Legal

Privacy Policy

Effective May 16, 2025

1. Overview

picki (“we”, “us”, “our”) takes your privacy seriously. This Privacy Policy explains what data we collect, why we collect it, and how we use and protect it. By using the Service you agree to the practices described here.

2. Data We Collect

Account data: When you create an account we collect your email address, name (optional), and a hashed password. If you sign in with Google we receive your Google account’s email and display name.

Usage data: We store your restaurant decisions, feedback ratings, refinement actions (e.g. “cheaper”, “closer”), and onboarding preferences to build and improve your taste profile.

Location data: If you grant permission, we use your device location to calculate distances to restaurants. This data is used in real time and is not stored on our servers.

Waitlist data: If you join the waitlist we collect your email address and optionally your city.

Device data: Standard web analytics data such as device type, browser, and approximate location may be collected by our hosting and analytics providers.

3. How We Use Your Data

  • To provide personalised restaurant recommendations
  • To improve and maintain the Service
  • To send account-related communications (no marketing without consent)
  • To detect and prevent abuse
  • To comply with legal obligations

We do not sell your personal data to third parties.

4. Data Storage and Security

User profiles and session data are stored using Google Firebase (Firestore and Authentication), which is operated by Google LLC. Data is encrypted in transit (TLS) and at rest.

In development environments or when Firebase is not configured, data may be stored in your browser’s localStorage only and never leaves your device.

We implement reasonable technical and organisational measures to protect your data, but no system is 100% secure. Use the Service at your own risk.

5. Third-Party Services

We use the following third-party services that may receive your data:

  • Google Firebase — authentication and database
  • Google Places API — restaurant search and data
  • Google Maps — map links opened in your browser
  • Vercel — hosting and edge functions

Each provider has its own privacy policy. We encourage you to review them.

6. Cookies and Local Storage

picki uses browser localStorage to persist your auth status and user profile. We do not use third-party tracking cookies. If you clear your browser data your local session will be reset.

7. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate data in your profile
  • Deletion — delete your account and associated data from the Profile page, or by emailing us
  • Portability — request an export of your data

To exercise any of these rights, visit Profile → Delete account in the app, or email privacy@picki.app

8. Data Retention

We retain your account data for as long as your account is active. When you delete your account, personal data is removed within 30 days. Anonymised aggregate analytics may be retained indefinitely.

9. Children

picki is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date above and, where appropriate, by email. Your continued use of the Service constitutes acceptance of the updated policy.

11. Contact

Privacy questions or data requests: privacy@picki.app