Privacy Policy

Last updated: 4/23/2025

1. Introduction

This Privacy Policy describes how YumScore ("we", "us", or "our") collects, uses, and shares your personal information when you use our application.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, password)
  • Location data (with your explicit consent)
  • Restaurant preferences and reviews
  • Search history and saved locations
  • Device information (browser type, IP address)
  • Usage patterns and interaction data
  • Favorite restaurants and food preferences
  • User reviews and ratings
  • Authentication tokens (accessToken, refreshToken)
  • Session data and user preferences

3. API Endpoints and Data Collection

Our application uses the following API endpoints to collect and process data:

  • Authentication Endpoints:
    • /api/auth/login - User login
    • /api/auth/register - User registration
    • /api/auth/googleSignin - Google authentication
    • /api/auth/logout - User logout
  • Location Services Endpoints:
    • /api/geocode - Location data processing
    • /api/location - User location management
  • User Data Endpoints:
    • /api/user - User profile management
    • /api/user/reviews - User reviews
    • /api/user/favorites - Favorite restaurants

4. Location Data

Our application requires access to your location to provide restaurant recommendations and directions. We:

  • Only collect location data when you explicitly grant permission
  • Use location data solely to provide location-based services
  • Do not share your precise location with third parties
  • Allow you to revoke location permissions at any time through your device settings
  • Store location data temporarily for immediate use
  • Do not track your location continuously when the app is not in use
  • Use the browser's geolocation API to determine your position
  • Store location data in cookies for up to one year for convenience
  • Use Postcodes.io API for UK location verification
  • Implement fallback location services when primary services are unavailable

5. Cookies and Similar Technologies

We use the following types of cookies:

  • Essential Cookies: Required for basic functionality
    • Authentication and session management (yum.accessToken, yum.refreshToken)
    • Security features
    • Basic preferences
    • Location data (latitude, longitude, postalCode, townName)
    • Session state management
  • Functional Cookies: Enhance user experience
    • Remembering your search preferences
    • Storing your saved locations
    • Maintaining your language preferences
    • Storing your favorite restaurants
    • User interface preferences
  • Analytics Cookies: Help us improve our services
    • Usage patterns
    • Feature popularity
    • Error tracking
    • Performance monitoring
    • User behavior analysis

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our application.

6. Error Handling and Data Protection

We implement the following error handling and data protection measures:

  • Error Handling:
    • Comprehensive error logging and monitoring
    • Automatic error reporting to our development team
    • User-friendly error messages
    • Fallback mechanisms for service disruptions
  • Data Protection:
    • Regular security audits and updates
    • Encryption of sensitive data in transit and at rest
    • Secure API endpoints with authentication
    • Rate limiting and DDoS protection

7. Third-Party Services

We use the following third-party services:

  • Authentication Services:
    • Google Authentication for secure login
    • Apple Sign In for iOS users
    • Email/password authentication system
  • Location Services:
    • Browser geolocation API
    • Google Maps API for restaurant locations and directions
    • OpenStreetMap for map display
    • Postcodes.io API for UK location data
  • Analytics Services:
    • Google Analytics (G-9LDPB9QNNP)
    • Google Tag Manager (GTM-P4M2DBK4)
    • Error tracking and performance monitoring

8. Data Retention and Deletion

We retain different types of data for specific periods:

  • Account Data:
    • User profiles: Until account deletion
    • Authentication tokens: Until logout or expiration
    • Preferences: Until account deletion
  • Location Data:
    • Current location: Temporary session storage
    • Saved locations: Until user deletion
    • Location history: 30 days
  • User Content:
    • Reviews: Until account deletion
    • Favorites: Until account deletion
    • Search history: 90 days

You can request deletion of your data at any time, subject to legal requirements. Deletion requests will be processed within 30 days.

9. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent for location tracking
  • Opt-out of cookies (except essential ones)
  • Export your data in a portable format
  • Object to certain data processing activities
  • Manage your location preferences
  • Control your cookie settings
  • Request data portability
  • Lodge a complaint with a supervisory authority

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at yumscore.contact@gmail.com

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach
  • Provide details about the nature of the breach and affected data
  • Outline steps taken to mitigate the breach
  • Recommend actions for users to protect their information
  • Report the breach to relevant authorities as required by law

12. International Data Transfer

Your data may be transferred to and processed in countries outside your own. We ensure:

  • Compliance with international data protection regulations
  • Use of standard contractual clauses for data transfers
  • Implementation of appropriate security measures
  • Transparency about data processing locations
  • Protection of your rights regardless of data location

13. Automated Decision-Making

Our application uses automated processes for:

  • Restaurant recommendations based on your preferences
  • Location-based search results
  • Personalized content delivery
  • You have the right to:
    • Request human intervention
    • Express your point of view
    • Obtain an explanation of the decision
    • Challenge the decision

13. Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We provide:

  • Export of your account data in JSON format
  • Download of your location history
  • Export of your restaurant preferences and reviews
  • Transfer of your data to another service upon request
  • Access to your data through our API endpoints

To request your data, please contact us at yumscore.contact@gmail.com with the subject line "Data Portability Request".

