send requests.
  • Group membership is visible to other group members only.
  • Group feed posts are visible to group members only.
  • You can unfriend, leave groups, or delete your account at any time.

8. Content Moderation

Uploaded avatars are automatically scanned using Google Vision SafeSearch. Images flagged as containing adult, violent, or racy content are rejected. Users can report other users or content, which is reviewed and actioned. Moderation logs are retained for 30 days, then automatically deleted.

9. Advertising

Free-tier users see ads via Google AdMob. AdMob may use cookies or device identifiers for ad personalisation. You can opt out of personalised ads in your device settings. Premium users see no ads.

10. GDPR & Your Rights

Under GDPR and UK data protection law, you have the right to:

  • Access all data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Disconnect any linked delivery platform at any time.
  • Export your data in a portable format (Premium feature).
  • Object to processing of your data.
  • Withdraw consent for optional data collection at any time.

To exercise any of these rights, use the in-app account settings or contact us at the email below.

11. Data Retention

  • Account data is retained until you delete your account.
  • On-device order data is deleted when you uninstall the App or disconnect a platform.
  • Avatar moderation logs: 30 days.
  • Places search logs: 48 hours.
  • Waitlist audit logs: purged on schedule.
  • When you delete your account, all cloud data is removed immediately.

12. Children's Privacy

Crumb is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via in-app notification or email. Your continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, contact us at hello@crumbify.co.uk.