Back to Home

Privacy Policy

Last updated: February 27, 2026

Note: This document is a template and does not constitute legal advice. We recommend having this policy reviewed by a qualified attorney before public deployment, particularly for GDPR and CCPA compliance.

1. Introduction

NextBite ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dining recommendation service (the "Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR) for users in the European Union and the California Consumer Privacy Act (CCPA) for California residents.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

2.1 Information You Provide

  • Account information: When you sign up via Clerk, we receive your name, email address, and profile picture (if using social login such as Google).
  • Meal logs: Cuisine type, meal type (lunch/dinner), and optionally the restaurant name when you log meals or accept recommendations.
  • Preferences: Cuisine vetoes, unit preferences (miles/km), and search radius settings.
  • Location data: Zip code or geographic coordinates you provide for restaurant searches. We do not use background location tracking.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, timestamps, and interaction patterns (e.g., swipe accept/reject actions).
  • Device information: Browser type, operating system, screen resolution, and device identifiers (collected via standard HTTP headers).
  • Error data: If Sentry error tracking is enabled, we collect crash reports, stack traces, and browser context to diagnose and fix bugs. This data is anonymized where possible.

2.3 Information from Third Parties

  • Clerk: Authentication provider that manages your login credentials and session tokens. Clerk may provide us with your email and profile data from your social login provider.
  • Google Maps: Restaurant data including names, addresses, ratings, photos, opening hours, and place types. This data is fetched client-side and is not permanently stored on our servers.

3. How We Use Your Data

We use the information we collect to:

  • Provide recommendations: Your meal history and vetoes feed our scoring algorithm to suggest restaurants you are more likely to enjoy.
  • Personalize your experience: Remember your preferences, location, and unit settings across sessions.
  • Improve the Service: Analyze usage patterns to enhance our recommendation algorithm and user experience.
  • Maintain security: Detect and prevent fraud, abuse, and unauthorized access.
  • Diagnose issues: Use error tracking data to identify and fix bugs.
  • Communicate with you: Send service-related notifications (e.g., account verification, security alerts). We do not send marketing emails.

We do not sell your personal data to third parties. We do not use your data for advertising or ad targeting.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you signed up for (meal logging, recommendations).
  • Legitimate interests: Improving our Service, ensuring security, and diagnosing technical issues.
  • Consent: Where required (e.g., optional error tracking via Sentry), we rely on your explicit consent.

5. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account data: Retained until you delete your account.
  • Meal history: Retained for the lifetime of your account to power recommendations. You can delete individual entries or all history at any time.
  • Cuisine vetoes: Retained until you remove them or delete your account.
  • Error logs (Sentry): Automatically purged after 90 days.
  • Server logs (Cloudflare): Retained per Cloudflare's standard retention policy (typically 72 hours for access logs).

When you delete your account, we delete all associated personal data within 30 days, except where retention is required by law.

6. Cookies and Local Storage

NextBite uses the following storage mechanisms:

  • Authentication cookies: Set by Clerk to maintain your login session. These are strictly necessary for the Service to function.
  • Local storage: Used to save your unit preference (miles/km) and last-used zip code for convenience. This data stays on your device and is not sent to our servers.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

7. Third-Party Services

We use the following third-party services that may process your data:

Clerk (Authentication)

Handles user registration, login, and session management. Processes your email, name, and authentication credentials.

View their privacy policy

Google Maps Platform

Provides restaurant data, geocoding, and map rendering. Location data is sent to Google when you search for restaurants. Google may collect usage data per their privacy policy.

View their privacy policy

Cloudflare (Hosting & Database)

Hosts our API on Cloudflare Workers and stores data in Cloudflare D1 (SQLite). Cloudflare processes request metadata including IP addresses.

View their privacy policy

Sentry (Error Tracking — Optional)

If enabled, captures error reports and browser context to help us diagnose bugs. Data is anonymized where possible. This service is optional and can be disabled.

View their privacy policy

8. Your Rights

You have the following rights regarding your personal data. These rights apply under both GDPR (EU residents) and CCPA (California residents):

Right to Access

You can request a copy of all personal data we hold about you. We will provide this in a machine-readable format (JSON).

Right to Deletion

You can request that we delete all your personal data, including meal history, preferences, and account information. We will process deletion requests within 30 days.

Right to Data Portability

You can request an export of your data in a structured, commonly used format (JSON) that you can transfer to another service.

Right to Rectification

You can request correction of any inaccurate personal data we hold about you.

Right to Restrict Processing

You can request that we limit how we process your data while a complaint or correction is being resolved.

Right to Object

You can object to the processing of your personal data for specific purposes, such as analytics.

Right to Opt-Out (CCPA)

California residents have the right to opt out of the "sale" of personal information. NextBite does not sell personal data, but you may still exercise this right by contacting us.

To exercise any of these rights, contact us at privacy@nextbite.app. We will respond within 30 days (or sooner where required by law).

9. Data Security

We take reasonable measures to protect your personal data, including:

  • All data in transit is encrypted via HTTPS/TLS
  • Authentication is handled by Clerk with industry-standard security practices
  • Database access is restricted to authenticated API routes
  • API routes validate user identity via Clerk JWT tokens
  • No plaintext passwords are stored (authentication is delegated to Clerk)

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@nextbite.app and we will promptly delete it.

11. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where Cloudflare and other service providers operate. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), when transferring data outside the European Economic Area.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

If we make material changes that affect how we process your personal data, we will provide additional notice (such as an in-app notification).

13. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:

Privacy Inquiries

Email: privacy@nextbite.app

We aim to respond to all privacy-related requests within 30 days.

14. CCPA-Specific Disclosures

If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act:

  • Categories of personal information collected: Identifiers (name, email), geolocation data (zip code, coordinates), internet activity (usage data), and inferences (cuisine preferences).
  • Business purpose: All data is collected solely to provide and improve the Service.
  • Sale of data: We do not sell your personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.
Terms of ServiceBack to Home