Privacy Policy
Last updated: July 2, 2026
TopDishy ("we", "us") operates topdishy.com and the TopDishy mobile app. This policy explains what we collect, how we use it, and the controls you have. If you have questions, email [email protected].
1. Information We Collect
1a. Account information
- Email address and display name.
- Avatar and short bio, if you upload them.
- Sign-in identifiers from your chosen provider (Google, Apple, or Facebook). We store the provider name and the provider-issued user ID so we can recognize you on return visits. We do not receive your provider password.
- Preferred language.
1b. Content you create
- Reviews (notes, photos, optional receipt image, restaurant transaction ID).
- Personal stack rankings of dishes within a category.
- Critic feed posts, if you have a critic subscription.
- Bookmarks, follows, blocks, and content reports.
1c. Location
We use location only to find dishes and restaurants near you and to order results by distance. When you ask for nearby results, we request your device's precise location (GPS-level coordinates) from your browser or operating system, and use it to determine your city and region. You can decline the location prompt and still use the app by setting a location manually. We cache your last coordinates or chosen area in your browser's local storage so the app remembers them, and we do not store a running history of your movements.
1d. Payments
Subscription payments are processed by Stripe (web), Apple (in-app purchases on iOS), or Google Play (in-app purchases on Android). We do not see or store your full card number. We receive a customer or transaction identifier and the resulting subscription state (active, past due, canceled, current period end) so we can grant access.
1e. Mobile push tokens
If you allow notifications on the mobile app, we register a push token with Expo so we can send you transactional notifications (e.g., a reply to your review). We store the token and platform (iOS or Android). Revoke at any time in your device's notification settings.
1f. Operational data
Our servers log routine request metadata (IP address, user agent, request ID, timestamps) for security, debugging, and abuse prevention. Errors are sent to Sentry with your user ID attached so we can correlate a problem with the account that hit it. Product events (sign up, sign in, review submitted, subscription started) are sent to PostHog so we can understand which features are used.
1g. Phone number (optional — friend finding)
If you choose to find friends by phone from the Find Friends screen, you can add a phone number to your account. We send a one-time verification code to it by SMS, then store the number only as a one-way cryptographic hash — never as plaintext — so we can verify it's yours, keep one account per number, and let friends who already have your number find you. You can turn off phone discoverability, or remove your number entirely, at any time in Settings. Adding a phone number is never required to use TopDishy and is never requested during sign-up or sign-in.
1h. Contacts (optional — on-device matching, not stored)
If you choose "Find friends from contacts," we read the phone numbers in your device's address book on your device and send them to our server for a single, one-time lookup to find which of them already have a TopDishy account. We do not save your contacts. The submitted numbers are used only for that match and are discarded immediately afterward — we do not keep the phone numbers of the people in your address book, and we do not build a social graph from them. On the mobile app this requires the operating-system contacts permission, which you can decline (you can still paste numbers manually). You can also send a friend a pre-filled invite text; the message opens in your own Messages app and is only sent if you send it.
2. How We Use Information
- To run the Service: authenticate you, show you nearby dishes, publish your reviews, and compute community rankings.
- To process subscriptions and in-app purchases.
- To send transactional messages (sign-in notices, replies, subscription receipts, account-change confirmations). We do not send marketing email.
- To moderate content and prevent abuse (see Section 5).
- To debug, secure, and improve the Service through error and product-event telemetry.
3. The Ballot-Box Principle: Your Rankings Are Private
Your individual stack rankings are private by default. Other users, businesses, and our admin tools cannot see how you personally ranked a given dish. Only the aggregated community ranking is public. There are exactly two ways your individual ranking can become visible to someone else:
- You generate a share link for a category and send it to someone. You can revoke the link at any time.
- You hold an active critic subscription, in which case rankings you publish under your critic profile are public on-platform.
Reviews you write are public by default and attributed to your display name. Photos you attach to reviews are public. Bookmarks, follows, and your block list are private.
4. Third Parties We Share Data With
We do not sell your personal information. We share specific data with these processors so the Service can function:
- Google, Apple, Facebook — sign-in. We exchange tokens with whichever provider you chose at sign-up.
- Stripe — web subscription payments and billing.
- Apple App Store / Google Play — in-app subscription purchases on mobile.
- Amazon Web Services — hosting, database, and image storage (S3). Your photos are stored here.
- AWS Rekognition — automated image moderation. Every uploaded photo is scanned before it is stored.
- OpenAI — automated text moderation on review notes, and dish-category classification. Review text and dish names are sent for these purposes; we do not send your email or other identifiers.
- Google Maps Platform — geocoding and map tiles.
- Sentry — error tracking. Includes user ID and request metadata when an error occurs.
- PostHog — product analytics. Includes user ID and event metadata.
- Expo — mobile push-notification delivery.
- AWS End User Messaging — SMS delivery of phone-verification codes, if you add a phone number. Only your own number and the code are sent; your contacts are never sent here.
- Cloudflare — DNS and edge protection.
We may also disclose information when required by valid legal process or to protect the safety of users or the public.
5. Content Moderation
Photos are scanned by AWS Rekognition before they reach our storage; images flagged for nudity, violence, drugs, hate symbols, or similar prohibited categories are rejected and not stored. Review text is screened by an automated moderation API at the time of submission. You can also report any review, photo, profile, dish, or restaurant from the app, and you can block other users to hide their content from your view.
6. Cookies and Local Storage
The web app stores a sign-in token and your saved location in your browser's local storage, plus an HTTP-only refresh-token cookie used to keep you signed in. We do not use third-party advertising cookies and we do not run ad networks.
7. Your Rights and Controls
- Access and update. Edit your display name, avatar, bio, and language in Settings.
- Delete your account. Use the in-app delete option (Settings → Account → Delete account) on web or mobile. Deletion clears your email, display name, avatar, and bio, removes linked sign-in identities, and signs you out everywhere immediately. Your reviews and rankings are retained in a de-identified form so that community rankings and fraud-prevention records remain intact. If you need everything purged for a legal reason, email us.
- Request a copy of your data. Email [email protected].
- Push notifications. Toggle in your device's OS settings.
- Subscription management. Cancel a Stripe subscription from Settings; cancel an Apple or Google in-app subscription from your respective store account.
8. Data Retention
We keep account data while your account is active. After deletion, identifying fields are cleared as described in Section 7. Review and ranking content is retained de-identified because removing it would distort community rankings that other users rely on. Operational logs are kept for a limited period sufficient for debugging and abuse investigation.
9. Security
We use HTTPS in transit, encrypted storage at rest, AWS Secrets Manager for credentials, and private-subnet databases. No system is perfectly secure; if we become aware of an incident affecting your data, we will notify you as required by law.
10. Children
The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will remove it.
11. International Use
TopDishy is operated from the United States. If you use the Service from outside the U.S., you understand that your information will be processed in the U.S. and other countries where our service providers operate.
12. Changes to This Policy
We may update this policy. If we make a material change, we will update the date above and, where appropriate, notify you in the app.
13. Contact
Questions, deletion requests, or data-access requests: [email protected].