TopDishy
+ PostSign In

Privacy Policy

Last updated: April 30, 2026

TopDishy ("we", "us") operates topdishy.com and the TopDishy mobile app. This policy explains what we collect, how we use it, and the controls you have. If you have questions, email [email protected].

1. Information We Collect

1a. Account information

  • Email address and display name.
  • Avatar and short bio, if you upload them.
  • Sign-in identifiers from your chosen provider (Google, Apple, or Facebook). We store the provider name and the provider-issued user ID so we can recognize you on return visits. We do not receive your provider password.
  • Preferred language.

1b. Content you create

  • Reviews (notes, photos, optional receipt image, restaurant transaction ID).
  • Personal stack rankings of dishes within a category.
  • Critic feed posts, if you have a critic subscription.
  • Bookmarks, follows, blocks, and content reports.

1c. Location

We use location only to find dishes and restaurants near you. On the web app, we read the coordinates or area you set and cache them in your browser's local storage so the app remembers your last location. On the mobile app, we ask the operating system for your device's location at the time you use a feature that needs it; we do not store a running history of your movements.

1d. Payments

Subscription payments are processed by Stripe (web), Apple (in-app purchases on iOS), or Google Play (in-app purchases on Android). We do not see or store your full card number. We receive a customer or transaction identifier and the resulting subscription state (active, past due, canceled, current period end) so we can grant access.

1e. Mobile push tokens

If you allow notifications on the mobile app, we register a push token with Expo so we can send you transactional notifications (e.g., a reply to your review). We store the token and platform (iOS or Android). Revoke at any time in your device's notification settings.

1f. Operational data

Our servers log routine request metadata (IP address, user agent, request ID, timestamps) for security, debugging, and abuse prevention. Errors are sent to Sentry with your user ID attached so we can correlate a problem with the account that hit it. Product events (sign up, sign in, review submitted, subscription started) are sent to PostHog so we can understand which features are used.

2. How We Use Information

  • To run the Service: authenticate you, show you nearby dishes, publish your reviews, and compute community rankings.
  • To process subscriptions and in-app purchases.
  • To send transactional messages (sign-in notices, replies, subscription receipts, account-change confirmations). We do not send marketing email.
  • To moderate content and prevent abuse (see Section 5).
  • To debug, secure, and improve the Service through error and product-event telemetry.

3. The Ballot-Box Principle: Your Rankings Are Private

Your individual stack rankings are private by default. Other users, businesses, and our admin tools cannot see how you personally ranked a given dish. Only the aggregated community ranking is public. There are exactly two ways your individual ranking can become visible to someone else:

  • You generate a share link for a category and send it to someone. You can revoke the link at any time.
  • You hold an active critic subscription, in which case rankings you publish under your critic profile are public on-platform.

Reviews you write are public by default and attributed to your display name. Photos you attach to reviews are public. Bookmarks, follows, and your block list are private.

4. Third Parties We Share Data With

We do not sell your personal information. We share specific data with these processors so the Service can function:

  • Google, Apple, Facebook — sign-in. We exchange tokens with whichever provider you chose at sign-up.
  • Stripe — web subscription payments and billing.
  • Apple App Store / Google Play — in-app subscription purchases on mobile.
  • Amazon Web Services — hosting, database, and image storage (S3). Your photos are stored here.
  • AWS Rekognition — automated image moderation. Every uploaded photo is scanned before it is stored.
  • OpenAI — automated text moderation on review notes, and dish-category classification. Review text and dish names are sent for these purposes; we do not send your email or other identifiers.
  • Google Maps Platform — geocoding and map tiles.
  • Sentry — error tracking. Includes user ID and request metadata when an error occurs.
  • PostHog — product analytics. Includes user ID and event metadata.
  • Expo — mobile push-notification delivery.
  • Cloudflare — DNS and edge protection.

We may also disclose information when required by valid legal process or to protect the safety of users or the public.

5. Content Moderation

Photos are scanned by AWS Rekognition before they reach our storage; images flagged for nudity, violence, drugs, hate symbols, or similar prohibited categories are rejected and not stored. Review text is screened by an automated moderation API at the time of submission. You can also report any review, photo, profile, dish, or restaurant from the app, and you can block other users to hide their content from your view.

6. Cookies and Local Storage

The web app stores a sign-in token and your saved location in your browser's local storage, plus an HTTP-only refresh-token cookie used to keep you signed in. We do not use third-party advertising cookies and we do not run ad networks.

7. Your Rights and Controls

  • Access and update. Edit your display name, avatar, bio, and language in Settings.
  • Delete your account. Use the in-app delete option (Settings → Account → Delete account) on web or mobile. Deletion clears your email, display name, avatar, and bio, removes linked sign-in identities, and signs you out everywhere immediately. Your reviews and rankings are retained in a de-identified form so that community rankings and fraud-prevention records remain intact. If you need everything purged for a legal reason, email us.
  • Request a copy of your data. Email [email protected].
  • Push notifications. Toggle in your device's OS settings.
  • Subscription management. Cancel a Stripe subscription from Settings; cancel an Apple or Google in-app subscription from your respective store account.

8. Data Retention

We keep account data while your account is active. After deletion, identifying fields are cleared as described in Section 7. Review and ranking content is retained de-identified because removing it would distort community rankings that other users rely on. Operational logs are kept for a limited period sufficient for debugging and abuse investigation.

9. Security

We use HTTPS in transit, encrypted storage at rest, AWS Secrets Manager for credentials, and private-subnet databases. No system is perfectly secure; if we become aware of an incident affecting your data, we will notify you as required by law.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will remove it.

11. International Use

TopDishy is operated from the United States. If you use the Service from outside the U.S., you understand that your information will be processed in the U.S. and other countries where our service providers operate.

12. Changes to This Policy

We may update this policy. If we make a material change, we will update the date above and, where appropriate, notify you in the app.

13. Contact

Questions, deletion requests, or data-access requests: [email protected].