CraveConnect

Privacy Policy

Last updated: June 13, 2026

CraveConnect ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect when you use craveconnect.app (the "Service"), why we collect it, how we use it, and your rights regarding that information.

By creating an account or using the Service you agree to the practices described in this Policy. If you do not agree, please do not use the Service.


1. Information We Collect

1.1 Account Information

  • Email address — required to create an account and sign in.
  • Display name — the full name you enter at sign-up, shown to other users in multiplayer games and your friends list.
  • Password — stored in hashed form by Supabase (our authentication provider). We never store your plaintext password.
  • Age verification timestamp — the date and time you confirmed you are 13 years of age or older, retained for legal compliance.

1.2 Location Data

The Service can use your device's GPS to provide restaurant recommendations near you. We collect your approximate location only when you explicitly grant permission in your browser. Location access is off by default and is never required to use the core recipe-discovery features.

What we store: We store your city and state (derived from GPS coordinates via a reverse-geocoding lookup). We do not store raw GPS coordinates on our servers beyond the brief API call needed to resolve them.

What we do not do: We do not track your location continuously, sell location data, or share it with advertisers.

1.3 Preferences and Usage

  • Cuisine preferences, dietary restrictions, cooking skill level, and maximum cooking time.
  • Recipe swipes (like / dislike / skip) so the Service can remember your history.
  • Game history — records of solo and multiplayer games you have played.
  • Friend connections — the list of other users you have added as friends.

1.4 Payment Information

Premium subscriptions are processed by Stripe, Inc. We do not store credit card numbers, bank account details, or any other payment card data on our servers. Stripe's privacy policy governs the handling of your payment information: stripe.com/privacy.

1.5 Analytics

We use Vercel Analytics to measure how the Service is used. This data is aggregated and anonymous — it does not identify individual users and does not include personal information.


2. How We Use Your Information

  • To create and manage your account.
  • To personalize the recipes shown to you based on your preferences.
  • To enable multiplayer games and friend features.
  • To provide restaurant recommendations near your location (only if you grant permission).
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (account confirmation, password reset).
  • To comply with legal obligations, including child-privacy laws.
  • To improve and secure the Service using anonymous analytics.

3. Data We Do Not Collect or Sell

  • We do not sell your personal information to any third party.
  • We do not serve targeted or behavioral advertising.
  • We do not store raw GPS coordinates beyond the geocoding lookup.
  • We do not store payment card numbers (handled entirely by Stripe).
  • We do not track you across other websites or apps.

4. Third-Party Services

We share limited data with the following third parties strictly to operate the Service:

  • Supabase — database, authentication, and file storage. Your account data and preferences are stored in Supabase's managed PostgreSQL service hosted in the United States.
  • Spoonacular — recipe data API. Recipe search queries (including your meal-type preference) are sent to Spoonacular to fetch relevant recipes. No personally identifiable information is included in these queries.
  • Stripe — payment processing for Premium subscriptions. Stripe receives billing information you provide at checkout.
  • Vercel — hosting and anonymous analytics.

5. Children's Privacy (COPPA and State Laws)

5.1 Minimum Age

CraveConnect is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@craveconnect.app and we will delete it promptly.

All new users must affirmatively confirm they are 13 or older before accessing the Service. This confirmation is logged with a timestamp for compliance purposes.

5.2 Users Aged 13–17 (California AADC — AB 2273)

The California Age-Appropriate Design Code Act (AB 2273) requires additional protections for users under 18. We implement the following safeguards for all users and specifically for minors:

  • Location is off by default and requires an explicit permission grant.
  • We do not profile users for advertising purposes.
  • We do not use dark patterns or deceptive design to encourage disclosure of personal data.
  • Privacy settings default to the most protective option.
  • We do not sell data of any user, including minors.

Users in states with similar minor-protection laws (including but not limited to Maryland, Texas, Utah, Arkansas, and Indiana) are covered by the same safeguards described above.

5.3 Parental Rights

Parents or legal guardians of users under 18 may request access to, correction of, or deletion of their child's account data by contacting us at support@craveconnect.app.


6. California Privacy Rights (CCPA / CPRA)

California residents have the following rights under the CCPA/CPRA:

  • Right to know — what categories of personal information we collect and for what purpose.
  • Right to delete — request deletion of your personal information, subject to certain exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale / sharing — we do not sell or share personal information, so this right is already satisfied.
  • Right to non-discrimination — we will not discriminate against you for exercising these rights.

To exercise any of these rights, contact us at support@craveconnect.app.


7. Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records retained for tax purposes per applicable law).


8. Data Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and row-level security policies on our database. No system is completely secure, however, and we cannot guarantee absolute security of your information.


9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically.


10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: