1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect information necessary to provide and improve the BiteHive service, including information you provide and technical data generated during usage.

We collect the following types of information:

• Device Identifier: We automatically generate and store a unique identifier for your device to associate your saved data with you without requiring a traditional user account.
• Submitted Information: When you submit a TikTok URL via the share sheet or manual input, we collect that URL for processing.
• Saved Restaurant Data: We store information about the restaurants you save, including details extracted from TikTok or Google Places (like name, address, coordinates, categories, photos), and link this data to your device identifier. This includes reviews you've linked.
• Usage Data & Crash Reports: We may collect anonymized information about how you interact with the app (e.g., features used) and technical data including crash reports to help us improve stability and performance.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your information for the following core purposes:

• To Provide the Core Service: Processing TikTok URLs to extract restaurant information, saving and organizing your discovered restaurants, displaying them on lists and maps, and providing detailed restaurant information fetched from Google Places.
• To Link Data to You: Using your device identifier to ensure you see your saved restaurants and reviews.
• To Improve the Service: Analyzing anonymized usage data and crash reports to identify bugs, understand user needs, and enhance features.
• To Respond to Inquiries: If you contact us, we may use provided information to respond and assist you.
• To Ensure Security and Prevent Fraud: Monitoring for potential misuse or security threats.
• To Comply with Legal Obligations: Processing information if required by law or legal process.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, the General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We rely on the following:

• Performance of a Contract: Processing your device identifier and saved data is necessary to provide the core BiteHive service you use (saving and organizing restaurants). Submitting a URL implies a request for us to process it according to the app's function.
• Legitimate Interests: We process information like usage data and crash reports based on our legitimate interest in maintaining and improving the app's functionality, stability, and security, provided these interests do not override your fundamental rights. We also rely on legitimate interests for fraud prevention.
• Consent: For certain processing activities, like potentially sending promotional communications in the future (if implemented), we would rely on your explicit consent. Submitting a TikTok URL involves your explicit action (consent) to have it processed for restaurant identification.
• Legal Obligations: We may process your information where necessary for compliance with our legal obligations.

You can withdraw consent where applicable, though this may affect your ability to use certain features.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information with third-party vendors that help us operate the service, when legally required, or in connection with business transfers.

We may need to share your personal information in the following situations:

• Service Providers: We share information with third-party vendors and service providers who perform services for us or on our behalf and require access to such information to do that work. This includes:
  • Supabase: Our backend infrastructure provider for database storage, edge functions, and potentially authentication in the future.
  • Google: For AI processing (Gemini via Google Cloud AI) to extract restaurant details, and for geocoding and place details (Google Maps Platform APIs).
  These providers are obligated to protect your data.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Legal Requirements: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

5. DO WE USE COOKIES OR OTHER TRACKING TECHNOLOGIES?

In Short: We use essential technical identifiers and may use basic analytics/crash reporting tools, but not traditional web cookies for tracking across sites.

As a mobile application, we do not use traditional browser cookies. We use the unique Device Identifier mentioned in Section 1 to associate data with your installation of the app. We may utilize standard mobile app technologies for collecting anonymized analytics (how the app is used) and crash reporting data to help us improve the service. We do not use tracking technologies for cross-site advertising purposes.

6. DO WE USE ARTIFICIAL INTELLIGENCE?

In Short: Yes, we use Google's AI technology (Gemini) to help extract restaurant information from the data associated with TikTok URLs you submit.

We utilize artificial intelligence features provided by Google Cloud AI (specifically, the Gemini models) as part of our service. When you submit a TikTok URL, the associated description or metadata may be processed by Google's AI models to help identify and extract relevant restaurant details like name and address. This information is processed according to our agreement with Google and this Privacy Policy to perform the core function of the app. We do not use AI to make decisions about you, only to process the content you provide for restaurant identification.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information (like your device identifier and associated saved restaurant data) for as long as it is necessary for the purposes set out in this Privacy Notice, primarily to provide you with the service. This generally means as long as you continue to use the app. Anonymized usage data or crash reports may be kept longer for statistical purposes. We will delete or anonymize your information when we no longer have a legitimate business need to process it, or if deletion is technically feasible upon request, unless a longer retention period is required or permitted by law (such as for accounting or legal requirements).

If we cannot delete data entirely (e.g., due to backups), we will securely store it and isolate it from further processing until deletion is possible.

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location (e.g., EU/UK), you may have rights regarding your personal information, such as the right to access, correct, or delete your data.

Depending on your geographical location, you may have certain rights under applicable data protection laws. These may include the right to:

• Request access to and obtain a copy of your personal information.
• Request correction of inaccurate information or completion of incomplete information.
• Request deletion of your personal information under certain conditions.
• Object to processing of your personal information based on legitimate interests.
• Request restriction of processing of your personal information.
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with a supervisory authority.

To exercise these rights, please contact us using the details provided in theLegal Notice.

9. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification (if feasible). We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

10. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us using the details provided in the Legal Notice.