14. Data Backup and Recovery

We implement comprehensive data backup and recovery procedures:

  • Backup Procedures:
    • Daily automated backups of all user data
    • Encrypted storage of backup data
    • Multiple backup locations for redundancy
    • Regular backup integrity checks
  • Recovery Procedures:
    • 24/7 data recovery support
    • Point-in-time recovery capabilities
    • Data restoration within 24 hours
    • User notification of recovery status

15. Data Processing for Minors

We have special provisions for processing data of users under 13:

  • Age Verification:
    • Require parental consent for users under 13
    • Implement age verification measures
    • Restrict certain features for underage users
    • Provide parental control options
  • Data Protection:
    • Additional security measures for minors' data
    • Restricted data collection for underage users
    • Special retention policies for minors' data
    • Parental access to minors' accounts

16. Special Categories of Data

We handle special categories of data with additional care:

  • Health-Related Data:
    • Dietary preferences and restrictions
    • Food allergies and intolerances
    • Special handling with explicit consent
    • Additional security measures
  • Processing Requirements:
    • Explicit consent for processing
    • Additional security measures
    • Limited data retention
    • Regular security audits

17. AI and Machine Learning

Our use of AI and machine learning in data processing:

  • Recommendation Systems:
    • Personalized restaurant recommendations
    • Food preference analysis
    • Location-based suggestions
    • User behavior prediction
  • Data Processing:
    • Anonymized data for model training
    • Regular model updates and improvements
    • Bias detection and mitigation
    • Transparency in AI decision-making

18. Cross-Border Data Transfers

Our policies regarding international data transfers:

  • Data Transfer Mechanisms:
    • Standard Contractual Clauses (SCCs)
    • Data Processing Agreements (DPAs)
    • Binding Corporate Rules (BCRs)
    • International data transfer impact assessments
  • Compliance:
    • GDPR compliance for EU data
    • CCPA compliance for California residents
    • Other regional data protection laws
    • Regular compliance audits

19. Business Analytics

Our use of data for business analytics:

  • Analytics Processing:
    • Aggregated usage statistics
    • Service performance metrics
    • User engagement analysis
    • Feature adoption tracking
  • Data Usage:
    • Service improvement
    • User experience optimization
    • Business decision support
    • Market trend analysis

20. Fraud Prevention

Our measures for fraud prevention and detection:

  • Detection Systems:
    • Automated fraud detection algorithms
    • Anomaly detection in user behavior
    • Location verification systems
    • Account activity monitoring
  • Prevention Measures:
    • Multi-factor authentication
    • IP address tracking
    • Device fingerprinting
    • Behavioral analysis

21. Accessibility Features

Our data processing for accessibility features:

  • Accessibility Data:
    • Screen reader preferences
    • Color contrast settings
    • Font size preferences
    • Keyboard navigation settings
  • Processing:
    • Stored locally when possible
    • Encrypted when stored remotely
    • Regular accessibility audits
    • User feedback integration

22. Emergency Services

Our data processing for emergency services:

  • Emergency Data:
    • Location data for emergency services
    • Emergency contact information
    • Medical information (with explicit consent)
    • Accessibility requirements
  • Processing:
    • Immediate access for emergency services
    • Regular data verification
    • Secure storage with restricted access
    • Emergency response protocols

23. Social Features

Our data processing for social features:

  • Social Data:
    • User connections and relationships
    • Shared restaurant recommendations
    • Group dining preferences
    • Social activity history
  • Processing:
    • Privacy controls for social sharing
    • Consent-based data sharing
    • Social graph analysis
    • Content moderation

24. Restaurant Partnerships

Our data processing for restaurant partnerships:

  • Partnership Data:
    • Restaurant performance metrics
    • Customer feedback and reviews
    • Menu and pricing information
    • Promotional campaign data
  • Processing:
    • Aggregated analytics for partners
    • Performance reporting
    • Campaign effectiveness tracking
    • Partnership compliance monitoring

25. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at yumscore.contact@gmail.com.

26. Data Processing for Minors

We have special provisions for processing data of users under 18:

  • Age Verification:
    • Require parental consent for users under 13
    • Implement age verification measures
    • Restrict certain features for underage users
    • Provide parental control options
  • Data Protection:
    • Additional security measures for minors' data
    • Restricted data collection for underage users
    • Special retention policies for minors' data
    • Parental access to minors' accounts
  • Parental Rights:
    • Right to review minors' data
    • Right to request deletion
    • Right to modify consent
    • Right to revoke account access

27. Special Categories of Data

We handle special categories of data with additional care:

  • Health-Related Data:
    • Dietary preferences and restrictions
    • Food allergies and intolerances
    • Special handling with explicit consent
    • Additional security measures
  • Processing Requirements:
    • Explicit consent for processing
    • Additional security measures
    • Limited data retention
    • Regular security audits
  • User Rights:
    • Right to withdraw consent
    • Right to request deletion
    • Right to restrict processing
    • Right to object to processing

28. Marketing and Communications

Our policies regarding marketing communications:

  • Marketing Data:
    • Opt-in required for marketing communications
    • Personalized recommendations based on preferences
    • Location-based offers and promotions
    • Restaurant partnership communications
  • User Controls:
    • Easy opt-out options
    • Preference management tools
    • Frequency controls
    • Content type preferences
  • Data Usage:
    • Limited to marketing purposes only
    • No sharing with third parties without consent
    • Regular review of marketing lists
    • Compliance with marketing regulations

29. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at yumscore.contact@gmail.com.

HomeFoodRestaurantsSurprise Me
AboutPrivate policyCookie PolicyTerms & Conditions