Privacy Policy

Effective date: April 5, 2026

DineHunter ("we," "us," or "our") operates the DineHunter website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation. By using our Service, you consent to the practices described in this policy.

1. Information We Collect

We collect personal information that is necessary to provide, improve, and personalize the DineHunter Service. We only collect information for purposes that a reasonable person would consider appropriate in the circumstances.

1.1 Information you provide directly

Account information — your name, email address, and profile photo when you sign in with Google or create an account with email and password.
Password credentials — if you sign up with email and password, we store a bcrypt hash of your password. We never store your plaintext password.
Saved restaurants and visit history — restaurants you save, visits you log, and any notes you attach to those visits.
Reviews — written reviews and ratings you submit about restaurants.
AI mood queries— natural-language descriptions of the dining experience you are looking for (e.g., "cozy Italian place for a date night").
Payment information — billing details you provide when purchasing a subscription. Payment processing is handled entirely by Stripe; DineHunter never receives or stores your credit card number.

1.2 Information collected automatically

Analytics events — page views, restaurant saves, click interactions, mood queries, and share events. These events are tied to your user ID when you are signed in.
Device and browser data — browser type, operating system, screen size, and referral source, collected for analytics and debugging.
IP address — collected for rate-limiting purposes to protect the Service from abuse. IP addresses are not stored long-term.
Geolocation — your approximate geographic coordinates, obtained through the browser Geolocation API with your explicit permission, used to show nearby restaurants on the map. Your location is processed in-browser and is not stored on our servers.

2. How We Use Your Information

We use your personal information only for the purposes identified at or before the time of collection, or for purposes that a reasonable person would consider appropriate. Specifically:

Providing the Service — to create and manage your account, display your saved restaurants and visit history, and publish your reviews.
Personalization — to tailor restaurant recommendations based on your visit history, saved restaurants, and mood queries.
AI-powered search — to process your mood queries through third-party AI providers and return relevant restaurant suggestions.
Analytics and improvement — to understand how the Service is used, identify trends, diagnose technical issues, and improve features.
Payment processing — to facilitate subscription purchases through Stripe.
Communications — to send you transactional emails such as password resets, account notifications, and subscription confirmations.
Security and abuse prevention — to rate-limit API requests, detect fraudulent activity, and protect the integrity of the Service.
Legal compliance — to comply with applicable laws, regulations, or legal processes.

3. AI Data Processing

DineHunter uses artificial intelligence to help you discover restaurants that match your mood and preferences. We want to be transparent about how this works.

3.1 Mood queries

When you enter a mood-based search (for example, "casual brunch spot with outdoor seating"), your query text is sent to third-party AI providers — currently Groq and OpenAI — for natural language processing. These providers use your query solely to generate a response and do not use it to train their models on our behalf. We do not send your name, email, or other identifying information along with your query.

3.2 Personalized recommendations

Your visit history and saved restaurants may be used locally within DineHunter to personalize the results returned by AI searches. This processing occurs on our servers and is not shared with AI providers beyond what is necessary to fulfill the query.

3.3 Data minimization

We follow the principle of data minimization: only the text of your mood query is transmitted to AI providers. We do not share your account details, location, visit history, or other personal information with Groq or OpenAI.

4. Third-Party Services

We rely on trusted third-party services to operate DineHunter. Each provider receives only the minimum data necessary to perform its function. We do not sell your personal information to any third party.

Service	Purpose	Data Shared
Firebase (Google)	Authentication	Email, name, profile photo, authentication tokens
MongoDB Atlas	Database (hosted in Canada)	All account data, reviews, visit history, analytics events
Vercel	Web hosting and serverless functions	Request metadata, IP addresses (transient)
Stripe	Payment processing	Email, billing information (card data is handled directly by Stripe and never touches our servers)
Groq	AI query processing	Mood query text only
OpenAI	AI query processing	Mood query text only
Foursquare	Restaurant data enrichment	Restaurant identifiers and location queries (no user data)
Yelp	Restaurant data enrichment	Restaurant identifiers and location queries (no user data)
Google Places	Restaurant data enrichment	Restaurant identifiers and location queries (no user data)
Resend	Transactional email delivery	Email address, email content

Each third-party service operates under its own privacy policy. We encourage you to review those policies for details on how they handle data.

5. Cookies and Tracking

5.1 What cookies we use

Authentication cookies — session cookies that keep you signed in. These are essential for the Service to function and cannot be disabled while using an account.
Analytics cookies — used to collect anonymized usage data such as page views and feature engagement. These help us understand how DineHunter is used and where to focus improvements.

5.2 Local storage and service worker

We use browser local storage to save your preferences (such as map theme and cached data). A service worker may cache application assets to enable faster loading and limited offline functionality.

5.3 How to opt out

You can manage or delete cookies through your browser settings. Disabling authentication cookies will prevent you from signing in. You can clear local storage data at any time through your browser's developer tools or settings. Most browsers also allow you to block third-party cookies selectively.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Data Type	Retention Period
Account information (name, email, profile photo)	Retained until you delete your account
Password hash	Retained until you delete your account
Saved restaurants and visit history	Retained until you delete your account
Reviews	Retained indefinitely (may persist in anonymized form after account deletion to maintain review integrity)
Analytics events	90 days from the date of collection
IP addresses (rate limiting)	Not stored long-term; held in memory during active rate-limit windows only
Geolocation data	Not stored on our servers; processed in-browser only
Payment records	Managed by Stripe in accordance with their retention policy and applicable tax and financial regulations

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as preventing fraud or resolving disputes).

7. Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights regarding your personal information:

Right of access — you may request a copy of the personal information we hold about you. We will respond to your request within 30 days.
Right of correction — you may request that we correct any inaccurate or incomplete personal information. You can also update your profile information directly through your account settings.
Right of deletion — you may request that we delete your account and all associated personal information. You can do this directly from your profile page or by contacting us.
Right to withdraw consent — you may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawing consent may limit your ability to use certain features of the Service.
Right to complain — if you believe we have handled your personal information improperly, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Office of the Privacy Commissioner of Canada
Website: www.priv.gc.ca
Toll-free: 1-800-282-1376

To exercise any of these rights, contact us at privacy@dinehunter.com. We will verify your identity before processing your request and respond within 30 days.

8. Data Security

We take the protection of your personal information seriously and implement appropriate technical and organizational measures, including:

Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Encryption at rest — data stored in MongoDB Atlas is encrypted at rest using AES-256 encryption.
Secure password storage — passwords are hashed using bcrypt before storage. We never store plaintext passwords.
Canadian data residency — our primary database is hosted on MongoDB Atlas servers located in Canada.
Access controls — access to personal information is restricted to authorized personnel on a need-to-know basis.
No sale of data — we do not sell, rent, or trade your personal information to any third party for marketing or any other purpose.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

DineHunter is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@dinehunter.com, and we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Effective date" at the top of this page.
Post a notice within the DineHunter application for at least 30 days.
For significant changes that affect how we handle your personal information, send an email notification to registered users.

Your continued use of DineHunter after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree with the revised policy, you should stop using the Service and delete your account.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

DineHunter Privacy Officer
Email: privacy@dinehunter.com
Ontario, Canada

We will acknowledge receipt of your inquiry within 2 business days and provide a substantive response within 30 days.