Privacy Policy

1. Information We Collect

Account Information

When you create an account or sign in with Google, we collect:

• Name and email address - From your Google account or provided during signup
• Profile photo - If you sign in with Google or upload one
• Password - Securely encrypted if you create a password-based account

Content You Create

• Deals you post - Restaurant name, location, deal details, expiration dates
• Comments and votes - Your interactions with deals and other users
• Profile information - Bio, location preferences

Usage Information

To improve our service, we automatically collect:

• Analytics data - Pages viewed, time spent, features used (collected via our internal analytics)
• Location data - City, state, and country (inferred from your IP address to show relevant deals in your area; we do not access your device GPS)
• Device information - Browser type, device type (mobile/desktop), operating system, screen resolution
• IP address - Used for security, fraud prevention, and general geographic location
• Session data - Stored in secure cookies to keep you logged in
• Interaction data - Deals you view, search terms, votes, and comments to personalize your experience

Cookies & Similar Technologies

We use cookies (small text files stored on your device) for:

• Essential cookies - Required for authentication and keeping you logged in (cannot be disabled)
• Security cookies - Prevent fraud, detect abuse, and secure your account
• Analytics cookies - Help us understand how users interact with our platform to improve it
• Preference cookies - Remember your settings and preferences

We use session cookies (deleted when you close your browser) and persistent cookies (remain until expiration or deletion). You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

What We DON'T Collect

To respect your privacy, we explicitly do NOT collect:

• Precise GPS location - We only use city/state-level location from IP address
• Payment information - FoodDealFinder is free; we don't process payments
• Social security numbers or government IDs
• Health or medical information
• Biometric data
• Private messages - We don't have a direct messaging feature
• Third-party account credentials - If you sign in with Google, we only receive your name, email, and profile photo
• Browsing history outside FoodDealFinder

2. How We Use Your Information

We use your information to:

• Provide the service - Display deals, enable commenting and voting, manage your account
• Personalize your experience - Show deals relevant to your location and preferences
• Communicate with you - Send important service updates (we don't send marketing emails unless you opt in)
• Improve our platform - Analyze usage patterns to make FoodDealFinder better
• Prevent abuse - Detect and prevent fraud, spam, and violations of our terms
• Comply with legal obligations - When required by law

3. Information Sharing

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

When We Share Information

We only share your information in these limited circumstances:

• With Google - If you sign in with Google OAuth, your authentication is handled by Google according to their privacy policy
• Public information - Content you post (deals, comments) is visible to other users. Your username and profile photo are public.
• Legal requirements - If required by law, court order, or to protect our rights and safety
• Service providers - With trusted hosting providers (Railway) who help us operate the platform and are bound by confidentiality
• Business transfers - If we're involved in a merger, acquisition, or sale, your information may be transferred (you'll be notified)

4. Data Security

We take security seriously:

• Passwords are encrypted using industry-standard bcrypt hashing
• Secure HTTPS connections for all data transmission
• Session tokens stored in secure, HTTP-only cookies
• Regular security audits and updates
• Admin access protected with additional authentication

However, no internet transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Privacy Rights

All Users Can:

• Access your data - View your profile, deals, and comments anytime
• Update your information - Edit your profile in account settings
• Delete your content - Remove deals and comments you've posted
• Delete your account - Request full account deletion by contacting us

California Residents (CCPA Rights)

If you're a California resident, you have additional rights:

• Right to know what personal information we collect and how we use it
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we don't sell data, so this doesn't apply)
• Right to non-discrimination for exercising your privacy rights

EU/EEA Residents (GDPR Rights)

If you're in the EU/EEA, you have these rights:

• Right of access - Get a copy of your personal data
• Right to rectification - Correct inaccurate data
• Right to erasure - Request deletion of your data
• Right to restrict processing - Limit how we use your data
• Right to data portability - Receive your data in a portable format
• Right to object - Object to processing of your data
• Right to withdraw consent - Withdraw consent at any time

Legal basis for processing: We process your data based on consent (for optional features), contractual necessity (to provide the service), and legitimate interests (to improve and secure our platform).

Right to Lodge a Complaint

EU/EEA Residents: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights under GDPR. However, we encourage you to contact us first so we can address your concerns.

