Privacy Policy

Last updated: 12 June 2026

What we store

Account, email address, username, password (stored as an Argon2id hash, never readable), optional bio, avatar and timezone.
Content you create, reviews, ratings, photos, comments, likes, bites, favorites and follows.
Photos, uploads are re-encoded and all metadata, including GPS location, is stripped before they are shown to anyone.
Activity, badges, XP, quests, collectibles and notifications generated by your use of the app.
Technical, session tokens (hashed), and push subscriptions if you enable push notifications.

We do not use tracking or advertising cookies, only one functional session cookie to keep you logged in. We never sell your data.

Why we process it

To provide the service: your account, your content, and the social feed (contract, Art. 6(1)(b) GDPR).
To keep the platform safe: rate limiting, abuse reports and moderation (legitimate interest, Art. 6(1)(f)).
To send optional emails and push notifications, only with your consent, configurable per category in Settings (Art. 6(1)(a)).

How long we keep it

Your account and content, until you delete them. Account deletion erases everything immediately, including your photos from storage.
Deleted reviews, restorable for 30 days, then permanently erased including photos.
Deleted photos and comments, erased immediately.
Login and password-reset tokens, until they expire; pruned daily.
Unused uploaded images, removed by a daily cleanup.

Your rights

Access & portability (Art. 15/20), download all your data as machine-readable JSON plus your photos via Settings → Privacy & data.
Rectification (Art. 16), edit your profile, reviews and preferences at any time in the app.
Erasure (Art. 17), delete individual reviews, photos and comments, or your whole account via Settings. Deletion is real: data is removed from our database and file storage, not just hidden.
Withdraw consent (Art. 7), switch off any email or push notification category in Settings.
Complaint (Art. 77), you can lodge a complaint with your supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens).

Where your data lives

All data is stored on SnackSpot's own infrastructure (PostgreSQL database and S3-compatible object storage). Transactional email is delivered through our email provider, which processes your email address solely to deliver the message. Privacy-sensitive actions (account deletion, data exports) are recorded in an audit log that contains no personal data beyond an internal identifier.

Contact

Questions about your data? Contact us at [email protected].

What we store

Account, email address, username, password (stored as an Argon2id hash, never readable), optional bio, avatar and timezone.

Content you create, reviews, ratings, photos, comments, likes, bites, favorites and follows.

Photos, uploads are re-encoded and all metadata, including GPS location, is stripped before they are shown to anyone.

Activity, badges, XP, quests, collectibles and notifications generated by your use of the app.

Technical, session tokens (hashed), and push subscriptions if you enable push notifications.

We do not use tracking or advertising cookies, only one functional session cookie to keep you logged in. We never sell your data.

Why we process it

To provide the service: your account, your content, and the social feed (contract, Art. 6(1)(b) GDPR).

To keep the platform safe: rate limiting, abuse reports and moderation (legitimate interest, Art. 6(1)(f)).

To send optional emails and push notifications, only with your consent, configurable per category in Settings (Art. 6(1)(a)).

How long we keep it

Your account and content, until you delete them. Account deletion erases everything immediately, including your photos from storage.

Deleted reviews, restorable for 30 days, then permanently erased including photos.

Deleted photos and comments, erased immediately.

Login and password-reset tokens, until they expire; pruned daily.

Unused uploaded images, removed by a daily cleanup.

Your rights

Access & portability (Art. 15/20), download all your data as machine-readable JSON plus your photos via Settings → Privacy & data.

Rectification (Art. 16), edit your profile, reviews and preferences at any time in the app.

Erasure (Art. 17), delete individual reviews, photos and comments, or your whole account via Settings. Deletion is real: data is removed from our database and file storage, not just hidden.

Withdraw consent (Art. 7), switch off any email or push notification category in Settings.

Complaint (Art. 77), you can lodge a complaint with your supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens).

Where your data lives