Crumbify
Crumbify
000%
Back to home

Privacy Policy

Last updated: June 2026

1. Introduction

Crumbify ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("the App") and website at crumbify.co.uk ("the Site"). Crumbify is operated by Crumbify LTD, a company registered in England and Wales (company number 17288992), registered office 60 Millmead Business Centre, Millmead Road, London, United Kingdom, N17 9QU. Crumbify LTD is the data controller for personal data processed through the Crumbify app and this website.

2. Information We Collect

When you use Crumbify, we may collect:

  • Account information: Name, email address, username, and profile photo when you create an account via Apple Sign In, Google Sign In, or email OTP.
  • Order data: Crumbify reads your order history from screenshots you import (using OCR) and from manual entries you add yourself. It does not connect to delivery platform accounts or APIs to retrieve this data. The imported data is stored locally on your device in an encrypted SQLite database. Anonymised taste profiles and restaurant reviews are synced to our cloud database.
  • Restaurant reviews: Ratings and notes you write about restaurants. Notes are capped at 2,000 characters and synced to the cloud for social features.
  • Profile photo: If you upload an avatar, it is automatically scanned by Google Vision SafeSearch to detect inappropriate content before being stored.
  • Photos in feed posts: When you add a photo to a feed post or your profile, we store it and run automated safety screening (Google Vision SafeSearch) before it is shown.
  • Social posts and messages: Posts you publish (with optional photo and note) and the one-time opener messages you send through Food Soulmate are stored so they can be shown to the intended audience. You can report or block content and users in the app.
  • Social data: Friend connections, group memberships, group feed posts, and food soulmate match percentages.
  • Advertising identifiers: We show ads via Google AdMob and, with your consent, use your device advertising identifier to personalise them. You can decline via the in-app consent prompt and (iOS) the App Tracking prompt.
  • Usage analytics: Anonymous analytics about screens visited and features used, collected via Vercel Speed Insights on the website and standard app analytics.
  • Waitlist data: Email address, signup IP, country, and user agent when joining the waitlist. This data is used solely for launch notifications and bot prevention.

3. What We Do NOT Collect

  • We never access, store, or see your delivery platform passwords.
  • We do not connect to delivery platform accounts or APIs to retrieve your order data. Import is done via screenshots (OCR) or manual entry only.
  • We never share your personal data with third parties for their marketing purposes.
  • We do not sell your data to advertisers or data brokers.
  • We do not track your location - restaurant maps use data from your imported order history only.

4. How We Use Your Information

  • Generate personalised food delivery statistics and insights.
  • Create your taste profile and food personality type.
  • Enable social features: friend comparisons, food soulmate matching, groups, the global feed, and activity feeds.
  • Compute global statistics (anonymised, aggregated across all users).
  • Send weekly recap notifications and achievement alerts.
  • Moderate uploaded content (avatars, feed photos) for safety.
  • Process reports submitted by users about inappropriate content or behaviour.
  • Show relevant ads to free-tier users via Google AdMob.
  • Improve and maintain the App and Site.

5. Data Storage and Security

Your order data is stored locally on your device using encrypted SQLite storage. Cloud features use Supabase (hosted in the EU) with row-level security (RLS) policies enforcing per-user data isolation. All API communication uses HTTPS with TLS 1.3.

  • Auth tokens are stored on-device only using secure storage.
  • Passwords are never stored - authentication uses Apple/Google Sign In or email OTP.
  • Avatar moderation logs are automatically deleted after 30 days.
  • Waitlist audit logs and places search logs are automatically purged on schedule.
  • Account deletion removes all cloud data immediately via a secure Edge Function.

6. Third-Party Services

  • Supabase: Cloud database and authentication provider (EU-hosted).
  • Google Places API: Used to fetch restaurant details (photos, ratings, addresses). Rate-limited per user.
  • Google Vision API: SafeSearch moderation for uploaded avatar images and feed photos. Rate-limited per user.
  • RevenueCat: Manages in-app subscriptions. Receives your anonymous user ID only.
  • Google AdMob: Displays ads to free-tier users. May use device identifiers for ad personalisation. You can decline via the in-app consent prompt, or opt out via your device settings. Premium users see no ads.
  • Cloudflare Turnstile: Bot protection on the waitlist form. No personal data is collected.
  • Stripe: Processes founding member payments on the website only. We never see or store your card details.
  • Vercel: Hosts the website with speed insights analytics.

7. Social Features and Visibility

Crumbify includes social features with the following visibility controls:

  • You can set your profile to private, hiding your stats from non-friends.
  • Friend requests require mutual acceptance.
  • You can block or report any user. Blocked users cannot see your profile or send requests.
  • Group membership is visible to other group members only.
  • Group feed posts are visible to group members only.
  • You can unfriend, leave groups, or delete your account at any time.

8. Content Moderation

Uploaded avatars and feed photos are automatically scanned using Google Vision SafeSearch. Images flagged as containing adult, violent, or racy content are rejected. Users can report other users or content, which is reviewed and actioned. Moderation logs are retained for 30 days, then automatically deleted.

9. Advertising

Free-tier users see ads via Google AdMob. AdMob may use device identifiers for ad personalisation. You can decline personalised ads via the in-app consent prompt shown on first launch and via your device privacy settings at any time. Premium users see no ads.

10. GDPR and Your Rights

Under GDPR and UK data protection law, you have the right to:

  • Access all data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Export your data in a portable format (Premium feature).
  • Object to processing of your data.
  • Withdraw consent for optional data collection at any time.

To exercise any of these rights, use the in-app account settings or contact us at the email below.

11. Data Retention

  • Account data is retained until you delete your account.
  • On-device order data is deleted when you uninstall the App.
  • Avatar and feed photo moderation logs: 30 days.
  • Places search logs: 48 hours.
  • Waitlist audit logs: purged on schedule.
  • When you delete your account, all cloud data is removed immediately.

12. Children's Privacy

Crumbify is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via in-app notification or email. Your continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, contact us at support@crumbify.co.uk.