How to Exercise Your Rights

Contact us at [email protected] to exercise any of these rights.

Response Time: We will respond within 1-3 business days, and in all cases within one month as required by GDPR (with possible extension of two additional months for complex requests). For California residents, we will respond to CCPA requests within 45 days (with possible 45-day extension if necessary).

Identity Verification: To protect your privacy and security, we may ask you to provide additional information to verify your identity before fulfilling data requests. This may include confirming your email address, account details, or other identifying information.

Authorized Agents (California): California residents may designate an authorized agent to make a privacy request on your behalf. The authorized agent must provide proof of authorization, and we may require you to verify your identity directly with us.

6. Data Retention

We retain different types of data for different periods:

• Account data - Kept as long as your account is active
• Deals and comments - Kept as long as your account exists, or permanently if you choose to keep content public after account deletion
• Analytics data - Aggregated and anonymized after 90 days, retained up to 2 years for trend analysis
• Security logs - Kept for 90 days for security and fraud prevention
• Deleted account data - Permanently deleted within 30 days of account deletion (except where legally required to retain)
• Legal requirements - Some data may be retained longer if required by law (e.g., financial records, legal holds)

Upon account deletion: Your profile, personal information, and private data will be deleted within 30 days. You can choose to either delete all your public content (deals, comments) or leave it anonymized (username replaced with "Deleted User").

7. Third-Party Services

Our platform uses these third-party services:

• Google OAuth - For Google Sign-In (governed by Google's Privacy Policy)
• Railway - For hosting our application (governed by Railway's Privacy Policy)

These services have their own privacy policies, and we're not responsible for their practices.

8. International Data Transfers

Our services are hosted in the United States. If you're accessing from outside the US, your information will be transferred to and stored in the US.

For EU/EEA Users: We ensure that international data transfers comply with GDPR through appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensuring our service providers implement appropriate technical and organizational measures
• Adherence to the EU-US Data Privacy Framework where applicable

By using our services, you consent to this transfer. You have the right to obtain information about the safeguards we use for data transfers.

9. Children's Privacy

FoodDealFinder is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we've collected information from a child under 13, contact us immediately and we'll delete it.

10. Automated Decision-Making

We want to be transparent about how algorithms work on our platform:

• Deal ranking - Deals are ranked based on votes, recency, and engagement. No personal profiling is involved.
• Search results - Sorted by relevance based on your search terms and general popularity metrics
• Location-based filtering - Shows deals in your area based on your city/state (not precise GPS location)
• Spam detection - Automated systems may flag suspicious content, but human moderators review all flagged content

We do not use automated decision-making that produces legal effects or similarly significantly affects you. You are not subject to decisions based solely on automated processing.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users - We will inform you without undue delay via email or prominent notice on our platform
• Notify authorities - We will report the breach to relevant data protection authorities within 72 hours as required by GDPR
• Provide details - We will describe the nature of the breach, the likely consequences, and the measures we're taking to address it
• Offer guidance - We will provide recommendations to help you protect yourself

We take all reasonable security measures to prevent data breaches and protect your information.

12. Information for California Residents (CCPA)

Do Not Sell My Personal Information

We do not sell your personal information. We have not sold personal information in the past 12 months, and we do not sell the personal information of minors under 16 years of age.

12-Month Disclosure

In the preceding 12 months, we have:

• Not sold any personal information - We do not sell personal information to third parties
• Not shared personal information for cross-context behavioral advertising
• Disclosed the following categories to service providers: Account information (identifiers, email), user content (deal posts, comments), and usage data (analytics) to our hosting provider (Railway) and authentication provider (Google OAuth) for the sole purpose of providing our service

We do not sell or share personal information of minors under 16 years of age.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we'll notify you by:

• Posting a notice on our platform
• Updating the "Last Updated" date at the top
• Sending an email notification (for material changes)

Your continued use after changes means you accept the updated policy.

14. Contact Us

Questions about this Privacy Policy? Want to exercise your privacy rights? Contact us:

• Email: [email protected]
• Response time: We'll respond within 1-3 business days

Company: GWE Solutions LLC